1 /* 2 * linux/drivers/s390/crypto/zcrypt_api.c 3 * 4 * zcrypt 2.1.0 5 * 6 * Copyright (C) 2001, 2006 IBM Corporation 7 * Author(s): Robert Burroughs 8 * Eric Rossman (edrossma@us.ibm.com) 9 * Cornelia Huck <cornelia.huck@de.ibm.com> 10 * 11 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com) 12 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com> 13 * Ralph Wuerthner <rwuerthn@de.ibm.com> 14 * 15 * This program is free software; you can redistribute it and/or modify 16 * it under the terms of the GNU General Public License as published by 17 * the Free Software Foundation; either version 2, or (at your option) 18 * any later version. 19 * 20 * This program is distributed in the hope that it will be useful, 21 * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 * GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with this program; if not, write to the Free Software 27 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 28 */ 29 30 #include <linux/module.h> 31 #include <linux/init.h> 32 #include <linux/interrupt.h> 33 #include <linux/miscdevice.h> 34 #include <linux/fs.h> 35 #include <linux/proc_fs.h> 36 #include <linux/seq_file.h> 37 #include <linux/compat.h> 38 #include <linux/smp_lock.h> 39 #include <linux/slab.h> 40 #include <asm/atomic.h> 41 #include <asm/uaccess.h> 42 #include <linux/hw_random.h> 43 44 #include "zcrypt_api.h" 45 46 /* 47 * Module description. 48 */ 49 MODULE_AUTHOR("IBM Corporation"); 50 MODULE_DESCRIPTION("Cryptographic Coprocessor interface, " 51 "Copyright 2001, 2006 IBM Corporation"); 52 MODULE_LICENSE("GPL"); 53 54 static DEFINE_SPINLOCK(zcrypt_device_lock); 55 static LIST_HEAD(zcrypt_device_list); 56 static int zcrypt_device_count = 0; 57 static atomic_t zcrypt_open_count = ATOMIC_INIT(0); 58 59 static int zcrypt_rng_device_add(void); 60 static void zcrypt_rng_device_remove(void); 61 62 /* 63 * Device attributes common for all crypto devices. 64 */ 65 static ssize_t zcrypt_type_show(struct device *dev, 66 struct device_attribute *attr, char *buf) 67 { 68 struct zcrypt_device *zdev = to_ap_dev(dev)->private; 69 return snprintf(buf, PAGE_SIZE, "%s\n", zdev->type_string); 70 } 71 72 static DEVICE_ATTR(type, 0444, zcrypt_type_show, NULL); 73 74 static ssize_t zcrypt_online_show(struct device *dev, 75 struct device_attribute *attr, char *buf) 76 { 77 struct zcrypt_device *zdev = to_ap_dev(dev)->private; 78 return snprintf(buf, PAGE_SIZE, "%d\n", zdev->online); 79 } 80 81 static ssize_t zcrypt_online_store(struct device *dev, 82 struct device_attribute *attr, 83 const char *buf, size_t count) 84 { 85 struct zcrypt_device *zdev = to_ap_dev(dev)->private; 86 int online; 87 88 if (sscanf(buf, "%d\n", &online) != 1 || online < 0 || online > 1) 89 return -EINVAL; 90 zdev->online = online; 91 if (!online) 92 ap_flush_queue(zdev->ap_dev); 93 return count; 94 } 95 96 static DEVICE_ATTR(online, 0644, zcrypt_online_show, zcrypt_online_store); 97 98 static struct attribute * zcrypt_device_attrs[] = { 99 &dev_attr_type.attr, 100 &dev_attr_online.attr, 101 NULL, 102 }; 103 104 static struct attribute_group zcrypt_device_attr_group = { 105 .attrs = zcrypt_device_attrs, 106 }; 107 108 /** 109 * __zcrypt_increase_preference(): Increase preference of a crypto device. 110 * @zdev: Pointer the crypto device 111 * 112 * Move the device towards the head of the device list. 113 * Need to be called while holding the zcrypt device list lock. 114 * Note: cards with speed_rating of 0 are kept at the end of the list. 115 */ 116 static void __zcrypt_increase_preference(struct zcrypt_device *zdev) 117 { 118 struct zcrypt_device *tmp; 119 struct list_head *l; 120 121 if (zdev->speed_rating == 0) 122 return; 123 for (l = zdev->list.prev; l != &zcrypt_device_list; l = l->prev) { 124 tmp = list_entry(l, struct zcrypt_device, list); 125 if ((tmp->request_count + 1) * tmp->speed_rating <= 126 (zdev->request_count + 1) * zdev->speed_rating && 127 tmp->speed_rating != 0) 128 break; 129 } 130 if (l == zdev->list.prev) 131 return; 132 /* Move zdev behind l */ 133 list_move(&zdev->list, l); 134 } 135 136 /** 137 * __zcrypt_decrease_preference(): Decrease preference of a crypto device. 138 * @zdev: Pointer to a crypto device. 139 * 140 * Move the device towards the tail of the device list. 141 * Need to be called while holding the zcrypt device list lock. 142 * Note: cards with speed_rating of 0 are kept at the end of the list. 143 */ 144 static void __zcrypt_decrease_preference(struct zcrypt_device *zdev) 145 { 146 struct zcrypt_device *tmp; 147 struct list_head *l; 148 149 if (zdev->speed_rating == 0) 150 return; 151 for (l = zdev->list.next; l != &zcrypt_device_list; l = l->next) { 152 tmp = list_entry(l, struct zcrypt_device, list); 153 if ((tmp->request_count + 1) * tmp->speed_rating > 154 (zdev->request_count + 1) * zdev->speed_rating || 155 tmp->speed_rating == 0) 156 break; 157 } 158 if (l == zdev->list.next) 159 return; 160 /* Move zdev before l */ 161 list_move_tail(&zdev->list, l); 162 } 163 164 static void zcrypt_device_release(struct kref *kref) 165 { 166 struct zcrypt_device *zdev = 167 container_of(kref, struct zcrypt_device, refcount); 168 zcrypt_device_free(zdev); 169 } 170 171 void zcrypt_device_get(struct zcrypt_device *zdev) 172 { 173 kref_get(&zdev->refcount); 174 } 175 EXPORT_SYMBOL(zcrypt_device_get); 176 177 int zcrypt_device_put(struct zcrypt_device *zdev) 178 { 179 return kref_put(&zdev->refcount, zcrypt_device_release); 180 } 181 EXPORT_SYMBOL(zcrypt_device_put); 182 183 struct zcrypt_device *zcrypt_device_alloc(size_t max_response_size) 184 { 185 struct zcrypt_device *zdev; 186 187 zdev = kzalloc(sizeof(struct zcrypt_device), GFP_KERNEL); 188 if (!zdev) 189 return NULL; 190 zdev->reply.message = kmalloc(max_response_size, GFP_KERNEL); 191 if (!zdev->reply.message) 192 goto out_free; 193 zdev->reply.length = max_response_size; 194 spin_lock_init(&zdev->lock); 195 INIT_LIST_HEAD(&zdev->list); 196 return zdev; 197 198 out_free: 199 kfree(zdev); 200 return NULL; 201 } 202 EXPORT_SYMBOL(zcrypt_device_alloc); 203 204 void zcrypt_device_free(struct zcrypt_device *zdev) 205 { 206 kfree(zdev->reply.message); 207 kfree(zdev); 208 } 209 EXPORT_SYMBOL(zcrypt_device_free); 210 211 /** 212 * zcrypt_device_register() - Register a crypto device. 213 * @zdev: Pointer to a crypto device 214 * 215 * Register a crypto device. Returns 0 if successful. 216 */ 217 int zcrypt_device_register(struct zcrypt_device *zdev) 218 { 219 int rc; 220 221 rc = sysfs_create_group(&zdev->ap_dev->device.kobj, 222 &zcrypt_device_attr_group); 223 if (rc) 224 goto out; 225 get_device(&zdev->ap_dev->device); 226 kref_init(&zdev->refcount); 227 spin_lock_bh(&zcrypt_device_lock); 228 zdev->online = 1; /* New devices are online by default. */ 229 list_add_tail(&zdev->list, &zcrypt_device_list); 230 __zcrypt_increase_preference(zdev); 231 zcrypt_device_count++; 232 spin_unlock_bh(&zcrypt_device_lock); 233 if (zdev->ops->rng) { 234 rc = zcrypt_rng_device_add(); 235 if (rc) 236 goto out_unregister; 237 } 238 return 0; 239 240 out_unregister: 241 spin_lock_bh(&zcrypt_device_lock); 242 zcrypt_device_count--; 243 list_del_init(&zdev->list); 244 spin_unlock_bh(&zcrypt_device_lock); 245 sysfs_remove_group(&zdev->ap_dev->device.kobj, 246 &zcrypt_device_attr_group); 247 put_device(&zdev->ap_dev->device); 248 zcrypt_device_put(zdev); 249 out: 250 return rc; 251 } 252 EXPORT_SYMBOL(zcrypt_device_register); 253 254 /** 255 * zcrypt_device_unregister(): Unregister a crypto device. 256 * @zdev: Pointer to crypto device 257 * 258 * Unregister a crypto device. 259 */ 260 void zcrypt_device_unregister(struct zcrypt_device *zdev) 261 { 262 if (zdev->ops->rng) 263 zcrypt_rng_device_remove(); 264 spin_lock_bh(&zcrypt_device_lock); 265 zcrypt_device_count--; 266 list_del_init(&zdev->list); 267 spin_unlock_bh(&zcrypt_device_lock); 268 sysfs_remove_group(&zdev->ap_dev->device.kobj, 269 &zcrypt_device_attr_group); 270 put_device(&zdev->ap_dev->device); 271 zcrypt_device_put(zdev); 272 } 273 EXPORT_SYMBOL(zcrypt_device_unregister); 274 275 /** 276 * zcrypt_read (): Not supported beyond zcrypt 1.3.1. 277 * 278 * This function is not supported beyond zcrypt 1.3.1. 279 */ 280 static ssize_t zcrypt_read(struct file *filp, char __user *buf, 281 size_t count, loff_t *f_pos) 282 { 283 return -EPERM; 284 } 285 286 /** 287 * zcrypt_write(): Not allowed. 288 * 289 * Write is is not allowed 290 */ 291 static ssize_t zcrypt_write(struct file *filp, const char __user *buf, 292 size_t count, loff_t *f_pos) 293 { 294 return -EPERM; 295 } 296 297 /** 298 * zcrypt_open(): Count number of users. 299 * 300 * Device open function to count number of users. 301 */ 302 static int zcrypt_open(struct inode *inode, struct file *filp) 303 { 304 atomic_inc(&zcrypt_open_count); 305 return nonseekable_open(inode, filp); 306 } 307 308 /** 309 * zcrypt_release(): Count number of users. 310 * 311 * Device close function to count number of users. 312 */ 313 static int zcrypt_release(struct inode *inode, struct file *filp) 314 { 315 atomic_dec(&zcrypt_open_count); 316 return 0; 317 } 318 319 /* 320 * zcrypt ioctls. 321 */ 322 static long zcrypt_rsa_modexpo(struct ica_rsa_modexpo *mex) 323 { 324 struct zcrypt_device *zdev; 325 int rc; 326 327 if (mex->outputdatalength < mex->inputdatalength) 328 return -EINVAL; 329 /* 330 * As long as outputdatalength is big enough, we can set the 331 * outputdatalength equal to the inputdatalength, since that is the 332 * number of bytes we will copy in any case 333 */ 334 mex->outputdatalength = mex->inputdatalength; 335 336 spin_lock_bh(&zcrypt_device_lock); 337 list_for_each_entry(zdev, &zcrypt_device_list, list) { 338 if (!zdev->online || 339 !zdev->ops->rsa_modexpo || 340 zdev->min_mod_size > mex->inputdatalength || 341 zdev->max_mod_size < mex->inputdatalength) 342 continue; 343 zcrypt_device_get(zdev); 344 get_device(&zdev->ap_dev->device); 345 zdev->request_count++; 346 __zcrypt_decrease_preference(zdev); 347 if (try_module_get(zdev->ap_dev->drv->driver.owner)) { 348 spin_unlock_bh(&zcrypt_device_lock); 349 rc = zdev->ops->rsa_modexpo(zdev, mex); 350 spin_lock_bh(&zcrypt_device_lock); 351 module_put(zdev->ap_dev->drv->driver.owner); 352 } 353 else 354 rc = -EAGAIN; 355 zdev->request_count--; 356 __zcrypt_increase_preference(zdev); 357 put_device(&zdev->ap_dev->device); 358 zcrypt_device_put(zdev); 359 spin_unlock_bh(&zcrypt_device_lock); 360 return rc; 361 } 362 spin_unlock_bh(&zcrypt_device_lock); 363 return -ENODEV; 364 } 365 366 static long zcrypt_rsa_crt(struct ica_rsa_modexpo_crt *crt) 367 { 368 struct zcrypt_device *zdev; 369 unsigned long long z1, z2, z3; 370 int rc, copied; 371 372 if (crt->outputdatalength < crt->inputdatalength || 373 (crt->inputdatalength & 1)) 374 return -EINVAL; 375 /* 376 * As long as outputdatalength is big enough, we can set the 377 * outputdatalength equal to the inputdatalength, since that is the 378 * number of bytes we will copy in any case 379 */ 380 crt->outputdatalength = crt->inputdatalength; 381 382 copied = 0; 383 restart: 384 spin_lock_bh(&zcrypt_device_lock); 385 list_for_each_entry(zdev, &zcrypt_device_list, list) { 386 if (!zdev->online || 387 !zdev->ops->rsa_modexpo_crt || 388 zdev->min_mod_size > crt->inputdatalength || 389 zdev->max_mod_size < crt->inputdatalength) 390 continue; 391 if (zdev->short_crt && crt->inputdatalength > 240) { 392 /* 393 * Check inputdata for leading zeros for cards 394 * that can't handle np_prime, bp_key, or 395 * u_mult_inv > 128 bytes. 396 */ 397 if (copied == 0) { 398 unsigned int len; 399 spin_unlock_bh(&zcrypt_device_lock); 400 /* len is max 256 / 2 - 120 = 8 */ 401 len = crt->inputdatalength / 2 - 120; 402 if (len > sizeof(z1)) 403 return -EFAULT; 404 z1 = z2 = z3 = 0; 405 if (copy_from_user(&z1, crt->np_prime, len) || 406 copy_from_user(&z2, crt->bp_key, len) || 407 copy_from_user(&z3, crt->u_mult_inv, len)) 408 return -EFAULT; 409 copied = 1; 410 /* 411 * We have to restart device lookup - 412 * the device list may have changed by now. 413 */ 414 goto restart; 415 } 416 if (z1 != 0ULL || z2 != 0ULL || z3 != 0ULL) 417 /* The device can't handle this request. */ 418 continue; 419 } 420 zcrypt_device_get(zdev); 421 get_device(&zdev->ap_dev->device); 422 zdev->request_count++; 423 __zcrypt_decrease_preference(zdev); 424 if (try_module_get(zdev->ap_dev->drv->driver.owner)) { 425 spin_unlock_bh(&zcrypt_device_lock); 426 rc = zdev->ops->rsa_modexpo_crt(zdev, crt); 427 spin_lock_bh(&zcrypt_device_lock); 428 module_put(zdev->ap_dev->drv->driver.owner); 429 } 430 else 431 rc = -EAGAIN; 432 zdev->request_count--; 433 __zcrypt_increase_preference(zdev); 434 put_device(&zdev->ap_dev->device); 435 zcrypt_device_put(zdev); 436 spin_unlock_bh(&zcrypt_device_lock); 437 return rc; 438 } 439 spin_unlock_bh(&zcrypt_device_lock); 440 return -ENODEV; 441 } 442 443 static long zcrypt_send_cprb(struct ica_xcRB *xcRB) 444 { 445 struct zcrypt_device *zdev; 446 int rc; 447 448 spin_lock_bh(&zcrypt_device_lock); 449 list_for_each_entry(zdev, &zcrypt_device_list, list) { 450 if (!zdev->online || !zdev->ops->send_cprb || 451 (xcRB->user_defined != AUTOSELECT && 452 AP_QID_DEVICE(zdev->ap_dev->qid) != xcRB->user_defined) 453 ) 454 continue; 455 zcrypt_device_get(zdev); 456 get_device(&zdev->ap_dev->device); 457 zdev->request_count++; 458 __zcrypt_decrease_preference(zdev); 459 if (try_module_get(zdev->ap_dev->drv->driver.owner)) { 460 spin_unlock_bh(&zcrypt_device_lock); 461 rc = zdev->ops->send_cprb(zdev, xcRB); 462 spin_lock_bh(&zcrypt_device_lock); 463 module_put(zdev->ap_dev->drv->driver.owner); 464 } 465 else 466 rc = -EAGAIN; 467 zdev->request_count--; 468 __zcrypt_increase_preference(zdev); 469 put_device(&zdev->ap_dev->device); 470 zcrypt_device_put(zdev); 471 spin_unlock_bh(&zcrypt_device_lock); 472 return rc; 473 } 474 spin_unlock_bh(&zcrypt_device_lock); 475 return -ENODEV; 476 } 477 478 static long zcrypt_rng(char *buffer) 479 { 480 struct zcrypt_device *zdev; 481 int rc; 482 483 spin_lock_bh(&zcrypt_device_lock); 484 list_for_each_entry(zdev, &zcrypt_device_list, list) { 485 if (!zdev->online || !zdev->ops->rng) 486 continue; 487 zcrypt_device_get(zdev); 488 get_device(&zdev->ap_dev->device); 489 zdev->request_count++; 490 __zcrypt_decrease_preference(zdev); 491 if (try_module_get(zdev->ap_dev->drv->driver.owner)) { 492 spin_unlock_bh(&zcrypt_device_lock); 493 rc = zdev->ops->rng(zdev, buffer); 494 spin_lock_bh(&zcrypt_device_lock); 495 module_put(zdev->ap_dev->drv->driver.owner); 496 } else 497 rc = -EAGAIN; 498 zdev->request_count--; 499 __zcrypt_increase_preference(zdev); 500 put_device(&zdev->ap_dev->device); 501 zcrypt_device_put(zdev); 502 spin_unlock_bh(&zcrypt_device_lock); 503 return rc; 504 } 505 spin_unlock_bh(&zcrypt_device_lock); 506 return -ENODEV; 507 } 508 509 static void zcrypt_status_mask(char status[AP_DEVICES]) 510 { 511 struct zcrypt_device *zdev; 512 513 memset(status, 0, sizeof(char) * AP_DEVICES); 514 spin_lock_bh(&zcrypt_device_lock); 515 list_for_each_entry(zdev, &zcrypt_device_list, list) 516 status[AP_QID_DEVICE(zdev->ap_dev->qid)] = 517 zdev->online ? zdev->user_space_type : 0x0d; 518 spin_unlock_bh(&zcrypt_device_lock); 519 } 520 521 static void zcrypt_qdepth_mask(char qdepth[AP_DEVICES]) 522 { 523 struct zcrypt_device *zdev; 524 525 memset(qdepth, 0, sizeof(char) * AP_DEVICES); 526 spin_lock_bh(&zcrypt_device_lock); 527 list_for_each_entry(zdev, &zcrypt_device_list, list) { 528 spin_lock(&zdev->ap_dev->lock); 529 qdepth[AP_QID_DEVICE(zdev->ap_dev->qid)] = 530 zdev->ap_dev->pendingq_count + 531 zdev->ap_dev->requestq_count; 532 spin_unlock(&zdev->ap_dev->lock); 533 } 534 spin_unlock_bh(&zcrypt_device_lock); 535 } 536 537 static void zcrypt_perdev_reqcnt(int reqcnt[AP_DEVICES]) 538 { 539 struct zcrypt_device *zdev; 540 541 memset(reqcnt, 0, sizeof(int) * AP_DEVICES); 542 spin_lock_bh(&zcrypt_device_lock); 543 list_for_each_entry(zdev, &zcrypt_device_list, list) { 544 spin_lock(&zdev->ap_dev->lock); 545 reqcnt[AP_QID_DEVICE(zdev->ap_dev->qid)] = 546 zdev->ap_dev->total_request_count; 547 spin_unlock(&zdev->ap_dev->lock); 548 } 549 spin_unlock_bh(&zcrypt_device_lock); 550 } 551 552 static int zcrypt_pendingq_count(void) 553 { 554 struct zcrypt_device *zdev; 555 int pendingq_count = 0; 556 557 spin_lock_bh(&zcrypt_device_lock); 558 list_for_each_entry(zdev, &zcrypt_device_list, list) { 559 spin_lock(&zdev->ap_dev->lock); 560 pendingq_count += zdev->ap_dev->pendingq_count; 561 spin_unlock(&zdev->ap_dev->lock); 562 } 563 spin_unlock_bh(&zcrypt_device_lock); 564 return pendingq_count; 565 } 566 567 static int zcrypt_requestq_count(void) 568 { 569 struct zcrypt_device *zdev; 570 int requestq_count = 0; 571 572 spin_lock_bh(&zcrypt_device_lock); 573 list_for_each_entry(zdev, &zcrypt_device_list, list) { 574 spin_lock(&zdev->ap_dev->lock); 575 requestq_count += zdev->ap_dev->requestq_count; 576 spin_unlock(&zdev->ap_dev->lock); 577 } 578 spin_unlock_bh(&zcrypt_device_lock); 579 return requestq_count; 580 } 581 582 static int zcrypt_count_type(int type) 583 { 584 struct zcrypt_device *zdev; 585 int device_count = 0; 586 587 spin_lock_bh(&zcrypt_device_lock); 588 list_for_each_entry(zdev, &zcrypt_device_list, list) 589 if (zdev->user_space_type == type) 590 device_count++; 591 spin_unlock_bh(&zcrypt_device_lock); 592 return device_count; 593 } 594 595 /** 596 * zcrypt_ica_status(): Old, depracted combi status call. 597 * 598 * Old, deprecated combi status call. 599 */ 600 static long zcrypt_ica_status(struct file *filp, unsigned long arg) 601 { 602 struct ica_z90_status *pstat; 603 int ret; 604 605 pstat = kzalloc(sizeof(*pstat), GFP_KERNEL); 606 if (!pstat) 607 return -ENOMEM; 608 pstat->totalcount = zcrypt_device_count; 609 pstat->leedslitecount = zcrypt_count_type(ZCRYPT_PCICA); 610 pstat->leeds2count = zcrypt_count_type(ZCRYPT_PCICC); 611 pstat->requestqWaitCount = zcrypt_requestq_count(); 612 pstat->pendingqWaitCount = zcrypt_pendingq_count(); 613 pstat->totalOpenCount = atomic_read(&zcrypt_open_count); 614 pstat->cryptoDomain = ap_domain_index; 615 zcrypt_status_mask(pstat->status); 616 zcrypt_qdepth_mask(pstat->qdepth); 617 ret = 0; 618 if (copy_to_user((void __user *) arg, pstat, sizeof(*pstat))) 619 ret = -EFAULT; 620 kfree(pstat); 621 return ret; 622 } 623 624 static long zcrypt_unlocked_ioctl(struct file *filp, unsigned int cmd, 625 unsigned long arg) 626 { 627 int rc; 628 629 switch (cmd) { 630 case ICARSAMODEXPO: { 631 struct ica_rsa_modexpo __user *umex = (void __user *) arg; 632 struct ica_rsa_modexpo mex; 633 if (copy_from_user(&mex, umex, sizeof(mex))) 634 return -EFAULT; 635 do { 636 rc = zcrypt_rsa_modexpo(&mex); 637 } while (rc == -EAGAIN); 638 if (rc) 639 return rc; 640 return put_user(mex.outputdatalength, &umex->outputdatalength); 641 } 642 case ICARSACRT: { 643 struct ica_rsa_modexpo_crt __user *ucrt = (void __user *) arg; 644 struct ica_rsa_modexpo_crt crt; 645 if (copy_from_user(&crt, ucrt, sizeof(crt))) 646 return -EFAULT; 647 do { 648 rc = zcrypt_rsa_crt(&crt); 649 } while (rc == -EAGAIN); 650 if (rc) 651 return rc; 652 return put_user(crt.outputdatalength, &ucrt->outputdatalength); 653 } 654 case ZSECSENDCPRB: { 655 struct ica_xcRB __user *uxcRB = (void __user *) arg; 656 struct ica_xcRB xcRB; 657 if (copy_from_user(&xcRB, uxcRB, sizeof(xcRB))) 658 return -EFAULT; 659 do { 660 rc = zcrypt_send_cprb(&xcRB); 661 } while (rc == -EAGAIN); 662 if (copy_to_user(uxcRB, &xcRB, sizeof(xcRB))) 663 return -EFAULT; 664 return rc; 665 } 666 case Z90STAT_STATUS_MASK: { 667 char status[AP_DEVICES]; 668 zcrypt_status_mask(status); 669 if (copy_to_user((char __user *) arg, status, 670 sizeof(char) * AP_DEVICES)) 671 return -EFAULT; 672 return 0; 673 } 674 case Z90STAT_QDEPTH_MASK: { 675 char qdepth[AP_DEVICES]; 676 zcrypt_qdepth_mask(qdepth); 677 if (copy_to_user((char __user *) arg, qdepth, 678 sizeof(char) * AP_DEVICES)) 679 return -EFAULT; 680 return 0; 681 } 682 case Z90STAT_PERDEV_REQCNT: { 683 int reqcnt[AP_DEVICES]; 684 zcrypt_perdev_reqcnt(reqcnt); 685 if (copy_to_user((int __user *) arg, reqcnt, 686 sizeof(int) * AP_DEVICES)) 687 return -EFAULT; 688 return 0; 689 } 690 case Z90STAT_REQUESTQ_COUNT: 691 return put_user(zcrypt_requestq_count(), (int __user *) arg); 692 case Z90STAT_PENDINGQ_COUNT: 693 return put_user(zcrypt_pendingq_count(), (int __user *) arg); 694 case Z90STAT_TOTALOPEN_COUNT: 695 return put_user(atomic_read(&zcrypt_open_count), 696 (int __user *) arg); 697 case Z90STAT_DOMAIN_INDEX: 698 return put_user(ap_domain_index, (int __user *) arg); 699 /* 700 * Deprecated ioctls. Don't add another device count ioctl, 701 * you can count them yourself in the user space with the 702 * output of the Z90STAT_STATUS_MASK ioctl. 703 */ 704 case ICAZ90STATUS: 705 return zcrypt_ica_status(filp, arg); 706 case Z90STAT_TOTALCOUNT: 707 return put_user(zcrypt_device_count, (int __user *) arg); 708 case Z90STAT_PCICACOUNT: 709 return put_user(zcrypt_count_type(ZCRYPT_PCICA), 710 (int __user *) arg); 711 case Z90STAT_PCICCCOUNT: 712 return put_user(zcrypt_count_type(ZCRYPT_PCICC), 713 (int __user *) arg); 714 case Z90STAT_PCIXCCMCL2COUNT: 715 return put_user(zcrypt_count_type(ZCRYPT_PCIXCC_MCL2), 716 (int __user *) arg); 717 case Z90STAT_PCIXCCMCL3COUNT: 718 return put_user(zcrypt_count_type(ZCRYPT_PCIXCC_MCL3), 719 (int __user *) arg); 720 case Z90STAT_PCIXCCCOUNT: 721 return put_user(zcrypt_count_type(ZCRYPT_PCIXCC_MCL2) + 722 zcrypt_count_type(ZCRYPT_PCIXCC_MCL3), 723 (int __user *) arg); 724 case Z90STAT_CEX2CCOUNT: 725 return put_user(zcrypt_count_type(ZCRYPT_CEX2C), 726 (int __user *) arg); 727 case Z90STAT_CEX2ACOUNT: 728 return put_user(zcrypt_count_type(ZCRYPT_CEX2A), 729 (int __user *) arg); 730 default: 731 /* unknown ioctl number */ 732 return -ENOIOCTLCMD; 733 } 734 } 735 736 #ifdef CONFIG_COMPAT 737 /* 738 * ioctl32 conversion routines 739 */ 740 struct compat_ica_rsa_modexpo { 741 compat_uptr_t inputdata; 742 unsigned int inputdatalength; 743 compat_uptr_t outputdata; 744 unsigned int outputdatalength; 745 compat_uptr_t b_key; 746 compat_uptr_t n_modulus; 747 }; 748 749 static long trans_modexpo32(struct file *filp, unsigned int cmd, 750 unsigned long arg) 751 { 752 struct compat_ica_rsa_modexpo __user *umex32 = compat_ptr(arg); 753 struct compat_ica_rsa_modexpo mex32; 754 struct ica_rsa_modexpo mex64; 755 long rc; 756 757 if (copy_from_user(&mex32, umex32, sizeof(mex32))) 758 return -EFAULT; 759 mex64.inputdata = compat_ptr(mex32.inputdata); 760 mex64.inputdatalength = mex32.inputdatalength; 761 mex64.outputdata = compat_ptr(mex32.outputdata); 762 mex64.outputdatalength = mex32.outputdatalength; 763 mex64.b_key = compat_ptr(mex32.b_key); 764 mex64.n_modulus = compat_ptr(mex32.n_modulus); 765 do { 766 rc = zcrypt_rsa_modexpo(&mex64); 767 } while (rc == -EAGAIN); 768 if (!rc) 769 rc = put_user(mex64.outputdatalength, 770 &umex32->outputdatalength); 771 return rc; 772 } 773 774 struct compat_ica_rsa_modexpo_crt { 775 compat_uptr_t inputdata; 776 unsigned int inputdatalength; 777 compat_uptr_t outputdata; 778 unsigned int outputdatalength; 779 compat_uptr_t bp_key; 780 compat_uptr_t bq_key; 781 compat_uptr_t np_prime; 782 compat_uptr_t nq_prime; 783 compat_uptr_t u_mult_inv; 784 }; 785 786 static long trans_modexpo_crt32(struct file *filp, unsigned int cmd, 787 unsigned long arg) 788 { 789 struct compat_ica_rsa_modexpo_crt __user *ucrt32 = compat_ptr(arg); 790 struct compat_ica_rsa_modexpo_crt crt32; 791 struct ica_rsa_modexpo_crt crt64; 792 long rc; 793 794 if (copy_from_user(&crt32, ucrt32, sizeof(crt32))) 795 return -EFAULT; 796 crt64.inputdata = compat_ptr(crt32.inputdata); 797 crt64.inputdatalength = crt32.inputdatalength; 798 crt64.outputdata= compat_ptr(crt32.outputdata); 799 crt64.outputdatalength = crt32.outputdatalength; 800 crt64.bp_key = compat_ptr(crt32.bp_key); 801 crt64.bq_key = compat_ptr(crt32.bq_key); 802 crt64.np_prime = compat_ptr(crt32.np_prime); 803 crt64.nq_prime = compat_ptr(crt32.nq_prime); 804 crt64.u_mult_inv = compat_ptr(crt32.u_mult_inv); 805 do { 806 rc = zcrypt_rsa_crt(&crt64); 807 } while (rc == -EAGAIN); 808 if (!rc) 809 rc = put_user(crt64.outputdatalength, 810 &ucrt32->outputdatalength); 811 return rc; 812 } 813 814 struct compat_ica_xcRB { 815 unsigned short agent_ID; 816 unsigned int user_defined; 817 unsigned short request_ID; 818 unsigned int request_control_blk_length; 819 unsigned char padding1[16 - sizeof (compat_uptr_t)]; 820 compat_uptr_t request_control_blk_addr; 821 unsigned int request_data_length; 822 char padding2[16 - sizeof (compat_uptr_t)]; 823 compat_uptr_t request_data_address; 824 unsigned int reply_control_blk_length; 825 char padding3[16 - sizeof (compat_uptr_t)]; 826 compat_uptr_t reply_control_blk_addr; 827 unsigned int reply_data_length; 828 char padding4[16 - sizeof (compat_uptr_t)]; 829 compat_uptr_t reply_data_addr; 830 unsigned short priority_window; 831 unsigned int status; 832 } __attribute__((packed)); 833 834 static long trans_xcRB32(struct file *filp, unsigned int cmd, 835 unsigned long arg) 836 { 837 struct compat_ica_xcRB __user *uxcRB32 = compat_ptr(arg); 838 struct compat_ica_xcRB xcRB32; 839 struct ica_xcRB xcRB64; 840 long rc; 841 842 if (copy_from_user(&xcRB32, uxcRB32, sizeof(xcRB32))) 843 return -EFAULT; 844 xcRB64.agent_ID = xcRB32.agent_ID; 845 xcRB64.user_defined = xcRB32.user_defined; 846 xcRB64.request_ID = xcRB32.request_ID; 847 xcRB64.request_control_blk_length = 848 xcRB32.request_control_blk_length; 849 xcRB64.request_control_blk_addr = 850 compat_ptr(xcRB32.request_control_blk_addr); 851 xcRB64.request_data_length = 852 xcRB32.request_data_length; 853 xcRB64.request_data_address = 854 compat_ptr(xcRB32.request_data_address); 855 xcRB64.reply_control_blk_length = 856 xcRB32.reply_control_blk_length; 857 xcRB64.reply_control_blk_addr = 858 compat_ptr(xcRB32.reply_control_blk_addr); 859 xcRB64.reply_data_length = xcRB32.reply_data_length; 860 xcRB64.reply_data_addr = 861 compat_ptr(xcRB32.reply_data_addr); 862 xcRB64.priority_window = xcRB32.priority_window; 863 xcRB64.status = xcRB32.status; 864 do { 865 rc = zcrypt_send_cprb(&xcRB64); 866 } while (rc == -EAGAIN); 867 xcRB32.reply_control_blk_length = xcRB64.reply_control_blk_length; 868 xcRB32.reply_data_length = xcRB64.reply_data_length; 869 xcRB32.status = xcRB64.status; 870 if (copy_to_user(uxcRB32, &xcRB32, sizeof(xcRB32))) 871 return -EFAULT; 872 return rc; 873 } 874 875 static long zcrypt_compat_ioctl(struct file *filp, unsigned int cmd, 876 unsigned long arg) 877 { 878 if (cmd == ICARSAMODEXPO) 879 return trans_modexpo32(filp, cmd, arg); 880 if (cmd == ICARSACRT) 881 return trans_modexpo_crt32(filp, cmd, arg); 882 if (cmd == ZSECSENDCPRB) 883 return trans_xcRB32(filp, cmd, arg); 884 return zcrypt_unlocked_ioctl(filp, cmd, arg); 885 } 886 #endif 887 888 /* 889 * Misc device file operations. 890 */ 891 static const struct file_operations zcrypt_fops = { 892 .owner = THIS_MODULE, 893 .read = zcrypt_read, 894 .write = zcrypt_write, 895 .unlocked_ioctl = zcrypt_unlocked_ioctl, 896 #ifdef CONFIG_COMPAT 897 .compat_ioctl = zcrypt_compat_ioctl, 898 #endif 899 .open = zcrypt_open, 900 .release = zcrypt_release 901 }; 902 903 /* 904 * Misc device. 905 */ 906 static struct miscdevice zcrypt_misc_device = { 907 .minor = MISC_DYNAMIC_MINOR, 908 .name = "z90crypt", 909 .fops = &zcrypt_fops, 910 }; 911 912 /* 913 * Deprecated /proc entry support. 914 */ 915 static struct proc_dir_entry *zcrypt_entry; 916 917 static void sprintcl(struct seq_file *m, unsigned char *addr, unsigned int len) 918 { 919 int i; 920 921 for (i = 0; i < len; i++) 922 seq_printf(m, "%01x", (unsigned int) addr[i]); 923 seq_putc(m, ' '); 924 } 925 926 static void sprintrw(struct seq_file *m, unsigned char *addr, unsigned int len) 927 { 928 int inl, c, cx; 929 930 seq_printf(m, " "); 931 inl = 0; 932 for (c = 0; c < (len / 16); c++) { 933 sprintcl(m, addr+inl, 16); 934 inl += 16; 935 } 936 cx = len%16; 937 if (cx) { 938 sprintcl(m, addr+inl, cx); 939 inl += cx; 940 } 941 seq_putc(m, '\n'); 942 } 943 944 static void sprinthx(unsigned char *title, struct seq_file *m, 945 unsigned char *addr, unsigned int len) 946 { 947 int inl, r, rx; 948 949 seq_printf(m, "\n%s\n", title); 950 inl = 0; 951 for (r = 0; r < (len / 64); r++) { 952 sprintrw(m, addr+inl, 64); 953 inl += 64; 954 } 955 rx = len % 64; 956 if (rx) { 957 sprintrw(m, addr+inl, rx); 958 inl += rx; 959 } 960 seq_putc(m, '\n'); 961 } 962 963 static void sprinthx4(unsigned char *title, struct seq_file *m, 964 unsigned int *array, unsigned int len) 965 { 966 int r; 967 968 seq_printf(m, "\n%s\n", title); 969 for (r = 0; r < len; r++) { 970 if ((r % 8) == 0) 971 seq_printf(m, " "); 972 seq_printf(m, "%08X ", array[r]); 973 if ((r % 8) == 7) 974 seq_putc(m, '\n'); 975 } 976 seq_putc(m, '\n'); 977 } 978 979 static int zcrypt_proc_show(struct seq_file *m, void *v) 980 { 981 char workarea[sizeof(int) * AP_DEVICES]; 982 983 seq_printf(m, "\nzcrypt version: %d.%d.%d\n", 984 ZCRYPT_VERSION, ZCRYPT_RELEASE, ZCRYPT_VARIANT); 985 seq_printf(m, "Cryptographic domain: %d\n", ap_domain_index); 986 seq_printf(m, "Total device count: %d\n", zcrypt_device_count); 987 seq_printf(m, "PCICA count: %d\n", zcrypt_count_type(ZCRYPT_PCICA)); 988 seq_printf(m, "PCICC count: %d\n", zcrypt_count_type(ZCRYPT_PCICC)); 989 seq_printf(m, "PCIXCC MCL2 count: %d\n", 990 zcrypt_count_type(ZCRYPT_PCIXCC_MCL2)); 991 seq_printf(m, "PCIXCC MCL3 count: %d\n", 992 zcrypt_count_type(ZCRYPT_PCIXCC_MCL3)); 993 seq_printf(m, "CEX2C count: %d\n", zcrypt_count_type(ZCRYPT_CEX2C)); 994 seq_printf(m, "CEX2A count: %d\n", zcrypt_count_type(ZCRYPT_CEX2A)); 995 seq_printf(m, "CEX3C count: %d\n", zcrypt_count_type(ZCRYPT_CEX3C)); 996 seq_printf(m, "CEX3A count: %d\n", zcrypt_count_type(ZCRYPT_CEX3A)); 997 seq_printf(m, "requestq count: %d\n", zcrypt_requestq_count()); 998 seq_printf(m, "pendingq count: %d\n", zcrypt_pendingq_count()); 999 seq_printf(m, "Total open handles: %d\n\n", 1000 atomic_read(&zcrypt_open_count)); 1001 zcrypt_status_mask(workarea); 1002 sprinthx("Online devices: 1=PCICA 2=PCICC 3=PCIXCC(MCL2) " 1003 "4=PCIXCC(MCL3) 5=CEX2C 6=CEX2A 7=CEX3C 8=CEX3A", 1004 m, workarea, AP_DEVICES); 1005 zcrypt_qdepth_mask(workarea); 1006 sprinthx("Waiting work element counts", m, workarea, AP_DEVICES); 1007 zcrypt_perdev_reqcnt((int *) workarea); 1008 sprinthx4("Per-device successfully completed request counts", 1009 m, (unsigned int *) workarea, AP_DEVICES); 1010 return 0; 1011 } 1012 1013 static int zcrypt_proc_open(struct inode *inode, struct file *file) 1014 { 1015 return single_open(file, zcrypt_proc_show, NULL); 1016 } 1017 1018 static void zcrypt_disable_card(int index) 1019 { 1020 struct zcrypt_device *zdev; 1021 1022 spin_lock_bh(&zcrypt_device_lock); 1023 list_for_each_entry(zdev, &zcrypt_device_list, list) 1024 if (AP_QID_DEVICE(zdev->ap_dev->qid) == index) { 1025 zdev->online = 0; 1026 ap_flush_queue(zdev->ap_dev); 1027 break; 1028 } 1029 spin_unlock_bh(&zcrypt_device_lock); 1030 } 1031 1032 static void zcrypt_enable_card(int index) 1033 { 1034 struct zcrypt_device *zdev; 1035 1036 spin_lock_bh(&zcrypt_device_lock); 1037 list_for_each_entry(zdev, &zcrypt_device_list, list) 1038 if (AP_QID_DEVICE(zdev->ap_dev->qid) == index) { 1039 zdev->online = 1; 1040 break; 1041 } 1042 spin_unlock_bh(&zcrypt_device_lock); 1043 } 1044 1045 static ssize_t zcrypt_proc_write(struct file *file, const char __user *buffer, 1046 size_t count, loff_t *pos) 1047 { 1048 unsigned char *lbuf, *ptr; 1049 size_t local_count; 1050 int j; 1051 1052 if (count <= 0) 1053 return 0; 1054 1055 #define LBUFSIZE 1200UL 1056 lbuf = kmalloc(LBUFSIZE, GFP_KERNEL); 1057 if (!lbuf) 1058 return 0; 1059 1060 local_count = min(LBUFSIZE - 1, count); 1061 if (copy_from_user(lbuf, buffer, local_count) != 0) { 1062 kfree(lbuf); 1063 return -EFAULT; 1064 } 1065 lbuf[local_count] = '\0'; 1066 1067 ptr = strstr(lbuf, "Online devices"); 1068 if (!ptr) 1069 goto out; 1070 ptr = strstr(ptr, "\n"); 1071 if (!ptr) 1072 goto out; 1073 ptr++; 1074 1075 if (strstr(ptr, "Waiting work element counts") == NULL) 1076 goto out; 1077 1078 for (j = 0; j < 64 && *ptr; ptr++) { 1079 /* 1080 * '0' for no device, '1' for PCICA, '2' for PCICC, 1081 * '3' for PCIXCC_MCL2, '4' for PCIXCC_MCL3, 1082 * '5' for CEX2C and '6' for CEX2A' 1083 * '7' for CEX3C and '8' for CEX3A 1084 */ 1085 if (*ptr >= '0' && *ptr <= '8') 1086 j++; 1087 else if (*ptr == 'd' || *ptr == 'D') 1088 zcrypt_disable_card(j++); 1089 else if (*ptr == 'e' || *ptr == 'E') 1090 zcrypt_enable_card(j++); 1091 else if (*ptr != ' ' && *ptr != '\t') 1092 break; 1093 } 1094 out: 1095 kfree(lbuf); 1096 return count; 1097 } 1098 1099 static const struct file_operations zcrypt_proc_fops = { 1100 .owner = THIS_MODULE, 1101 .open = zcrypt_proc_open, 1102 .read = seq_read, 1103 .llseek = seq_lseek, 1104 .release = single_release, 1105 .write = zcrypt_proc_write, 1106 }; 1107 1108 static int zcrypt_rng_device_count; 1109 static u32 *zcrypt_rng_buffer; 1110 static int zcrypt_rng_buffer_index; 1111 static DEFINE_MUTEX(zcrypt_rng_mutex); 1112 1113 static int zcrypt_rng_data_read(struct hwrng *rng, u32 *data) 1114 { 1115 int rc; 1116 1117 /* 1118 * We don't need locking here because the RNG API guarantees serialized 1119 * read method calls. 1120 */ 1121 if (zcrypt_rng_buffer_index == 0) { 1122 rc = zcrypt_rng((char *) zcrypt_rng_buffer); 1123 if (rc < 0) 1124 return -EIO; 1125 zcrypt_rng_buffer_index = rc / sizeof *data; 1126 } 1127 *data = zcrypt_rng_buffer[--zcrypt_rng_buffer_index]; 1128 return sizeof *data; 1129 } 1130 1131 static struct hwrng zcrypt_rng_dev = { 1132 .name = "zcrypt", 1133 .data_read = zcrypt_rng_data_read, 1134 }; 1135 1136 static int zcrypt_rng_device_add(void) 1137 { 1138 int rc = 0; 1139 1140 mutex_lock(&zcrypt_rng_mutex); 1141 if (zcrypt_rng_device_count == 0) { 1142 zcrypt_rng_buffer = (u32 *) get_zeroed_page(GFP_KERNEL); 1143 if (!zcrypt_rng_buffer) { 1144 rc = -ENOMEM; 1145 goto out; 1146 } 1147 zcrypt_rng_buffer_index = 0; 1148 rc = hwrng_register(&zcrypt_rng_dev); 1149 if (rc) 1150 goto out_free; 1151 zcrypt_rng_device_count = 1; 1152 } else 1153 zcrypt_rng_device_count++; 1154 mutex_unlock(&zcrypt_rng_mutex); 1155 return 0; 1156 1157 out_free: 1158 free_page((unsigned long) zcrypt_rng_buffer); 1159 out: 1160 mutex_unlock(&zcrypt_rng_mutex); 1161 return rc; 1162 } 1163 1164 static void zcrypt_rng_device_remove(void) 1165 { 1166 mutex_lock(&zcrypt_rng_mutex); 1167 zcrypt_rng_device_count--; 1168 if (zcrypt_rng_device_count == 0) { 1169 hwrng_unregister(&zcrypt_rng_dev); 1170 free_page((unsigned long) zcrypt_rng_buffer); 1171 } 1172 mutex_unlock(&zcrypt_rng_mutex); 1173 } 1174 1175 /** 1176 * zcrypt_api_init(): Module initialization. 1177 * 1178 * The module initialization code. 1179 */ 1180 int __init zcrypt_api_init(void) 1181 { 1182 int rc; 1183 1184 /* Register the request sprayer. */ 1185 rc = misc_register(&zcrypt_misc_device); 1186 if (rc < 0) 1187 goto out; 1188 1189 /* Set up the proc file system */ 1190 zcrypt_entry = proc_create("driver/z90crypt", 0644, NULL, &zcrypt_proc_fops); 1191 if (!zcrypt_entry) { 1192 rc = -ENOMEM; 1193 goto out_misc; 1194 } 1195 1196 return 0; 1197 1198 out_misc: 1199 misc_deregister(&zcrypt_misc_device); 1200 out: 1201 return rc; 1202 } 1203 1204 /** 1205 * zcrypt_api_exit(): Module termination. 1206 * 1207 * The module termination code. 1208 */ 1209 void zcrypt_api_exit(void) 1210 { 1211 remove_proc_entry("driver/z90crypt", NULL); 1212 misc_deregister(&zcrypt_misc_device); 1213 } 1214 1215 #ifndef CONFIG_ZCRYPT_MONOLITHIC 1216 module_init(zcrypt_api_init); 1217 module_exit(zcrypt_api_exit); 1218 #endif 1219