1 /* 2 * linux/drivers/s390/crypto/zcrypt_api.c 3 * 4 * zcrypt 2.1.0 5 * 6 * Copyright (C) 2001, 2006 IBM Corporation 7 * Author(s): Robert Burroughs 8 * Eric Rossman (edrossma@us.ibm.com) 9 * Cornelia Huck <cornelia.huck@de.ibm.com> 10 * 11 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com) 12 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com> 13 * Ralph Wuerthner <rwuerthn@de.ibm.com> 14 * 15 * This program is free software; you can redistribute it and/or modify 16 * it under the terms of the GNU General Public License as published by 17 * the Free Software Foundation; either version 2, or (at your option) 18 * any later version. 19 * 20 * This program is distributed in the hope that it will be useful, 21 * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 * GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with this program; if not, write to the Free Software 27 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 28 */ 29 30 #include <linux/module.h> 31 #include <linux/init.h> 32 #include <linux/interrupt.h> 33 #include <linux/miscdevice.h> 34 #include <linux/fs.h> 35 #include <linux/proc_fs.h> 36 #include <linux/compat.h> 37 #include <linux/smp_lock.h> 38 #include <asm/atomic.h> 39 #include <asm/uaccess.h> 40 #include <linux/hw_random.h> 41 42 #include "zcrypt_api.h" 43 44 /* 45 * Module description. 46 */ 47 MODULE_AUTHOR("IBM Corporation"); 48 MODULE_DESCRIPTION("Cryptographic Coprocessor interface, " 49 "Copyright 2001, 2006 IBM Corporation"); 50 MODULE_LICENSE("GPL"); 51 52 static DEFINE_SPINLOCK(zcrypt_device_lock); 53 static LIST_HEAD(zcrypt_device_list); 54 static int zcrypt_device_count = 0; 55 static atomic_t zcrypt_open_count = ATOMIC_INIT(0); 56 57 static int zcrypt_rng_device_add(void); 58 static void zcrypt_rng_device_remove(void); 59 60 /* 61 * Device attributes common for all crypto devices. 62 */ 63 static ssize_t zcrypt_type_show(struct device *dev, 64 struct device_attribute *attr, char *buf) 65 { 66 struct zcrypt_device *zdev = to_ap_dev(dev)->private; 67 return snprintf(buf, PAGE_SIZE, "%s\n", zdev->type_string); 68 } 69 70 static DEVICE_ATTR(type, 0444, zcrypt_type_show, NULL); 71 72 static ssize_t zcrypt_online_show(struct device *dev, 73 struct device_attribute *attr, char *buf) 74 { 75 struct zcrypt_device *zdev = to_ap_dev(dev)->private; 76 return snprintf(buf, PAGE_SIZE, "%d\n", zdev->online); 77 } 78 79 static ssize_t zcrypt_online_store(struct device *dev, 80 struct device_attribute *attr, 81 const char *buf, size_t count) 82 { 83 struct zcrypt_device *zdev = to_ap_dev(dev)->private; 84 int online; 85 86 if (sscanf(buf, "%d\n", &online) != 1 || online < 0 || online > 1) 87 return -EINVAL; 88 zdev->online = online; 89 if (!online) 90 ap_flush_queue(zdev->ap_dev); 91 return count; 92 } 93 94 static DEVICE_ATTR(online, 0644, zcrypt_online_show, zcrypt_online_store); 95 96 static struct attribute * zcrypt_device_attrs[] = { 97 &dev_attr_type.attr, 98 &dev_attr_online.attr, 99 NULL, 100 }; 101 102 static struct attribute_group zcrypt_device_attr_group = { 103 .attrs = zcrypt_device_attrs, 104 }; 105 106 /** 107 * __zcrypt_increase_preference(): Increase preference of a crypto device. 108 * @zdev: Pointer the crypto device 109 * 110 * Move the device towards the head of the device list. 111 * Need to be called while holding the zcrypt device list lock. 112 * Note: cards with speed_rating of 0 are kept at the end of the list. 113 */ 114 static void __zcrypt_increase_preference(struct zcrypt_device *zdev) 115 { 116 struct zcrypt_device *tmp; 117 struct list_head *l; 118 119 if (zdev->speed_rating == 0) 120 return; 121 for (l = zdev->list.prev; l != &zcrypt_device_list; l = l->prev) { 122 tmp = list_entry(l, struct zcrypt_device, list); 123 if ((tmp->request_count + 1) * tmp->speed_rating <= 124 (zdev->request_count + 1) * zdev->speed_rating && 125 tmp->speed_rating != 0) 126 break; 127 } 128 if (l == zdev->list.prev) 129 return; 130 /* Move zdev behind l */ 131 list_move(&zdev->list, l); 132 } 133 134 /** 135 * __zcrypt_decrease_preference(): Decrease preference of a crypto device. 136 * @zdev: Pointer to a crypto device. 137 * 138 * Move the device towards the tail of the device list. 139 * Need to be called while holding the zcrypt device list lock. 140 * Note: cards with speed_rating of 0 are kept at the end of the list. 141 */ 142 static void __zcrypt_decrease_preference(struct zcrypt_device *zdev) 143 { 144 struct zcrypt_device *tmp; 145 struct list_head *l; 146 147 if (zdev->speed_rating == 0) 148 return; 149 for (l = zdev->list.next; l != &zcrypt_device_list; l = l->next) { 150 tmp = list_entry(l, struct zcrypt_device, list); 151 if ((tmp->request_count + 1) * tmp->speed_rating > 152 (zdev->request_count + 1) * zdev->speed_rating || 153 tmp->speed_rating == 0) 154 break; 155 } 156 if (l == zdev->list.next) 157 return; 158 /* Move zdev before l */ 159 list_move_tail(&zdev->list, l); 160 } 161 162 static void zcrypt_device_release(struct kref *kref) 163 { 164 struct zcrypt_device *zdev = 165 container_of(kref, struct zcrypt_device, refcount); 166 zcrypt_device_free(zdev); 167 } 168 169 void zcrypt_device_get(struct zcrypt_device *zdev) 170 { 171 kref_get(&zdev->refcount); 172 } 173 EXPORT_SYMBOL(zcrypt_device_get); 174 175 int zcrypt_device_put(struct zcrypt_device *zdev) 176 { 177 return kref_put(&zdev->refcount, zcrypt_device_release); 178 } 179 EXPORT_SYMBOL(zcrypt_device_put); 180 181 struct zcrypt_device *zcrypt_device_alloc(size_t max_response_size) 182 { 183 struct zcrypt_device *zdev; 184 185 zdev = kzalloc(sizeof(struct zcrypt_device), GFP_KERNEL); 186 if (!zdev) 187 return NULL; 188 zdev->reply.message = kmalloc(max_response_size, GFP_KERNEL); 189 if (!zdev->reply.message) 190 goto out_free; 191 zdev->reply.length = max_response_size; 192 spin_lock_init(&zdev->lock); 193 INIT_LIST_HEAD(&zdev->list); 194 return zdev; 195 196 out_free: 197 kfree(zdev); 198 return NULL; 199 } 200 EXPORT_SYMBOL(zcrypt_device_alloc); 201 202 void zcrypt_device_free(struct zcrypt_device *zdev) 203 { 204 kfree(zdev->reply.message); 205 kfree(zdev); 206 } 207 EXPORT_SYMBOL(zcrypt_device_free); 208 209 /** 210 * zcrypt_device_register() - Register a crypto device. 211 * @zdev: Pointer to a crypto device 212 * 213 * Register a crypto device. Returns 0 if successful. 214 */ 215 int zcrypt_device_register(struct zcrypt_device *zdev) 216 { 217 int rc; 218 219 rc = sysfs_create_group(&zdev->ap_dev->device.kobj, 220 &zcrypt_device_attr_group); 221 if (rc) 222 goto out; 223 get_device(&zdev->ap_dev->device); 224 kref_init(&zdev->refcount); 225 spin_lock_bh(&zcrypt_device_lock); 226 zdev->online = 1; /* New devices are online by default. */ 227 list_add_tail(&zdev->list, &zcrypt_device_list); 228 __zcrypt_increase_preference(zdev); 229 zcrypt_device_count++; 230 spin_unlock_bh(&zcrypt_device_lock); 231 if (zdev->ops->rng) { 232 rc = zcrypt_rng_device_add(); 233 if (rc) 234 goto out_unregister; 235 } 236 return 0; 237 238 out_unregister: 239 spin_lock_bh(&zcrypt_device_lock); 240 zcrypt_device_count--; 241 list_del_init(&zdev->list); 242 spin_unlock_bh(&zcrypt_device_lock); 243 sysfs_remove_group(&zdev->ap_dev->device.kobj, 244 &zcrypt_device_attr_group); 245 put_device(&zdev->ap_dev->device); 246 zcrypt_device_put(zdev); 247 out: 248 return rc; 249 } 250 EXPORT_SYMBOL(zcrypt_device_register); 251 252 /** 253 * zcrypt_device_unregister(): Unregister a crypto device. 254 * @zdev: Pointer to crypto device 255 * 256 * Unregister a crypto device. 257 */ 258 void zcrypt_device_unregister(struct zcrypt_device *zdev) 259 { 260 if (zdev->ops->rng) 261 zcrypt_rng_device_remove(); 262 spin_lock_bh(&zcrypt_device_lock); 263 zcrypt_device_count--; 264 list_del_init(&zdev->list); 265 spin_unlock_bh(&zcrypt_device_lock); 266 sysfs_remove_group(&zdev->ap_dev->device.kobj, 267 &zcrypt_device_attr_group); 268 put_device(&zdev->ap_dev->device); 269 zcrypt_device_put(zdev); 270 } 271 EXPORT_SYMBOL(zcrypt_device_unregister); 272 273 /** 274 * zcrypt_read (): Not supported beyond zcrypt 1.3.1. 275 * 276 * This function is not supported beyond zcrypt 1.3.1. 277 */ 278 static ssize_t zcrypt_read(struct file *filp, char __user *buf, 279 size_t count, loff_t *f_pos) 280 { 281 return -EPERM; 282 } 283 284 /** 285 * zcrypt_write(): Not allowed. 286 * 287 * Write is is not allowed 288 */ 289 static ssize_t zcrypt_write(struct file *filp, const char __user *buf, 290 size_t count, loff_t *f_pos) 291 { 292 return -EPERM; 293 } 294 295 /** 296 * zcrypt_open(): Count number of users. 297 * 298 * Device open function to count number of users. 299 */ 300 static int zcrypt_open(struct inode *inode, struct file *filp) 301 { 302 atomic_inc(&zcrypt_open_count); 303 return 0; 304 } 305 306 /** 307 * zcrypt_release(): Count number of users. 308 * 309 * Device close function to count number of users. 310 */ 311 static int zcrypt_release(struct inode *inode, struct file *filp) 312 { 313 atomic_dec(&zcrypt_open_count); 314 return 0; 315 } 316 317 /* 318 * zcrypt ioctls. 319 */ 320 static long zcrypt_rsa_modexpo(struct ica_rsa_modexpo *mex) 321 { 322 struct zcrypt_device *zdev; 323 int rc; 324 325 if (mex->outputdatalength < mex->inputdatalength) 326 return -EINVAL; 327 /* 328 * As long as outputdatalength is big enough, we can set the 329 * outputdatalength equal to the inputdatalength, since that is the 330 * number of bytes we will copy in any case 331 */ 332 mex->outputdatalength = mex->inputdatalength; 333 334 spin_lock_bh(&zcrypt_device_lock); 335 list_for_each_entry(zdev, &zcrypt_device_list, list) { 336 if (!zdev->online || 337 !zdev->ops->rsa_modexpo || 338 zdev->min_mod_size > mex->inputdatalength || 339 zdev->max_mod_size < mex->inputdatalength) 340 continue; 341 zcrypt_device_get(zdev); 342 get_device(&zdev->ap_dev->device); 343 zdev->request_count++; 344 __zcrypt_decrease_preference(zdev); 345 if (try_module_get(zdev->ap_dev->drv->driver.owner)) { 346 spin_unlock_bh(&zcrypt_device_lock); 347 rc = zdev->ops->rsa_modexpo(zdev, mex); 348 spin_lock_bh(&zcrypt_device_lock); 349 module_put(zdev->ap_dev->drv->driver.owner); 350 } 351 else 352 rc = -EAGAIN; 353 zdev->request_count--; 354 __zcrypt_increase_preference(zdev); 355 put_device(&zdev->ap_dev->device); 356 zcrypt_device_put(zdev); 357 spin_unlock_bh(&zcrypt_device_lock); 358 return rc; 359 } 360 spin_unlock_bh(&zcrypt_device_lock); 361 return -ENODEV; 362 } 363 364 static long zcrypt_rsa_crt(struct ica_rsa_modexpo_crt *crt) 365 { 366 struct zcrypt_device *zdev; 367 unsigned long long z1, z2, z3; 368 int rc, copied; 369 370 if (crt->outputdatalength < crt->inputdatalength || 371 (crt->inputdatalength & 1)) 372 return -EINVAL; 373 /* 374 * As long as outputdatalength is big enough, we can set the 375 * outputdatalength equal to the inputdatalength, since that is the 376 * number of bytes we will copy in any case 377 */ 378 crt->outputdatalength = crt->inputdatalength; 379 380 copied = 0; 381 restart: 382 spin_lock_bh(&zcrypt_device_lock); 383 list_for_each_entry(zdev, &zcrypt_device_list, list) { 384 if (!zdev->online || 385 !zdev->ops->rsa_modexpo_crt || 386 zdev->min_mod_size > crt->inputdatalength || 387 zdev->max_mod_size < crt->inputdatalength) 388 continue; 389 if (zdev->short_crt && crt->inputdatalength > 240) { 390 /* 391 * Check inputdata for leading zeros for cards 392 * that can't handle np_prime, bp_key, or 393 * u_mult_inv > 128 bytes. 394 */ 395 if (copied == 0) { 396 int len; 397 spin_unlock_bh(&zcrypt_device_lock); 398 /* len is max 256 / 2 - 120 = 8 */ 399 len = crt->inputdatalength / 2 - 120; 400 z1 = z2 = z3 = 0; 401 if (copy_from_user(&z1, crt->np_prime, len) || 402 copy_from_user(&z2, crt->bp_key, len) || 403 copy_from_user(&z3, crt->u_mult_inv, len)) 404 return -EFAULT; 405 copied = 1; 406 /* 407 * We have to restart device lookup - 408 * the device list may have changed by now. 409 */ 410 goto restart; 411 } 412 if (z1 != 0ULL || z2 != 0ULL || z3 != 0ULL) 413 /* The device can't handle this request. */ 414 continue; 415 } 416 zcrypt_device_get(zdev); 417 get_device(&zdev->ap_dev->device); 418 zdev->request_count++; 419 __zcrypt_decrease_preference(zdev); 420 if (try_module_get(zdev->ap_dev->drv->driver.owner)) { 421 spin_unlock_bh(&zcrypt_device_lock); 422 rc = zdev->ops->rsa_modexpo_crt(zdev, crt); 423 spin_lock_bh(&zcrypt_device_lock); 424 module_put(zdev->ap_dev->drv->driver.owner); 425 } 426 else 427 rc = -EAGAIN; 428 zdev->request_count--; 429 __zcrypt_increase_preference(zdev); 430 put_device(&zdev->ap_dev->device); 431 zcrypt_device_put(zdev); 432 spin_unlock_bh(&zcrypt_device_lock); 433 return rc; 434 } 435 spin_unlock_bh(&zcrypt_device_lock); 436 return -ENODEV; 437 } 438 439 static long zcrypt_send_cprb(struct ica_xcRB *xcRB) 440 { 441 struct zcrypt_device *zdev; 442 int rc; 443 444 spin_lock_bh(&zcrypt_device_lock); 445 list_for_each_entry(zdev, &zcrypt_device_list, list) { 446 if (!zdev->online || !zdev->ops->send_cprb || 447 (xcRB->user_defined != AUTOSELECT && 448 AP_QID_DEVICE(zdev->ap_dev->qid) != xcRB->user_defined) 449 ) 450 continue; 451 zcrypt_device_get(zdev); 452 get_device(&zdev->ap_dev->device); 453 zdev->request_count++; 454 __zcrypt_decrease_preference(zdev); 455 if (try_module_get(zdev->ap_dev->drv->driver.owner)) { 456 spin_unlock_bh(&zcrypt_device_lock); 457 rc = zdev->ops->send_cprb(zdev, xcRB); 458 spin_lock_bh(&zcrypt_device_lock); 459 module_put(zdev->ap_dev->drv->driver.owner); 460 } 461 else 462 rc = -EAGAIN; 463 zdev->request_count--; 464 __zcrypt_increase_preference(zdev); 465 put_device(&zdev->ap_dev->device); 466 zcrypt_device_put(zdev); 467 spin_unlock_bh(&zcrypt_device_lock); 468 return rc; 469 } 470 spin_unlock_bh(&zcrypt_device_lock); 471 return -ENODEV; 472 } 473 474 static long zcrypt_rng(char *buffer) 475 { 476 struct zcrypt_device *zdev; 477 int rc; 478 479 spin_lock_bh(&zcrypt_device_lock); 480 list_for_each_entry(zdev, &zcrypt_device_list, list) { 481 if (!zdev->online || !zdev->ops->rng) 482 continue; 483 zcrypt_device_get(zdev); 484 get_device(&zdev->ap_dev->device); 485 zdev->request_count++; 486 __zcrypt_decrease_preference(zdev); 487 if (try_module_get(zdev->ap_dev->drv->driver.owner)) { 488 spin_unlock_bh(&zcrypt_device_lock); 489 rc = zdev->ops->rng(zdev, buffer); 490 spin_lock_bh(&zcrypt_device_lock); 491 module_put(zdev->ap_dev->drv->driver.owner); 492 } else 493 rc = -EAGAIN; 494 zdev->request_count--; 495 __zcrypt_increase_preference(zdev); 496 put_device(&zdev->ap_dev->device); 497 zcrypt_device_put(zdev); 498 spin_unlock_bh(&zcrypt_device_lock); 499 return rc; 500 } 501 spin_unlock_bh(&zcrypt_device_lock); 502 return -ENODEV; 503 } 504 505 static void zcrypt_status_mask(char status[AP_DEVICES]) 506 { 507 struct zcrypt_device *zdev; 508 509 memset(status, 0, sizeof(char) * AP_DEVICES); 510 spin_lock_bh(&zcrypt_device_lock); 511 list_for_each_entry(zdev, &zcrypt_device_list, list) 512 status[AP_QID_DEVICE(zdev->ap_dev->qid)] = 513 zdev->online ? zdev->user_space_type : 0x0d; 514 spin_unlock_bh(&zcrypt_device_lock); 515 } 516 517 static void zcrypt_qdepth_mask(char qdepth[AP_DEVICES]) 518 { 519 struct zcrypt_device *zdev; 520 521 memset(qdepth, 0, sizeof(char) * AP_DEVICES); 522 spin_lock_bh(&zcrypt_device_lock); 523 list_for_each_entry(zdev, &zcrypt_device_list, list) { 524 spin_lock(&zdev->ap_dev->lock); 525 qdepth[AP_QID_DEVICE(zdev->ap_dev->qid)] = 526 zdev->ap_dev->pendingq_count + 527 zdev->ap_dev->requestq_count; 528 spin_unlock(&zdev->ap_dev->lock); 529 } 530 spin_unlock_bh(&zcrypt_device_lock); 531 } 532 533 static void zcrypt_perdev_reqcnt(int reqcnt[AP_DEVICES]) 534 { 535 struct zcrypt_device *zdev; 536 537 memset(reqcnt, 0, sizeof(int) * AP_DEVICES); 538 spin_lock_bh(&zcrypt_device_lock); 539 list_for_each_entry(zdev, &zcrypt_device_list, list) { 540 spin_lock(&zdev->ap_dev->lock); 541 reqcnt[AP_QID_DEVICE(zdev->ap_dev->qid)] = 542 zdev->ap_dev->total_request_count; 543 spin_unlock(&zdev->ap_dev->lock); 544 } 545 spin_unlock_bh(&zcrypt_device_lock); 546 } 547 548 static int zcrypt_pendingq_count(void) 549 { 550 struct zcrypt_device *zdev; 551 int pendingq_count = 0; 552 553 spin_lock_bh(&zcrypt_device_lock); 554 list_for_each_entry(zdev, &zcrypt_device_list, list) { 555 spin_lock(&zdev->ap_dev->lock); 556 pendingq_count += zdev->ap_dev->pendingq_count; 557 spin_unlock(&zdev->ap_dev->lock); 558 } 559 spin_unlock_bh(&zcrypt_device_lock); 560 return pendingq_count; 561 } 562 563 static int zcrypt_requestq_count(void) 564 { 565 struct zcrypt_device *zdev; 566 int requestq_count = 0; 567 568 spin_lock_bh(&zcrypt_device_lock); 569 list_for_each_entry(zdev, &zcrypt_device_list, list) { 570 spin_lock(&zdev->ap_dev->lock); 571 requestq_count += zdev->ap_dev->requestq_count; 572 spin_unlock(&zdev->ap_dev->lock); 573 } 574 spin_unlock_bh(&zcrypt_device_lock); 575 return requestq_count; 576 } 577 578 static int zcrypt_count_type(int type) 579 { 580 struct zcrypt_device *zdev; 581 int device_count = 0; 582 583 spin_lock_bh(&zcrypt_device_lock); 584 list_for_each_entry(zdev, &zcrypt_device_list, list) 585 if (zdev->user_space_type == type) 586 device_count++; 587 spin_unlock_bh(&zcrypt_device_lock); 588 return device_count; 589 } 590 591 /** 592 * zcrypt_ica_status(): Old, depracted combi status call. 593 * 594 * Old, deprecated combi status call. 595 */ 596 static long zcrypt_ica_status(struct file *filp, unsigned long arg) 597 { 598 struct ica_z90_status *pstat; 599 int ret; 600 601 pstat = kzalloc(sizeof(*pstat), GFP_KERNEL); 602 if (!pstat) 603 return -ENOMEM; 604 pstat->totalcount = zcrypt_device_count; 605 pstat->leedslitecount = zcrypt_count_type(ZCRYPT_PCICA); 606 pstat->leeds2count = zcrypt_count_type(ZCRYPT_PCICC); 607 pstat->requestqWaitCount = zcrypt_requestq_count(); 608 pstat->pendingqWaitCount = zcrypt_pendingq_count(); 609 pstat->totalOpenCount = atomic_read(&zcrypt_open_count); 610 pstat->cryptoDomain = ap_domain_index; 611 zcrypt_status_mask(pstat->status); 612 zcrypt_qdepth_mask(pstat->qdepth); 613 ret = 0; 614 if (copy_to_user((void __user *) arg, pstat, sizeof(*pstat))) 615 ret = -EFAULT; 616 kfree(pstat); 617 return ret; 618 } 619 620 static long zcrypt_unlocked_ioctl(struct file *filp, unsigned int cmd, 621 unsigned long arg) 622 { 623 int rc; 624 625 switch (cmd) { 626 case ICARSAMODEXPO: { 627 struct ica_rsa_modexpo __user *umex = (void __user *) arg; 628 struct ica_rsa_modexpo mex; 629 if (copy_from_user(&mex, umex, sizeof(mex))) 630 return -EFAULT; 631 do { 632 rc = zcrypt_rsa_modexpo(&mex); 633 } while (rc == -EAGAIN); 634 if (rc) 635 return rc; 636 return put_user(mex.outputdatalength, &umex->outputdatalength); 637 } 638 case ICARSACRT: { 639 struct ica_rsa_modexpo_crt __user *ucrt = (void __user *) arg; 640 struct ica_rsa_modexpo_crt crt; 641 if (copy_from_user(&crt, ucrt, sizeof(crt))) 642 return -EFAULT; 643 do { 644 rc = zcrypt_rsa_crt(&crt); 645 } while (rc == -EAGAIN); 646 if (rc) 647 return rc; 648 return put_user(crt.outputdatalength, &ucrt->outputdatalength); 649 } 650 case ZSECSENDCPRB: { 651 struct ica_xcRB __user *uxcRB = (void __user *) arg; 652 struct ica_xcRB xcRB; 653 if (copy_from_user(&xcRB, uxcRB, sizeof(xcRB))) 654 return -EFAULT; 655 do { 656 rc = zcrypt_send_cprb(&xcRB); 657 } while (rc == -EAGAIN); 658 if (copy_to_user(uxcRB, &xcRB, sizeof(xcRB))) 659 return -EFAULT; 660 return rc; 661 } 662 case Z90STAT_STATUS_MASK: { 663 char status[AP_DEVICES]; 664 zcrypt_status_mask(status); 665 if (copy_to_user((char __user *) arg, status, 666 sizeof(char) * AP_DEVICES)) 667 return -EFAULT; 668 return 0; 669 } 670 case Z90STAT_QDEPTH_MASK: { 671 char qdepth[AP_DEVICES]; 672 zcrypt_qdepth_mask(qdepth); 673 if (copy_to_user((char __user *) arg, qdepth, 674 sizeof(char) * AP_DEVICES)) 675 return -EFAULT; 676 return 0; 677 } 678 case Z90STAT_PERDEV_REQCNT: { 679 int reqcnt[AP_DEVICES]; 680 zcrypt_perdev_reqcnt(reqcnt); 681 if (copy_to_user((int __user *) arg, reqcnt, 682 sizeof(int) * AP_DEVICES)) 683 return -EFAULT; 684 return 0; 685 } 686 case Z90STAT_REQUESTQ_COUNT: 687 return put_user(zcrypt_requestq_count(), (int __user *) arg); 688 case Z90STAT_PENDINGQ_COUNT: 689 return put_user(zcrypt_pendingq_count(), (int __user *) arg); 690 case Z90STAT_TOTALOPEN_COUNT: 691 return put_user(atomic_read(&zcrypt_open_count), 692 (int __user *) arg); 693 case Z90STAT_DOMAIN_INDEX: 694 return put_user(ap_domain_index, (int __user *) arg); 695 /* 696 * Deprecated ioctls. Don't add another device count ioctl, 697 * you can count them yourself in the user space with the 698 * output of the Z90STAT_STATUS_MASK ioctl. 699 */ 700 case ICAZ90STATUS: 701 return zcrypt_ica_status(filp, arg); 702 case Z90STAT_TOTALCOUNT: 703 return put_user(zcrypt_device_count, (int __user *) arg); 704 case Z90STAT_PCICACOUNT: 705 return put_user(zcrypt_count_type(ZCRYPT_PCICA), 706 (int __user *) arg); 707 case Z90STAT_PCICCCOUNT: 708 return put_user(zcrypt_count_type(ZCRYPT_PCICC), 709 (int __user *) arg); 710 case Z90STAT_PCIXCCMCL2COUNT: 711 return put_user(zcrypt_count_type(ZCRYPT_PCIXCC_MCL2), 712 (int __user *) arg); 713 case Z90STAT_PCIXCCMCL3COUNT: 714 return put_user(zcrypt_count_type(ZCRYPT_PCIXCC_MCL3), 715 (int __user *) arg); 716 case Z90STAT_PCIXCCCOUNT: 717 return put_user(zcrypt_count_type(ZCRYPT_PCIXCC_MCL2) + 718 zcrypt_count_type(ZCRYPT_PCIXCC_MCL3), 719 (int __user *) arg); 720 case Z90STAT_CEX2CCOUNT: 721 return put_user(zcrypt_count_type(ZCRYPT_CEX2C), 722 (int __user *) arg); 723 case Z90STAT_CEX2ACOUNT: 724 return put_user(zcrypt_count_type(ZCRYPT_CEX2A), 725 (int __user *) arg); 726 default: 727 /* unknown ioctl number */ 728 return -ENOIOCTLCMD; 729 } 730 } 731 732 #ifdef CONFIG_COMPAT 733 /* 734 * ioctl32 conversion routines 735 */ 736 struct compat_ica_rsa_modexpo { 737 compat_uptr_t inputdata; 738 unsigned int inputdatalength; 739 compat_uptr_t outputdata; 740 unsigned int outputdatalength; 741 compat_uptr_t b_key; 742 compat_uptr_t n_modulus; 743 }; 744 745 static long trans_modexpo32(struct file *filp, unsigned int cmd, 746 unsigned long arg) 747 { 748 struct compat_ica_rsa_modexpo __user *umex32 = compat_ptr(arg); 749 struct compat_ica_rsa_modexpo mex32; 750 struct ica_rsa_modexpo mex64; 751 long rc; 752 753 if (copy_from_user(&mex32, umex32, sizeof(mex32))) 754 return -EFAULT; 755 mex64.inputdata = compat_ptr(mex32.inputdata); 756 mex64.inputdatalength = mex32.inputdatalength; 757 mex64.outputdata = compat_ptr(mex32.outputdata); 758 mex64.outputdatalength = mex32.outputdatalength; 759 mex64.b_key = compat_ptr(mex32.b_key); 760 mex64.n_modulus = compat_ptr(mex32.n_modulus); 761 do { 762 rc = zcrypt_rsa_modexpo(&mex64); 763 } while (rc == -EAGAIN); 764 if (!rc) 765 rc = put_user(mex64.outputdatalength, 766 &umex32->outputdatalength); 767 return rc; 768 } 769 770 struct compat_ica_rsa_modexpo_crt { 771 compat_uptr_t inputdata; 772 unsigned int inputdatalength; 773 compat_uptr_t outputdata; 774 unsigned int outputdatalength; 775 compat_uptr_t bp_key; 776 compat_uptr_t bq_key; 777 compat_uptr_t np_prime; 778 compat_uptr_t nq_prime; 779 compat_uptr_t u_mult_inv; 780 }; 781 782 static long trans_modexpo_crt32(struct file *filp, unsigned int cmd, 783 unsigned long arg) 784 { 785 struct compat_ica_rsa_modexpo_crt __user *ucrt32 = compat_ptr(arg); 786 struct compat_ica_rsa_modexpo_crt crt32; 787 struct ica_rsa_modexpo_crt crt64; 788 long rc; 789 790 if (copy_from_user(&crt32, ucrt32, sizeof(crt32))) 791 return -EFAULT; 792 crt64.inputdata = compat_ptr(crt32.inputdata); 793 crt64.inputdatalength = crt32.inputdatalength; 794 crt64.outputdata= compat_ptr(crt32.outputdata); 795 crt64.outputdatalength = crt32.outputdatalength; 796 crt64.bp_key = compat_ptr(crt32.bp_key); 797 crt64.bq_key = compat_ptr(crt32.bq_key); 798 crt64.np_prime = compat_ptr(crt32.np_prime); 799 crt64.nq_prime = compat_ptr(crt32.nq_prime); 800 crt64.u_mult_inv = compat_ptr(crt32.u_mult_inv); 801 do { 802 rc = zcrypt_rsa_crt(&crt64); 803 } while (rc == -EAGAIN); 804 if (!rc) 805 rc = put_user(crt64.outputdatalength, 806 &ucrt32->outputdatalength); 807 return rc; 808 } 809 810 struct compat_ica_xcRB { 811 unsigned short agent_ID; 812 unsigned int user_defined; 813 unsigned short request_ID; 814 unsigned int request_control_blk_length; 815 unsigned char padding1[16 - sizeof (compat_uptr_t)]; 816 compat_uptr_t request_control_blk_addr; 817 unsigned int request_data_length; 818 char padding2[16 - sizeof (compat_uptr_t)]; 819 compat_uptr_t request_data_address; 820 unsigned int reply_control_blk_length; 821 char padding3[16 - sizeof (compat_uptr_t)]; 822 compat_uptr_t reply_control_blk_addr; 823 unsigned int reply_data_length; 824 char padding4[16 - sizeof (compat_uptr_t)]; 825 compat_uptr_t reply_data_addr; 826 unsigned short priority_window; 827 unsigned int status; 828 } __attribute__((packed)); 829 830 static long trans_xcRB32(struct file *filp, unsigned int cmd, 831 unsigned long arg) 832 { 833 struct compat_ica_xcRB __user *uxcRB32 = compat_ptr(arg); 834 struct compat_ica_xcRB xcRB32; 835 struct ica_xcRB xcRB64; 836 long rc; 837 838 if (copy_from_user(&xcRB32, uxcRB32, sizeof(xcRB32))) 839 return -EFAULT; 840 xcRB64.agent_ID = xcRB32.agent_ID; 841 xcRB64.user_defined = xcRB32.user_defined; 842 xcRB64.request_ID = xcRB32.request_ID; 843 xcRB64.request_control_blk_length = 844 xcRB32.request_control_blk_length; 845 xcRB64.request_control_blk_addr = 846 compat_ptr(xcRB32.request_control_blk_addr); 847 xcRB64.request_data_length = 848 xcRB32.request_data_length; 849 xcRB64.request_data_address = 850 compat_ptr(xcRB32.request_data_address); 851 xcRB64.reply_control_blk_length = 852 xcRB32.reply_control_blk_length; 853 xcRB64.reply_control_blk_addr = 854 compat_ptr(xcRB32.reply_control_blk_addr); 855 xcRB64.reply_data_length = xcRB32.reply_data_length; 856 xcRB64.reply_data_addr = 857 compat_ptr(xcRB32.reply_data_addr); 858 xcRB64.priority_window = xcRB32.priority_window; 859 xcRB64.status = xcRB32.status; 860 do { 861 rc = zcrypt_send_cprb(&xcRB64); 862 } while (rc == -EAGAIN); 863 xcRB32.reply_control_blk_length = xcRB64.reply_control_blk_length; 864 xcRB32.reply_data_length = xcRB64.reply_data_length; 865 xcRB32.status = xcRB64.status; 866 if (copy_to_user(uxcRB32, &xcRB32, sizeof(xcRB32))) 867 return -EFAULT; 868 return rc; 869 } 870 871 static long zcrypt_compat_ioctl(struct file *filp, unsigned int cmd, 872 unsigned long arg) 873 { 874 if (cmd == ICARSAMODEXPO) 875 return trans_modexpo32(filp, cmd, arg); 876 if (cmd == ICARSACRT) 877 return trans_modexpo_crt32(filp, cmd, arg); 878 if (cmd == ZSECSENDCPRB) 879 return trans_xcRB32(filp, cmd, arg); 880 return zcrypt_unlocked_ioctl(filp, cmd, arg); 881 } 882 #endif 883 884 /* 885 * Misc device file operations. 886 */ 887 static const struct file_operations zcrypt_fops = { 888 .owner = THIS_MODULE, 889 .read = zcrypt_read, 890 .write = zcrypt_write, 891 .unlocked_ioctl = zcrypt_unlocked_ioctl, 892 #ifdef CONFIG_COMPAT 893 .compat_ioctl = zcrypt_compat_ioctl, 894 #endif 895 .open = zcrypt_open, 896 .release = zcrypt_release 897 }; 898 899 /* 900 * Misc device. 901 */ 902 static struct miscdevice zcrypt_misc_device = { 903 .minor = MISC_DYNAMIC_MINOR, 904 .name = "z90crypt", 905 .fops = &zcrypt_fops, 906 }; 907 908 /* 909 * Deprecated /proc entry support. 910 */ 911 static struct proc_dir_entry *zcrypt_entry; 912 913 static int sprintcl(unsigned char *outaddr, unsigned char *addr, 914 unsigned int len) 915 { 916 int hl, i; 917 918 hl = 0; 919 for (i = 0; i < len; i++) 920 hl += sprintf(outaddr+hl, "%01x", (unsigned int) addr[i]); 921 hl += sprintf(outaddr+hl, " "); 922 return hl; 923 } 924 925 static int sprintrw(unsigned char *outaddr, unsigned char *addr, 926 unsigned int len) 927 { 928 int hl, inl, c, cx; 929 930 hl = sprintf(outaddr, " "); 931 inl = 0; 932 for (c = 0; c < (len / 16); c++) { 933 hl += sprintcl(outaddr+hl, addr+inl, 16); 934 inl += 16; 935 } 936 cx = len%16; 937 if (cx) { 938 hl += sprintcl(outaddr+hl, addr+inl, cx); 939 inl += cx; 940 } 941 hl += sprintf(outaddr+hl, "\n"); 942 return hl; 943 } 944 945 static int sprinthx(unsigned char *title, unsigned char *outaddr, 946 unsigned char *addr, unsigned int len) 947 { 948 int hl, inl, r, rx; 949 950 hl = sprintf(outaddr, "\n%s\n", title); 951 inl = 0; 952 for (r = 0; r < (len / 64); r++) { 953 hl += sprintrw(outaddr+hl, addr+inl, 64); 954 inl += 64; 955 } 956 rx = len % 64; 957 if (rx) { 958 hl += sprintrw(outaddr+hl, addr+inl, rx); 959 inl += rx; 960 } 961 hl += sprintf(outaddr+hl, "\n"); 962 return hl; 963 } 964 965 static int sprinthx4(unsigned char *title, unsigned char *outaddr, 966 unsigned int *array, unsigned int len) 967 { 968 int hl, r; 969 970 hl = sprintf(outaddr, "\n%s\n", title); 971 for (r = 0; r < len; r++) { 972 if ((r % 8) == 0) 973 hl += sprintf(outaddr+hl, " "); 974 hl += sprintf(outaddr+hl, "%08X ", array[r]); 975 if ((r % 8) == 7) 976 hl += sprintf(outaddr+hl, "\n"); 977 } 978 hl += sprintf(outaddr+hl, "\n"); 979 return hl; 980 } 981 982 static int zcrypt_status_read(char *resp_buff, char **start, off_t offset, 983 int count, int *eof, void *data) 984 { 985 unsigned char *workarea; 986 int len; 987 988 len = 0; 989 990 /* resp_buff is a page. Use the right half for a work area */ 991 workarea = resp_buff + 2000; 992 len += sprintf(resp_buff + len, "\nzcrypt version: %d.%d.%d\n", 993 ZCRYPT_VERSION, ZCRYPT_RELEASE, ZCRYPT_VARIANT); 994 len += sprintf(resp_buff + len, "Cryptographic domain: %d\n", 995 ap_domain_index); 996 len += sprintf(resp_buff + len, "Total device count: %d\n", 997 zcrypt_device_count); 998 len += sprintf(resp_buff + len, "PCICA count: %d\n", 999 zcrypt_count_type(ZCRYPT_PCICA)); 1000 len += sprintf(resp_buff + len, "PCICC count: %d\n", 1001 zcrypt_count_type(ZCRYPT_PCICC)); 1002 len += sprintf(resp_buff + len, "PCIXCC MCL2 count: %d\n", 1003 zcrypt_count_type(ZCRYPT_PCIXCC_MCL2)); 1004 len += sprintf(resp_buff + len, "PCIXCC MCL3 count: %d\n", 1005 zcrypt_count_type(ZCRYPT_PCIXCC_MCL3)); 1006 len += sprintf(resp_buff + len, "CEX2C count: %d\n", 1007 zcrypt_count_type(ZCRYPT_CEX2C)); 1008 len += sprintf(resp_buff + len, "CEX2A count: %d\n", 1009 zcrypt_count_type(ZCRYPT_CEX2A)); 1010 len += sprintf(resp_buff + len, "CEX3C count: %d\n", 1011 zcrypt_count_type(ZCRYPT_CEX3C)); 1012 len += sprintf(resp_buff + len, "CEX3A count: %d\n", 1013 zcrypt_count_type(ZCRYPT_CEX3A)); 1014 len += sprintf(resp_buff + len, "requestq count: %d\n", 1015 zcrypt_requestq_count()); 1016 len += sprintf(resp_buff + len, "pendingq count: %d\n", 1017 zcrypt_pendingq_count()); 1018 len += sprintf(resp_buff + len, "Total open handles: %d\n\n", 1019 atomic_read(&zcrypt_open_count)); 1020 zcrypt_status_mask(workarea); 1021 len += sprinthx("Online devices: 1=PCICA 2=PCICC 3=PCIXCC(MCL2) " 1022 "4=PCIXCC(MCL3) 5=CEX2C 6=CEX2A 7=CEX3C 8=CEX3A", 1023 resp_buff+len, workarea, AP_DEVICES); 1024 zcrypt_qdepth_mask(workarea); 1025 len += sprinthx("Waiting work element counts", 1026 resp_buff+len, workarea, AP_DEVICES); 1027 zcrypt_perdev_reqcnt((int *) workarea); 1028 len += sprinthx4("Per-device successfully completed request counts", 1029 resp_buff+len,(unsigned int *) workarea, AP_DEVICES); 1030 *eof = 1; 1031 memset((void *) workarea, 0x00, AP_DEVICES * sizeof(unsigned int)); 1032 return len; 1033 } 1034 1035 static void zcrypt_disable_card(int index) 1036 { 1037 struct zcrypt_device *zdev; 1038 1039 spin_lock_bh(&zcrypt_device_lock); 1040 list_for_each_entry(zdev, &zcrypt_device_list, list) 1041 if (AP_QID_DEVICE(zdev->ap_dev->qid) == index) { 1042 zdev->online = 0; 1043 ap_flush_queue(zdev->ap_dev); 1044 break; 1045 } 1046 spin_unlock_bh(&zcrypt_device_lock); 1047 } 1048 1049 static void zcrypt_enable_card(int index) 1050 { 1051 struct zcrypt_device *zdev; 1052 1053 spin_lock_bh(&zcrypt_device_lock); 1054 list_for_each_entry(zdev, &zcrypt_device_list, list) 1055 if (AP_QID_DEVICE(zdev->ap_dev->qid) == index) { 1056 zdev->online = 1; 1057 break; 1058 } 1059 spin_unlock_bh(&zcrypt_device_lock); 1060 } 1061 1062 static int zcrypt_status_write(struct file *file, const char __user *buffer, 1063 unsigned long count, void *data) 1064 { 1065 unsigned char *lbuf, *ptr; 1066 unsigned long local_count; 1067 int j; 1068 1069 if (count <= 0) 1070 return 0; 1071 1072 #define LBUFSIZE 1200UL 1073 lbuf = kmalloc(LBUFSIZE, GFP_KERNEL); 1074 if (!lbuf) 1075 return 0; 1076 1077 local_count = min(LBUFSIZE - 1, count); 1078 if (copy_from_user(lbuf, buffer, local_count) != 0) { 1079 kfree(lbuf); 1080 return -EFAULT; 1081 } 1082 lbuf[local_count] = '\0'; 1083 1084 ptr = strstr(lbuf, "Online devices"); 1085 if (!ptr) 1086 goto out; 1087 ptr = strstr(ptr, "\n"); 1088 if (!ptr) 1089 goto out; 1090 ptr++; 1091 1092 if (strstr(ptr, "Waiting work element counts") == NULL) 1093 goto out; 1094 1095 for (j = 0; j < 64 && *ptr; ptr++) { 1096 /* 1097 * '0' for no device, '1' for PCICA, '2' for PCICC, 1098 * '3' for PCIXCC_MCL2, '4' for PCIXCC_MCL3, 1099 * '5' for CEX2C and '6' for CEX2A' 1100 * '7' for CEX3C and '8' for CEX3A 1101 */ 1102 if (*ptr >= '0' && *ptr <= '8') 1103 j++; 1104 else if (*ptr == 'd' || *ptr == 'D') 1105 zcrypt_disable_card(j++); 1106 else if (*ptr == 'e' || *ptr == 'E') 1107 zcrypt_enable_card(j++); 1108 else if (*ptr != ' ' && *ptr != '\t') 1109 break; 1110 } 1111 out: 1112 kfree(lbuf); 1113 return count; 1114 } 1115 1116 static int zcrypt_rng_device_count; 1117 static u32 *zcrypt_rng_buffer; 1118 static int zcrypt_rng_buffer_index; 1119 static DEFINE_MUTEX(zcrypt_rng_mutex); 1120 1121 static int zcrypt_rng_data_read(struct hwrng *rng, u32 *data) 1122 { 1123 int rc; 1124 1125 /* 1126 * We don't need locking here because the RNG API guarantees serialized 1127 * read method calls. 1128 */ 1129 if (zcrypt_rng_buffer_index == 0) { 1130 rc = zcrypt_rng((char *) zcrypt_rng_buffer); 1131 if (rc < 0) 1132 return -EIO; 1133 zcrypt_rng_buffer_index = rc / sizeof *data; 1134 } 1135 *data = zcrypt_rng_buffer[--zcrypt_rng_buffer_index]; 1136 return sizeof *data; 1137 } 1138 1139 static struct hwrng zcrypt_rng_dev = { 1140 .name = "zcrypt", 1141 .data_read = zcrypt_rng_data_read, 1142 }; 1143 1144 static int zcrypt_rng_device_add(void) 1145 { 1146 int rc = 0; 1147 1148 mutex_lock(&zcrypt_rng_mutex); 1149 if (zcrypt_rng_device_count == 0) { 1150 zcrypt_rng_buffer = (u32 *) get_zeroed_page(GFP_KERNEL); 1151 if (!zcrypt_rng_buffer) { 1152 rc = -ENOMEM; 1153 goto out; 1154 } 1155 zcrypt_rng_buffer_index = 0; 1156 rc = hwrng_register(&zcrypt_rng_dev); 1157 if (rc) 1158 goto out_free; 1159 zcrypt_rng_device_count = 1; 1160 } else 1161 zcrypt_rng_device_count++; 1162 mutex_unlock(&zcrypt_rng_mutex); 1163 return 0; 1164 1165 out_free: 1166 free_page((unsigned long) zcrypt_rng_buffer); 1167 out: 1168 mutex_unlock(&zcrypt_rng_mutex); 1169 return rc; 1170 } 1171 1172 static void zcrypt_rng_device_remove(void) 1173 { 1174 mutex_lock(&zcrypt_rng_mutex); 1175 zcrypt_rng_device_count--; 1176 if (zcrypt_rng_device_count == 0) { 1177 hwrng_unregister(&zcrypt_rng_dev); 1178 free_page((unsigned long) zcrypt_rng_buffer); 1179 } 1180 mutex_unlock(&zcrypt_rng_mutex); 1181 } 1182 1183 /** 1184 * zcrypt_api_init(): Module initialization. 1185 * 1186 * The module initialization code. 1187 */ 1188 int __init zcrypt_api_init(void) 1189 { 1190 int rc; 1191 1192 /* Register the request sprayer. */ 1193 rc = misc_register(&zcrypt_misc_device); 1194 if (rc < 0) 1195 goto out; 1196 1197 /* Set up the proc file system */ 1198 zcrypt_entry = create_proc_entry("driver/z90crypt", 0644, NULL); 1199 if (!zcrypt_entry) { 1200 rc = -ENOMEM; 1201 goto out_misc; 1202 } 1203 zcrypt_entry->data = NULL; 1204 zcrypt_entry->read_proc = zcrypt_status_read; 1205 zcrypt_entry->write_proc = zcrypt_status_write; 1206 1207 return 0; 1208 1209 out_misc: 1210 misc_deregister(&zcrypt_misc_device); 1211 out: 1212 return rc; 1213 } 1214 1215 /** 1216 * zcrypt_api_exit(): Module termination. 1217 * 1218 * The module termination code. 1219 */ 1220 void zcrypt_api_exit(void) 1221 { 1222 remove_proc_entry("driver/z90crypt", NULL); 1223 misc_deregister(&zcrypt_misc_device); 1224 } 1225 1226 #ifndef CONFIG_ZCRYPT_MONOLITHIC 1227 module_init(zcrypt_api_init); 1228 module_exit(zcrypt_api_exit); 1229 #endif 1230