1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright IBM Corp. 2001, 2018 4 * Author(s): Robert Burroughs 5 * Eric Rossman (edrossma@us.ibm.com) 6 * Cornelia Huck <cornelia.huck@de.ibm.com> 7 * 8 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com) 9 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com> 10 * Ralph Wuerthner <rwuerthn@de.ibm.com> 11 * MSGTYPE restruct: Holger Dengler <hd@linux.vnet.ibm.com> 12 * Multiple device nodes: Harald Freudenberger <freude@linux.ibm.com> 13 */ 14 15 #include <linux/module.h> 16 #include <linux/init.h> 17 #include <linux/interrupt.h> 18 #include <linux/miscdevice.h> 19 #include <linux/fs.h> 20 #include <linux/compat.h> 21 #include <linux/slab.h> 22 #include <linux/atomic.h> 23 #include <linux/uaccess.h> 24 #include <linux/hw_random.h> 25 #include <linux/debugfs.h> 26 #include <linux/cdev.h> 27 #include <linux/ctype.h> 28 #include <asm/debug.h> 29 30 #define CREATE_TRACE_POINTS 31 #include <asm/trace/zcrypt.h> 32 33 #include "zcrypt_api.h" 34 #include "zcrypt_debug.h" 35 36 #include "zcrypt_msgtype6.h" 37 #include "zcrypt_msgtype50.h" 38 39 /* 40 * Module description. 41 */ 42 MODULE_AUTHOR("IBM Corporation"); 43 MODULE_DESCRIPTION("Cryptographic Coprocessor interface, " \ 44 "Copyright IBM Corp. 2001, 2012"); 45 MODULE_LICENSE("GPL"); 46 47 /* 48 * zcrypt tracepoint functions 49 */ 50 EXPORT_TRACEPOINT_SYMBOL(s390_zcrypt_req); 51 EXPORT_TRACEPOINT_SYMBOL(s390_zcrypt_rep); 52 53 static int zcrypt_hwrng_seed = 1; 54 module_param_named(hwrng_seed, zcrypt_hwrng_seed, int, 0440); 55 MODULE_PARM_DESC(hwrng_seed, "Turn on/off hwrng auto seed, default is 1 (on)."); 56 57 DEFINE_SPINLOCK(zcrypt_list_lock); 58 LIST_HEAD(zcrypt_card_list); 59 int zcrypt_device_count; 60 61 static atomic_t zcrypt_open_count = ATOMIC_INIT(0); 62 static atomic_t zcrypt_rescan_count = ATOMIC_INIT(0); 63 64 atomic_t zcrypt_rescan_req = ATOMIC_INIT(0); 65 EXPORT_SYMBOL(zcrypt_rescan_req); 66 67 static LIST_HEAD(zcrypt_ops_list); 68 69 /* Zcrypt related debug feature stuff. */ 70 debug_info_t *zcrypt_dbf_info; 71 72 /** 73 * Process a rescan of the transport layer. 74 * 75 * Returns 1, if the rescan has been processed, otherwise 0. 76 */ 77 static inline int zcrypt_process_rescan(void) 78 { 79 if (atomic_read(&zcrypt_rescan_req)) { 80 atomic_set(&zcrypt_rescan_req, 0); 81 atomic_inc(&zcrypt_rescan_count); 82 ap_bus_force_rescan(); 83 ZCRYPT_DBF(DBF_INFO, "rescan count=%07d\n", 84 atomic_inc_return(&zcrypt_rescan_count)); 85 return 1; 86 } 87 return 0; 88 } 89 90 void zcrypt_msgtype_register(struct zcrypt_ops *zops) 91 { 92 list_add_tail(&zops->list, &zcrypt_ops_list); 93 } 94 95 void zcrypt_msgtype_unregister(struct zcrypt_ops *zops) 96 { 97 list_del_init(&zops->list); 98 } 99 100 struct zcrypt_ops *zcrypt_msgtype(unsigned char *name, int variant) 101 { 102 struct zcrypt_ops *zops; 103 104 list_for_each_entry(zops, &zcrypt_ops_list, list) 105 if ((zops->variant == variant) && 106 (!strncmp(zops->name, name, sizeof(zops->name)))) 107 return zops; 108 return NULL; 109 } 110 EXPORT_SYMBOL(zcrypt_msgtype); 111 112 /* 113 * Multi device nodes extension functions. 114 */ 115 116 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 117 118 struct zcdn_device; 119 120 static struct class *zcrypt_class; 121 static dev_t zcrypt_devt; 122 static struct cdev zcrypt_cdev; 123 124 struct zcdn_device { 125 struct device device; 126 struct ap_perms perms; 127 }; 128 129 #define to_zcdn_dev(x) container_of((x), struct zcdn_device, device) 130 131 #define ZCDN_MAX_NAME 32 132 133 static int zcdn_create(const char *name); 134 static int zcdn_destroy(const char *name); 135 136 /* helper function, matches the name for find_zcdndev_by_name() */ 137 static int __match_zcdn_name(struct device *dev, const void *data) 138 { 139 return strcmp(dev_name(dev), (const char *)data) == 0; 140 } 141 142 /* helper function, matches the devt value for find_zcdndev_by_devt() */ 143 static int __match_zcdn_devt(struct device *dev, const void *data) 144 { 145 return dev->devt == *((dev_t *) data); 146 } 147 148 /* 149 * Find zcdn device by name. 150 * Returns reference to the zcdn device which needs to be released 151 * with put_device() after use. 152 */ 153 static inline struct zcdn_device *find_zcdndev_by_name(const char *name) 154 { 155 struct device *dev = 156 class_find_device(zcrypt_class, NULL, 157 (void *) name, 158 __match_zcdn_name); 159 160 return dev ? to_zcdn_dev(dev) : NULL; 161 } 162 163 /* 164 * Find zcdn device by devt value. 165 * Returns reference to the zcdn device which needs to be released 166 * with put_device() after use. 167 */ 168 static inline struct zcdn_device *find_zcdndev_by_devt(dev_t devt) 169 { 170 struct device *dev = 171 class_find_device(zcrypt_class, NULL, 172 (void *) &devt, 173 __match_zcdn_devt); 174 175 return dev ? to_zcdn_dev(dev) : NULL; 176 } 177 178 static ssize_t ioctlmask_show(struct device *dev, 179 struct device_attribute *attr, 180 char *buf) 181 { 182 int i, rc; 183 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 184 185 if (mutex_lock_interruptible(&ap_perms_mutex)) 186 return -ERESTARTSYS; 187 188 buf[0] = '0'; 189 buf[1] = 'x'; 190 for (i = 0; i < sizeof(zcdndev->perms.ioctlm) / sizeof(long); i++) 191 snprintf(buf + 2 + 2 * i * sizeof(long), 192 PAGE_SIZE - 2 - 2 * i * sizeof(long), 193 "%016lx", zcdndev->perms.ioctlm[i]); 194 buf[2 + 2 * i * sizeof(long)] = '\n'; 195 buf[2 + 2 * i * sizeof(long) + 1] = '\0'; 196 rc = 2 + 2 * i * sizeof(long) + 1; 197 198 mutex_unlock(&ap_perms_mutex); 199 200 return rc; 201 } 202 203 static ssize_t ioctlmask_store(struct device *dev, 204 struct device_attribute *attr, 205 const char *buf, size_t count) 206 { 207 int rc; 208 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 209 210 rc = ap_parse_mask_str(buf, zcdndev->perms.ioctlm, 211 AP_IOCTLS, &ap_perms_mutex); 212 if (rc) 213 return rc; 214 215 return count; 216 } 217 218 static DEVICE_ATTR_RW(ioctlmask); 219 220 static ssize_t apmask_show(struct device *dev, 221 struct device_attribute *attr, 222 char *buf) 223 { 224 int i, rc; 225 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 226 227 if (mutex_lock_interruptible(&ap_perms_mutex)) 228 return -ERESTARTSYS; 229 230 buf[0] = '0'; 231 buf[1] = 'x'; 232 for (i = 0; i < sizeof(zcdndev->perms.apm) / sizeof(long); i++) 233 snprintf(buf + 2 + 2 * i * sizeof(long), 234 PAGE_SIZE - 2 - 2 * i * sizeof(long), 235 "%016lx", zcdndev->perms.apm[i]); 236 buf[2 + 2 * i * sizeof(long)] = '\n'; 237 buf[2 + 2 * i * sizeof(long) + 1] = '\0'; 238 rc = 2 + 2 * i * sizeof(long) + 1; 239 240 mutex_unlock(&ap_perms_mutex); 241 242 return rc; 243 } 244 245 static ssize_t apmask_store(struct device *dev, 246 struct device_attribute *attr, 247 const char *buf, size_t count) 248 { 249 int rc; 250 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 251 252 rc = ap_parse_mask_str(buf, zcdndev->perms.apm, 253 AP_DEVICES, &ap_perms_mutex); 254 if (rc) 255 return rc; 256 257 return count; 258 } 259 260 static DEVICE_ATTR_RW(apmask); 261 262 static ssize_t aqmask_show(struct device *dev, 263 struct device_attribute *attr, 264 char *buf) 265 { 266 int i, rc; 267 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 268 269 if (mutex_lock_interruptible(&ap_perms_mutex)) 270 return -ERESTARTSYS; 271 272 buf[0] = '0'; 273 buf[1] = 'x'; 274 for (i = 0; i < sizeof(zcdndev->perms.aqm) / sizeof(long); i++) 275 snprintf(buf + 2 + 2 * i * sizeof(long), 276 PAGE_SIZE - 2 - 2 * i * sizeof(long), 277 "%016lx", zcdndev->perms.aqm[i]); 278 buf[2 + 2 * i * sizeof(long)] = '\n'; 279 buf[2 + 2 * i * sizeof(long) + 1] = '\0'; 280 rc = 2 + 2 * i * sizeof(long) + 1; 281 282 mutex_unlock(&ap_perms_mutex); 283 284 return rc; 285 } 286 287 static ssize_t aqmask_store(struct device *dev, 288 struct device_attribute *attr, 289 const char *buf, size_t count) 290 { 291 int rc; 292 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 293 294 rc = ap_parse_mask_str(buf, zcdndev->perms.aqm, 295 AP_DOMAINS, &ap_perms_mutex); 296 if (rc) 297 return rc; 298 299 return count; 300 } 301 302 static DEVICE_ATTR_RW(aqmask); 303 304 static struct attribute *zcdn_dev_attrs[] = { 305 &dev_attr_ioctlmask.attr, 306 &dev_attr_apmask.attr, 307 &dev_attr_aqmask.attr, 308 NULL 309 }; 310 311 static struct attribute_group zcdn_dev_attr_group = { 312 .attrs = zcdn_dev_attrs 313 }; 314 315 static const struct attribute_group *zcdn_dev_attr_groups[] = { 316 &zcdn_dev_attr_group, 317 NULL 318 }; 319 320 static ssize_t zcdn_create_store(struct class *class, 321 struct class_attribute *attr, 322 const char *buf, size_t count) 323 { 324 int rc; 325 char name[ZCDN_MAX_NAME]; 326 327 strncpy(name, skip_spaces(buf), sizeof(name)); 328 name[sizeof(name) - 1] = '\0'; 329 330 rc = zcdn_create(strim(name)); 331 332 return rc ? rc : count; 333 } 334 335 static const struct class_attribute class_attr_zcdn_create = 336 __ATTR(create, 0600, NULL, zcdn_create_store); 337 338 static ssize_t zcdn_destroy_store(struct class *class, 339 struct class_attribute *attr, 340 const char *buf, size_t count) 341 { 342 int rc; 343 char name[ZCDN_MAX_NAME]; 344 345 strncpy(name, skip_spaces(buf), sizeof(name)); 346 name[sizeof(name) - 1] = '\0'; 347 348 rc = zcdn_destroy(strim(name)); 349 350 return rc ? rc : count; 351 } 352 353 static const struct class_attribute class_attr_zcdn_destroy = 354 __ATTR(destroy, 0600, NULL, zcdn_destroy_store); 355 356 static void zcdn_device_release(struct device *dev) 357 { 358 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 359 360 ZCRYPT_DBF(DBF_INFO, "releasing zcdn device %d:%d\n", 361 MAJOR(dev->devt), MINOR(dev->devt)); 362 363 kfree(zcdndev); 364 } 365 366 static int zcdn_create(const char *name) 367 { 368 dev_t devt; 369 int i, rc = 0; 370 char nodename[ZCDN_MAX_NAME]; 371 struct zcdn_device *zcdndev; 372 373 if (mutex_lock_interruptible(&ap_perms_mutex)) 374 return -ERESTARTSYS; 375 376 /* check if device node with this name already exists */ 377 if (name[0]) { 378 zcdndev = find_zcdndev_by_name(name); 379 if (zcdndev) { 380 put_device(&zcdndev->device); 381 rc = -EEXIST; 382 goto unlockout; 383 } 384 } 385 386 /* find an unused minor number */ 387 for (i = 0; i < ZCRYPT_MAX_MINOR_NODES; i++) { 388 devt = MKDEV(MAJOR(zcrypt_devt), MINOR(zcrypt_devt) + i); 389 zcdndev = find_zcdndev_by_devt(devt); 390 if (zcdndev) 391 put_device(&zcdndev->device); 392 else 393 break; 394 } 395 if (i == ZCRYPT_MAX_MINOR_NODES) { 396 rc = -ENOSPC; 397 goto unlockout; 398 } 399 400 /* alloc and prepare a new zcdn device */ 401 zcdndev = kzalloc(sizeof(*zcdndev), GFP_KERNEL); 402 if (!zcdndev) { 403 rc = -ENOMEM; 404 goto unlockout; 405 } 406 zcdndev->device.release = zcdn_device_release; 407 zcdndev->device.class = zcrypt_class; 408 zcdndev->device.devt = devt; 409 zcdndev->device.groups = zcdn_dev_attr_groups; 410 if (name[0]) 411 strncpy(nodename, name, sizeof(nodename)); 412 else 413 snprintf(nodename, sizeof(nodename), 414 ZCRYPT_NAME "_%d", (int) MINOR(devt)); 415 nodename[sizeof(nodename)-1] = '\0'; 416 if (dev_set_name(&zcdndev->device, nodename)) { 417 rc = -EINVAL; 418 goto unlockout; 419 } 420 rc = device_register(&zcdndev->device); 421 if (rc) { 422 put_device(&zcdndev->device); 423 goto unlockout; 424 } 425 426 ZCRYPT_DBF(DBF_INFO, "created zcdn device %d:%d\n", 427 MAJOR(devt), MINOR(devt)); 428 429 unlockout: 430 mutex_unlock(&ap_perms_mutex); 431 return rc; 432 } 433 434 static int zcdn_destroy(const char *name) 435 { 436 int rc = 0; 437 struct zcdn_device *zcdndev; 438 439 if (mutex_lock_interruptible(&ap_perms_mutex)) 440 return -ERESTARTSYS; 441 442 /* try to find this zcdn device */ 443 zcdndev = find_zcdndev_by_name(name); 444 if (!zcdndev) { 445 rc = -ENOENT; 446 goto unlockout; 447 } 448 449 /* 450 * The zcdn device is not hard destroyed. It is subject to 451 * reference counting and thus just needs to be unregistered. 452 */ 453 put_device(&zcdndev->device); 454 device_unregister(&zcdndev->device); 455 456 unlockout: 457 mutex_unlock(&ap_perms_mutex); 458 return rc; 459 } 460 461 static void zcdn_destroy_all(void) 462 { 463 int i; 464 dev_t devt; 465 struct zcdn_device *zcdndev; 466 467 mutex_lock(&ap_perms_mutex); 468 for (i = 0; i < ZCRYPT_MAX_MINOR_NODES; i++) { 469 devt = MKDEV(MAJOR(zcrypt_devt), MINOR(zcrypt_devt) + i); 470 zcdndev = find_zcdndev_by_devt(devt); 471 if (zcdndev) { 472 put_device(&zcdndev->device); 473 device_unregister(&zcdndev->device); 474 } 475 } 476 mutex_unlock(&ap_perms_mutex); 477 } 478 479 #endif 480 481 /** 482 * zcrypt_read (): Not supported beyond zcrypt 1.3.1. 483 * 484 * This function is not supported beyond zcrypt 1.3.1. 485 */ 486 static ssize_t zcrypt_read(struct file *filp, char __user *buf, 487 size_t count, loff_t *f_pos) 488 { 489 return -EPERM; 490 } 491 492 /** 493 * zcrypt_write(): Not allowed. 494 * 495 * Write is is not allowed 496 */ 497 static ssize_t zcrypt_write(struct file *filp, const char __user *buf, 498 size_t count, loff_t *f_pos) 499 { 500 return -EPERM; 501 } 502 503 /** 504 * zcrypt_open(): Count number of users. 505 * 506 * Device open function to count number of users. 507 */ 508 static int zcrypt_open(struct inode *inode, struct file *filp) 509 { 510 struct ap_perms *perms = &ap_perms; 511 512 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 513 if (filp->f_inode->i_cdev == &zcrypt_cdev) { 514 struct zcdn_device *zcdndev; 515 516 if (mutex_lock_interruptible(&ap_perms_mutex)) 517 return -ERESTARTSYS; 518 zcdndev = find_zcdndev_by_devt(filp->f_inode->i_rdev); 519 /* find returns a reference, no get_device() needed */ 520 mutex_unlock(&ap_perms_mutex); 521 if (zcdndev) 522 perms = &zcdndev->perms; 523 } 524 #endif 525 filp->private_data = (void *) perms; 526 527 atomic_inc(&zcrypt_open_count); 528 return nonseekable_open(inode, filp); 529 } 530 531 /** 532 * zcrypt_release(): Count number of users. 533 * 534 * Device close function to count number of users. 535 */ 536 static int zcrypt_release(struct inode *inode, struct file *filp) 537 { 538 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 539 if (filp->f_inode->i_cdev == &zcrypt_cdev) { 540 struct zcdn_device *zcdndev; 541 542 if (mutex_lock_interruptible(&ap_perms_mutex)) 543 return -ERESTARTSYS; 544 zcdndev = find_zcdndev_by_devt(filp->f_inode->i_rdev); 545 mutex_unlock(&ap_perms_mutex); 546 if (zcdndev) { 547 /* 2 puts here: one for find, one for open */ 548 put_device(&zcdndev->device); 549 put_device(&zcdndev->device); 550 } 551 } 552 #endif 553 554 atomic_dec(&zcrypt_open_count); 555 return 0; 556 } 557 558 static inline int zcrypt_check_ioctl(struct ap_perms *perms, 559 unsigned int cmd) 560 { 561 int rc = -EPERM; 562 int ioctlnr = (cmd & _IOC_NRMASK) >> _IOC_NRSHIFT; 563 564 if (ioctlnr > 0 && ioctlnr < AP_IOCTLS) { 565 if (test_bit_inv(ioctlnr, perms->ioctlm)) 566 rc = 0; 567 } 568 569 if (rc) 570 ZCRYPT_DBF(DBF_WARN, 571 "ioctl check failed: ioctlnr=0x%04x rc=%d\n", 572 ioctlnr, rc); 573 574 return rc; 575 } 576 577 static inline bool zcrypt_check_card(struct ap_perms *perms, int card) 578 { 579 return test_bit_inv(card, perms->apm) ? true : false; 580 } 581 582 static inline bool zcrypt_check_queue(struct ap_perms *perms, int queue) 583 { 584 return test_bit_inv(queue, perms->aqm) ? true : false; 585 } 586 587 static inline struct zcrypt_queue *zcrypt_pick_queue(struct zcrypt_card *zc, 588 struct zcrypt_queue *zq, 589 unsigned int weight) 590 { 591 if (!zq || !try_module_get(zq->queue->ap_dev.drv->driver.owner)) 592 return NULL; 593 zcrypt_queue_get(zq); 594 get_device(&zq->queue->ap_dev.device); 595 atomic_add(weight, &zc->load); 596 atomic_add(weight, &zq->load); 597 zq->request_count++; 598 return zq; 599 } 600 601 static inline void zcrypt_drop_queue(struct zcrypt_card *zc, 602 struct zcrypt_queue *zq, 603 unsigned int weight) 604 { 605 struct module *mod = zq->queue->ap_dev.drv->driver.owner; 606 607 zq->request_count--; 608 atomic_sub(weight, &zc->load); 609 atomic_sub(weight, &zq->load); 610 put_device(&zq->queue->ap_dev.device); 611 zcrypt_queue_put(zq); 612 module_put(mod); 613 } 614 615 static inline bool zcrypt_card_compare(struct zcrypt_card *zc, 616 struct zcrypt_card *pref_zc, 617 unsigned int weight, 618 unsigned int pref_weight) 619 { 620 if (!pref_zc) 621 return false; 622 weight += atomic_read(&zc->load); 623 pref_weight += atomic_read(&pref_zc->load); 624 if (weight == pref_weight) 625 return atomic_read(&zc->card->total_request_count) > 626 atomic_read(&pref_zc->card->total_request_count); 627 return weight > pref_weight; 628 } 629 630 static inline bool zcrypt_queue_compare(struct zcrypt_queue *zq, 631 struct zcrypt_queue *pref_zq, 632 unsigned int weight, 633 unsigned int pref_weight) 634 { 635 if (!pref_zq) 636 return false; 637 weight += atomic_read(&zq->load); 638 pref_weight += atomic_read(&pref_zq->load); 639 if (weight == pref_weight) 640 return zq->queue->total_request_count > 641 pref_zq->queue->total_request_count; 642 return weight > pref_weight; 643 } 644 645 /* 646 * zcrypt ioctls. 647 */ 648 static long zcrypt_rsa_modexpo(struct ap_perms *perms, 649 struct ica_rsa_modexpo *mex) 650 { 651 struct zcrypt_card *zc, *pref_zc; 652 struct zcrypt_queue *zq, *pref_zq; 653 unsigned int weight, pref_weight; 654 unsigned int func_code; 655 int qid = 0, rc = -ENODEV; 656 657 trace_s390_zcrypt_req(mex, TP_ICARSAMODEXPO); 658 659 if (mex->outputdatalength < mex->inputdatalength) { 660 rc = -EINVAL; 661 goto out; 662 } 663 664 /* 665 * As long as outputdatalength is big enough, we can set the 666 * outputdatalength equal to the inputdatalength, since that is the 667 * number of bytes we will copy in any case 668 */ 669 mex->outputdatalength = mex->inputdatalength; 670 671 rc = get_rsa_modex_fc(mex, &func_code); 672 if (rc) 673 goto out; 674 675 pref_zc = NULL; 676 pref_zq = NULL; 677 spin_lock(&zcrypt_list_lock); 678 for_each_zcrypt_card(zc) { 679 /* Check for online accelarator and CCA cards */ 680 if (!zc->online || !(zc->card->functions & 0x18000000)) 681 continue; 682 /* Check for size limits */ 683 if (zc->min_mod_size > mex->inputdatalength || 684 zc->max_mod_size < mex->inputdatalength) 685 continue; 686 /* check if device node has admission for this card */ 687 if (!zcrypt_check_card(perms, zc->card->id)) 688 continue; 689 /* get weight index of the card device */ 690 weight = zc->speed_rating[func_code]; 691 if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight)) 692 continue; 693 for_each_zcrypt_queue(zq, zc) { 694 /* check if device is online and eligible */ 695 if (!zq->online || !zq->ops->rsa_modexpo) 696 continue; 697 /* check if device node has admission for this queue */ 698 if (!zcrypt_check_queue(perms, 699 AP_QID_QUEUE(zq->queue->qid))) 700 continue; 701 if (zcrypt_queue_compare(zq, pref_zq, 702 weight, pref_weight)) 703 continue; 704 pref_zc = zc; 705 pref_zq = zq; 706 pref_weight = weight; 707 } 708 } 709 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, weight); 710 spin_unlock(&zcrypt_list_lock); 711 712 if (!pref_zq) { 713 rc = -ENODEV; 714 goto out; 715 } 716 717 qid = pref_zq->queue->qid; 718 rc = pref_zq->ops->rsa_modexpo(pref_zq, mex); 719 720 spin_lock(&zcrypt_list_lock); 721 zcrypt_drop_queue(pref_zc, pref_zq, weight); 722 spin_unlock(&zcrypt_list_lock); 723 724 out: 725 trace_s390_zcrypt_rep(mex, func_code, rc, 726 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 727 return rc; 728 } 729 730 static long zcrypt_rsa_crt(struct ap_perms *perms, 731 struct ica_rsa_modexpo_crt *crt) 732 { 733 struct zcrypt_card *zc, *pref_zc; 734 struct zcrypt_queue *zq, *pref_zq; 735 unsigned int weight, pref_weight; 736 unsigned int func_code; 737 int qid = 0, rc = -ENODEV; 738 739 trace_s390_zcrypt_req(crt, TP_ICARSACRT); 740 741 if (crt->outputdatalength < crt->inputdatalength) { 742 rc = -EINVAL; 743 goto out; 744 } 745 746 /* 747 * As long as outputdatalength is big enough, we can set the 748 * outputdatalength equal to the inputdatalength, since that is the 749 * number of bytes we will copy in any case 750 */ 751 crt->outputdatalength = crt->inputdatalength; 752 753 rc = get_rsa_crt_fc(crt, &func_code); 754 if (rc) 755 goto out; 756 757 pref_zc = NULL; 758 pref_zq = NULL; 759 spin_lock(&zcrypt_list_lock); 760 for_each_zcrypt_card(zc) { 761 /* Check for online accelarator and CCA cards */ 762 if (!zc->online || !(zc->card->functions & 0x18000000)) 763 continue; 764 /* Check for size limits */ 765 if (zc->min_mod_size > crt->inputdatalength || 766 zc->max_mod_size < crt->inputdatalength) 767 continue; 768 /* check if device node has admission for this card */ 769 if (!zcrypt_check_card(perms, zc->card->id)) 770 continue; 771 /* get weight index of the card device */ 772 weight = zc->speed_rating[func_code]; 773 if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight)) 774 continue; 775 for_each_zcrypt_queue(zq, zc) { 776 /* check if device is online and eligible */ 777 if (!zq->online || !zq->ops->rsa_modexpo_crt) 778 continue; 779 /* check if device node has admission for this queue */ 780 if (!zcrypt_check_queue(perms, 781 AP_QID_QUEUE(zq->queue->qid))) 782 continue; 783 if (zcrypt_queue_compare(zq, pref_zq, 784 weight, pref_weight)) 785 continue; 786 pref_zc = zc; 787 pref_zq = zq; 788 pref_weight = weight; 789 } 790 } 791 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, weight); 792 spin_unlock(&zcrypt_list_lock); 793 794 if (!pref_zq) { 795 rc = -ENODEV; 796 goto out; 797 } 798 799 qid = pref_zq->queue->qid; 800 rc = pref_zq->ops->rsa_modexpo_crt(pref_zq, crt); 801 802 spin_lock(&zcrypt_list_lock); 803 zcrypt_drop_queue(pref_zc, pref_zq, weight); 804 spin_unlock(&zcrypt_list_lock); 805 806 out: 807 trace_s390_zcrypt_rep(crt, func_code, rc, 808 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 809 return rc; 810 } 811 812 static long _zcrypt_send_cprb(struct ap_perms *perms, 813 struct ica_xcRB *xcRB) 814 { 815 struct zcrypt_card *zc, *pref_zc; 816 struct zcrypt_queue *zq, *pref_zq; 817 struct ap_message ap_msg; 818 unsigned int weight, pref_weight; 819 unsigned int func_code; 820 unsigned short *domain; 821 int qid = 0, rc = -ENODEV; 822 823 trace_s390_zcrypt_req(xcRB, TB_ZSECSENDCPRB); 824 825 xcRB->status = 0; 826 ap_init_message(&ap_msg); 827 rc = get_cprb_fc(xcRB, &ap_msg, &func_code, &domain); 828 if (rc) 829 goto out; 830 831 pref_zc = NULL; 832 pref_zq = NULL; 833 spin_lock(&zcrypt_list_lock); 834 for_each_zcrypt_card(zc) { 835 /* Check for online CCA cards */ 836 if (!zc->online || !(zc->card->functions & 0x10000000)) 837 continue; 838 /* Check for user selected CCA card */ 839 if (xcRB->user_defined != AUTOSELECT && 840 xcRB->user_defined != zc->card->id) 841 continue; 842 /* check if device node has admission for this card */ 843 if (!zcrypt_check_card(perms, zc->card->id)) 844 continue; 845 /* get weight index of the card device */ 846 weight = speed_idx_cca(func_code) * zc->speed_rating[SECKEY]; 847 if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight)) 848 continue; 849 for_each_zcrypt_queue(zq, zc) { 850 /* check if device is online and eligible */ 851 if (!zq->online || 852 !zq->ops->send_cprb || 853 ((*domain != (unsigned short) AUTOSELECT) && 854 (*domain != AP_QID_QUEUE(zq->queue->qid)))) 855 continue; 856 /* check if device node has admission for this queue */ 857 if (!zcrypt_check_queue(perms, 858 AP_QID_QUEUE(zq->queue->qid))) 859 continue; 860 if (zcrypt_queue_compare(zq, pref_zq, 861 weight, pref_weight)) 862 continue; 863 pref_zc = zc; 864 pref_zq = zq; 865 pref_weight = weight; 866 } 867 } 868 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, weight); 869 spin_unlock(&zcrypt_list_lock); 870 871 if (!pref_zq) { 872 rc = -ENODEV; 873 goto out; 874 } 875 876 /* in case of auto select, provide the correct domain */ 877 qid = pref_zq->queue->qid; 878 if (*domain == (unsigned short) AUTOSELECT) 879 *domain = AP_QID_QUEUE(qid); 880 881 rc = pref_zq->ops->send_cprb(pref_zq, xcRB, &ap_msg); 882 883 spin_lock(&zcrypt_list_lock); 884 zcrypt_drop_queue(pref_zc, pref_zq, weight); 885 spin_unlock(&zcrypt_list_lock); 886 887 out: 888 ap_release_message(&ap_msg); 889 trace_s390_zcrypt_rep(xcRB, func_code, rc, 890 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 891 return rc; 892 } 893 894 long zcrypt_send_cprb(struct ica_xcRB *xcRB) 895 { 896 return _zcrypt_send_cprb(&ap_perms, xcRB); 897 } 898 EXPORT_SYMBOL(zcrypt_send_cprb); 899 900 static bool is_desired_ep11_card(unsigned int dev_id, 901 unsigned short target_num, 902 struct ep11_target_dev *targets) 903 { 904 while (target_num-- > 0) { 905 if (dev_id == targets->ap_id) 906 return true; 907 targets++; 908 } 909 return false; 910 } 911 912 static bool is_desired_ep11_queue(unsigned int dev_qid, 913 unsigned short target_num, 914 struct ep11_target_dev *targets) 915 { 916 while (target_num-- > 0) { 917 if (AP_MKQID(targets->ap_id, targets->dom_id) == dev_qid) 918 return true; 919 targets++; 920 } 921 return false; 922 } 923 924 static long zcrypt_send_ep11_cprb(struct ap_perms *perms, 925 struct ep11_urb *xcrb) 926 { 927 struct zcrypt_card *zc, *pref_zc; 928 struct zcrypt_queue *zq, *pref_zq; 929 struct ep11_target_dev *targets; 930 unsigned short target_num; 931 unsigned int weight, pref_weight; 932 unsigned int func_code; 933 struct ap_message ap_msg; 934 int qid = 0, rc = -ENODEV; 935 936 trace_s390_zcrypt_req(xcrb, TP_ZSENDEP11CPRB); 937 938 ap_init_message(&ap_msg); 939 940 target_num = (unsigned short) xcrb->targets_num; 941 942 /* empty list indicates autoselect (all available targets) */ 943 targets = NULL; 944 if (target_num != 0) { 945 struct ep11_target_dev __user *uptr; 946 947 targets = kcalloc(target_num, sizeof(*targets), GFP_KERNEL); 948 if (!targets) { 949 rc = -ENOMEM; 950 goto out; 951 } 952 953 uptr = (struct ep11_target_dev __force __user *) xcrb->targets; 954 if (copy_from_user(targets, uptr, 955 target_num * sizeof(*targets))) { 956 rc = -EFAULT; 957 goto out_free; 958 } 959 } 960 961 rc = get_ep11cprb_fc(xcrb, &ap_msg, &func_code); 962 if (rc) 963 goto out_free; 964 965 pref_zc = NULL; 966 pref_zq = NULL; 967 spin_lock(&zcrypt_list_lock); 968 for_each_zcrypt_card(zc) { 969 /* Check for online EP11 cards */ 970 if (!zc->online || !(zc->card->functions & 0x04000000)) 971 continue; 972 /* Check for user selected EP11 card */ 973 if (targets && 974 !is_desired_ep11_card(zc->card->id, target_num, targets)) 975 continue; 976 /* check if device node has admission for this card */ 977 if (!zcrypt_check_card(perms, zc->card->id)) 978 continue; 979 /* get weight index of the card device */ 980 weight = speed_idx_ep11(func_code) * zc->speed_rating[SECKEY]; 981 if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight)) 982 continue; 983 for_each_zcrypt_queue(zq, zc) { 984 /* check if device is online and eligible */ 985 if (!zq->online || 986 !zq->ops->send_ep11_cprb || 987 (targets && 988 !is_desired_ep11_queue(zq->queue->qid, 989 target_num, targets))) 990 continue; 991 /* check if device node has admission for this queue */ 992 if (!zcrypt_check_queue(perms, 993 AP_QID_QUEUE(zq->queue->qid))) 994 continue; 995 if (zcrypt_queue_compare(zq, pref_zq, 996 weight, pref_weight)) 997 continue; 998 pref_zc = zc; 999 pref_zq = zq; 1000 pref_weight = weight; 1001 } 1002 } 1003 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, weight); 1004 spin_unlock(&zcrypt_list_lock); 1005 1006 if (!pref_zq) { 1007 rc = -ENODEV; 1008 goto out_free; 1009 } 1010 1011 qid = pref_zq->queue->qid; 1012 rc = pref_zq->ops->send_ep11_cprb(pref_zq, xcrb, &ap_msg); 1013 1014 spin_lock(&zcrypt_list_lock); 1015 zcrypt_drop_queue(pref_zc, pref_zq, weight); 1016 spin_unlock(&zcrypt_list_lock); 1017 1018 out_free: 1019 kfree(targets); 1020 out: 1021 ap_release_message(&ap_msg); 1022 trace_s390_zcrypt_rep(xcrb, func_code, rc, 1023 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 1024 return rc; 1025 } 1026 1027 static long zcrypt_rng(char *buffer) 1028 { 1029 struct zcrypt_card *zc, *pref_zc; 1030 struct zcrypt_queue *zq, *pref_zq; 1031 unsigned int weight, pref_weight; 1032 unsigned int func_code; 1033 struct ap_message ap_msg; 1034 unsigned int domain; 1035 int qid = 0, rc = -ENODEV; 1036 1037 trace_s390_zcrypt_req(buffer, TP_HWRNGCPRB); 1038 1039 ap_init_message(&ap_msg); 1040 rc = get_rng_fc(&ap_msg, &func_code, &domain); 1041 if (rc) 1042 goto out; 1043 1044 pref_zc = NULL; 1045 pref_zq = NULL; 1046 spin_lock(&zcrypt_list_lock); 1047 for_each_zcrypt_card(zc) { 1048 /* Check for online CCA cards */ 1049 if (!zc->online || !(zc->card->functions & 0x10000000)) 1050 continue; 1051 /* get weight index of the card device */ 1052 weight = zc->speed_rating[func_code]; 1053 if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight)) 1054 continue; 1055 for_each_zcrypt_queue(zq, zc) { 1056 /* check if device is online and eligible */ 1057 if (!zq->online || !zq->ops->rng) 1058 continue; 1059 if (zcrypt_queue_compare(zq, pref_zq, 1060 weight, pref_weight)) 1061 continue; 1062 pref_zc = zc; 1063 pref_zq = zq; 1064 pref_weight = weight; 1065 } 1066 } 1067 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, weight); 1068 spin_unlock(&zcrypt_list_lock); 1069 1070 if (!pref_zq) { 1071 rc = -ENODEV; 1072 goto out; 1073 } 1074 1075 qid = pref_zq->queue->qid; 1076 rc = pref_zq->ops->rng(pref_zq, buffer, &ap_msg); 1077 1078 spin_lock(&zcrypt_list_lock); 1079 zcrypt_drop_queue(pref_zc, pref_zq, weight); 1080 spin_unlock(&zcrypt_list_lock); 1081 1082 out: 1083 ap_release_message(&ap_msg); 1084 trace_s390_zcrypt_rep(buffer, func_code, rc, 1085 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 1086 return rc; 1087 } 1088 1089 static void zcrypt_device_status_mask(struct zcrypt_device_status *devstatus) 1090 { 1091 struct zcrypt_card *zc; 1092 struct zcrypt_queue *zq; 1093 struct zcrypt_device_status *stat; 1094 int card, queue; 1095 1096 memset(devstatus, 0, MAX_ZDEV_ENTRIES 1097 * sizeof(struct zcrypt_device_status)); 1098 1099 spin_lock(&zcrypt_list_lock); 1100 for_each_zcrypt_card(zc) { 1101 for_each_zcrypt_queue(zq, zc) { 1102 card = AP_QID_CARD(zq->queue->qid); 1103 if (card >= MAX_ZDEV_CARDIDS) 1104 continue; 1105 queue = AP_QID_QUEUE(zq->queue->qid); 1106 stat = &devstatus[card * AP_DOMAINS + queue]; 1107 stat->hwtype = zc->card->ap_dev.device_type; 1108 stat->functions = zc->card->functions >> 26; 1109 stat->qid = zq->queue->qid; 1110 stat->online = zq->online ? 0x01 : 0x00; 1111 } 1112 } 1113 spin_unlock(&zcrypt_list_lock); 1114 } 1115 1116 void zcrypt_device_status_mask_ext(struct zcrypt_device_status_ext *devstatus) 1117 { 1118 struct zcrypt_card *zc; 1119 struct zcrypt_queue *zq; 1120 struct zcrypt_device_status_ext *stat; 1121 int card, queue; 1122 1123 memset(devstatus, 0, MAX_ZDEV_ENTRIES_EXT 1124 * sizeof(struct zcrypt_device_status_ext)); 1125 1126 spin_lock(&zcrypt_list_lock); 1127 for_each_zcrypt_card(zc) { 1128 for_each_zcrypt_queue(zq, zc) { 1129 card = AP_QID_CARD(zq->queue->qid); 1130 queue = AP_QID_QUEUE(zq->queue->qid); 1131 stat = &devstatus[card * AP_DOMAINS + queue]; 1132 stat->hwtype = zc->card->ap_dev.device_type; 1133 stat->functions = zc->card->functions >> 26; 1134 stat->qid = zq->queue->qid; 1135 stat->online = zq->online ? 0x01 : 0x00; 1136 } 1137 } 1138 spin_unlock(&zcrypt_list_lock); 1139 } 1140 EXPORT_SYMBOL(zcrypt_device_status_mask_ext); 1141 1142 static void zcrypt_status_mask(char status[], size_t max_adapters) 1143 { 1144 struct zcrypt_card *zc; 1145 struct zcrypt_queue *zq; 1146 int card; 1147 1148 memset(status, 0, max_adapters); 1149 spin_lock(&zcrypt_list_lock); 1150 for_each_zcrypt_card(zc) { 1151 for_each_zcrypt_queue(zq, zc) { 1152 card = AP_QID_CARD(zq->queue->qid); 1153 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index 1154 || card >= max_adapters) 1155 continue; 1156 status[card] = zc->online ? zc->user_space_type : 0x0d; 1157 } 1158 } 1159 spin_unlock(&zcrypt_list_lock); 1160 } 1161 1162 static void zcrypt_qdepth_mask(char qdepth[], size_t max_adapters) 1163 { 1164 struct zcrypt_card *zc; 1165 struct zcrypt_queue *zq; 1166 int card; 1167 1168 memset(qdepth, 0, max_adapters); 1169 spin_lock(&zcrypt_list_lock); 1170 local_bh_disable(); 1171 for_each_zcrypt_card(zc) { 1172 for_each_zcrypt_queue(zq, zc) { 1173 card = AP_QID_CARD(zq->queue->qid); 1174 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index 1175 || card >= max_adapters) 1176 continue; 1177 spin_lock(&zq->queue->lock); 1178 qdepth[card] = 1179 zq->queue->pendingq_count + 1180 zq->queue->requestq_count; 1181 spin_unlock(&zq->queue->lock); 1182 } 1183 } 1184 local_bh_enable(); 1185 spin_unlock(&zcrypt_list_lock); 1186 } 1187 1188 static void zcrypt_perdev_reqcnt(int reqcnt[], size_t max_adapters) 1189 { 1190 struct zcrypt_card *zc; 1191 struct zcrypt_queue *zq; 1192 int card; 1193 1194 memset(reqcnt, 0, sizeof(int) * max_adapters); 1195 spin_lock(&zcrypt_list_lock); 1196 local_bh_disable(); 1197 for_each_zcrypt_card(zc) { 1198 for_each_zcrypt_queue(zq, zc) { 1199 card = AP_QID_CARD(zq->queue->qid); 1200 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index 1201 || card >= max_adapters) 1202 continue; 1203 spin_lock(&zq->queue->lock); 1204 reqcnt[card] = zq->queue->total_request_count; 1205 spin_unlock(&zq->queue->lock); 1206 } 1207 } 1208 local_bh_enable(); 1209 spin_unlock(&zcrypt_list_lock); 1210 } 1211 1212 static int zcrypt_pendingq_count(void) 1213 { 1214 struct zcrypt_card *zc; 1215 struct zcrypt_queue *zq; 1216 int pendingq_count; 1217 1218 pendingq_count = 0; 1219 spin_lock(&zcrypt_list_lock); 1220 local_bh_disable(); 1221 for_each_zcrypt_card(zc) { 1222 for_each_zcrypt_queue(zq, zc) { 1223 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index) 1224 continue; 1225 spin_lock(&zq->queue->lock); 1226 pendingq_count += zq->queue->pendingq_count; 1227 spin_unlock(&zq->queue->lock); 1228 } 1229 } 1230 local_bh_enable(); 1231 spin_unlock(&zcrypt_list_lock); 1232 return pendingq_count; 1233 } 1234 1235 static int zcrypt_requestq_count(void) 1236 { 1237 struct zcrypt_card *zc; 1238 struct zcrypt_queue *zq; 1239 int requestq_count; 1240 1241 requestq_count = 0; 1242 spin_lock(&zcrypt_list_lock); 1243 local_bh_disable(); 1244 for_each_zcrypt_card(zc) { 1245 for_each_zcrypt_queue(zq, zc) { 1246 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index) 1247 continue; 1248 spin_lock(&zq->queue->lock); 1249 requestq_count += zq->queue->requestq_count; 1250 spin_unlock(&zq->queue->lock); 1251 } 1252 } 1253 local_bh_enable(); 1254 spin_unlock(&zcrypt_list_lock); 1255 return requestq_count; 1256 } 1257 1258 static long zcrypt_unlocked_ioctl(struct file *filp, unsigned int cmd, 1259 unsigned long arg) 1260 { 1261 int rc; 1262 struct ap_perms *perms = 1263 (struct ap_perms *) filp->private_data; 1264 1265 rc = zcrypt_check_ioctl(perms, cmd); 1266 if (rc) 1267 return rc; 1268 1269 switch (cmd) { 1270 case ICARSAMODEXPO: { 1271 struct ica_rsa_modexpo __user *umex = (void __user *) arg; 1272 struct ica_rsa_modexpo mex; 1273 1274 if (copy_from_user(&mex, umex, sizeof(mex))) 1275 return -EFAULT; 1276 do { 1277 rc = zcrypt_rsa_modexpo(perms, &mex); 1278 } while (rc == -EAGAIN); 1279 /* on failure: retry once again after a requested rescan */ 1280 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1281 do { 1282 rc = zcrypt_rsa_modexpo(perms, &mex); 1283 } while (rc == -EAGAIN); 1284 if (rc) { 1285 ZCRYPT_DBF(DBF_DEBUG, "ioctl ICARSAMODEXPO rc=%d\n", rc); 1286 return rc; 1287 } 1288 return put_user(mex.outputdatalength, &umex->outputdatalength); 1289 } 1290 case ICARSACRT: { 1291 struct ica_rsa_modexpo_crt __user *ucrt = (void __user *) arg; 1292 struct ica_rsa_modexpo_crt crt; 1293 1294 if (copy_from_user(&crt, ucrt, sizeof(crt))) 1295 return -EFAULT; 1296 do { 1297 rc = zcrypt_rsa_crt(perms, &crt); 1298 } while (rc == -EAGAIN); 1299 /* on failure: retry once again after a requested rescan */ 1300 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1301 do { 1302 rc = zcrypt_rsa_crt(perms, &crt); 1303 } while (rc == -EAGAIN); 1304 if (rc) { 1305 ZCRYPT_DBF(DBF_DEBUG, "ioctl ICARSACRT rc=%d\n", rc); 1306 return rc; 1307 } 1308 return put_user(crt.outputdatalength, &ucrt->outputdatalength); 1309 } 1310 case ZSECSENDCPRB: { 1311 struct ica_xcRB __user *uxcRB = (void __user *) arg; 1312 struct ica_xcRB xcRB; 1313 1314 if (copy_from_user(&xcRB, uxcRB, sizeof(xcRB))) 1315 return -EFAULT; 1316 do { 1317 rc = _zcrypt_send_cprb(perms, &xcRB); 1318 } while (rc == -EAGAIN); 1319 /* on failure: retry once again after a requested rescan */ 1320 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1321 do { 1322 rc = _zcrypt_send_cprb(perms, &xcRB); 1323 } while (rc == -EAGAIN); 1324 if (rc) 1325 ZCRYPT_DBF(DBF_DEBUG, "ioctl ZSENDCPRB rc=%d status=0x%x\n", 1326 rc, xcRB.status); 1327 if (copy_to_user(uxcRB, &xcRB, sizeof(xcRB))) 1328 return -EFAULT; 1329 return rc; 1330 } 1331 case ZSENDEP11CPRB: { 1332 struct ep11_urb __user *uxcrb = (void __user *)arg; 1333 struct ep11_urb xcrb; 1334 1335 if (copy_from_user(&xcrb, uxcrb, sizeof(xcrb))) 1336 return -EFAULT; 1337 do { 1338 rc = zcrypt_send_ep11_cprb(perms, &xcrb); 1339 } while (rc == -EAGAIN); 1340 /* on failure: retry once again after a requested rescan */ 1341 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1342 do { 1343 rc = zcrypt_send_ep11_cprb(perms, &xcrb); 1344 } while (rc == -EAGAIN); 1345 if (rc) 1346 ZCRYPT_DBF(DBF_DEBUG, "ioctl ZSENDEP11CPRB rc=%d\n", rc); 1347 if (copy_to_user(uxcrb, &xcrb, sizeof(xcrb))) 1348 return -EFAULT; 1349 return rc; 1350 } 1351 case ZCRYPT_DEVICE_STATUS: { 1352 struct zcrypt_device_status_ext *device_status; 1353 size_t total_size = MAX_ZDEV_ENTRIES_EXT 1354 * sizeof(struct zcrypt_device_status_ext); 1355 1356 device_status = kzalloc(total_size, GFP_KERNEL); 1357 if (!device_status) 1358 return -ENOMEM; 1359 zcrypt_device_status_mask_ext(device_status); 1360 if (copy_to_user((char __user *) arg, device_status, 1361 total_size)) 1362 rc = -EFAULT; 1363 kfree(device_status); 1364 return rc; 1365 } 1366 case ZCRYPT_STATUS_MASK: { 1367 char status[AP_DEVICES]; 1368 1369 zcrypt_status_mask(status, AP_DEVICES); 1370 if (copy_to_user((char __user *) arg, status, sizeof(status))) 1371 return -EFAULT; 1372 return 0; 1373 } 1374 case ZCRYPT_QDEPTH_MASK: { 1375 char qdepth[AP_DEVICES]; 1376 1377 zcrypt_qdepth_mask(qdepth, AP_DEVICES); 1378 if (copy_to_user((char __user *) arg, qdepth, sizeof(qdepth))) 1379 return -EFAULT; 1380 return 0; 1381 } 1382 case ZCRYPT_PERDEV_REQCNT: { 1383 int *reqcnt; 1384 1385 reqcnt = kcalloc(AP_DEVICES, sizeof(int), GFP_KERNEL); 1386 if (!reqcnt) 1387 return -ENOMEM; 1388 zcrypt_perdev_reqcnt(reqcnt, AP_DEVICES); 1389 if (copy_to_user((int __user *) arg, reqcnt, sizeof(reqcnt))) 1390 rc = -EFAULT; 1391 kfree(reqcnt); 1392 return rc; 1393 } 1394 case Z90STAT_REQUESTQ_COUNT: 1395 return put_user(zcrypt_requestq_count(), (int __user *) arg); 1396 case Z90STAT_PENDINGQ_COUNT: 1397 return put_user(zcrypt_pendingq_count(), (int __user *) arg); 1398 case Z90STAT_TOTALOPEN_COUNT: 1399 return put_user(atomic_read(&zcrypt_open_count), 1400 (int __user *) arg); 1401 case Z90STAT_DOMAIN_INDEX: 1402 return put_user(ap_domain_index, (int __user *) arg); 1403 /* 1404 * Deprecated ioctls 1405 */ 1406 case ZDEVICESTATUS: { 1407 /* the old ioctl supports only 64 adapters */ 1408 struct zcrypt_device_status *device_status; 1409 size_t total_size = MAX_ZDEV_ENTRIES 1410 * sizeof(struct zcrypt_device_status); 1411 1412 device_status = kzalloc(total_size, GFP_KERNEL); 1413 if (!device_status) 1414 return -ENOMEM; 1415 zcrypt_device_status_mask(device_status); 1416 if (copy_to_user((char __user *) arg, device_status, 1417 total_size)) 1418 rc = -EFAULT; 1419 kfree(device_status); 1420 return rc; 1421 } 1422 case Z90STAT_STATUS_MASK: { 1423 /* the old ioctl supports only 64 adapters */ 1424 char status[MAX_ZDEV_CARDIDS]; 1425 1426 zcrypt_status_mask(status, MAX_ZDEV_CARDIDS); 1427 if (copy_to_user((char __user *) arg, status, sizeof(status))) 1428 return -EFAULT; 1429 return 0; 1430 } 1431 case Z90STAT_QDEPTH_MASK: { 1432 /* the old ioctl supports only 64 adapters */ 1433 char qdepth[MAX_ZDEV_CARDIDS]; 1434 1435 zcrypt_qdepth_mask(qdepth, MAX_ZDEV_CARDIDS); 1436 if (copy_to_user((char __user *) arg, qdepth, sizeof(qdepth))) 1437 return -EFAULT; 1438 return 0; 1439 } 1440 case Z90STAT_PERDEV_REQCNT: { 1441 /* the old ioctl supports only 64 adapters */ 1442 int reqcnt[MAX_ZDEV_CARDIDS]; 1443 1444 zcrypt_perdev_reqcnt(reqcnt, MAX_ZDEV_CARDIDS); 1445 if (copy_to_user((int __user *) arg, reqcnt, sizeof(reqcnt))) 1446 return -EFAULT; 1447 return 0; 1448 } 1449 /* unknown ioctl number */ 1450 default: 1451 ZCRYPT_DBF(DBF_DEBUG, "unknown ioctl 0x%08x\n", cmd); 1452 return -ENOIOCTLCMD; 1453 } 1454 } 1455 1456 #ifdef CONFIG_COMPAT 1457 /* 1458 * ioctl32 conversion routines 1459 */ 1460 struct compat_ica_rsa_modexpo { 1461 compat_uptr_t inputdata; 1462 unsigned int inputdatalength; 1463 compat_uptr_t outputdata; 1464 unsigned int outputdatalength; 1465 compat_uptr_t b_key; 1466 compat_uptr_t n_modulus; 1467 }; 1468 1469 static long trans_modexpo32(struct ap_perms *perms, struct file *filp, 1470 unsigned int cmd, unsigned long arg) 1471 { 1472 struct compat_ica_rsa_modexpo __user *umex32 = compat_ptr(arg); 1473 struct compat_ica_rsa_modexpo mex32; 1474 struct ica_rsa_modexpo mex64; 1475 long rc; 1476 1477 if (copy_from_user(&mex32, umex32, sizeof(mex32))) 1478 return -EFAULT; 1479 mex64.inputdata = compat_ptr(mex32.inputdata); 1480 mex64.inputdatalength = mex32.inputdatalength; 1481 mex64.outputdata = compat_ptr(mex32.outputdata); 1482 mex64.outputdatalength = mex32.outputdatalength; 1483 mex64.b_key = compat_ptr(mex32.b_key); 1484 mex64.n_modulus = compat_ptr(mex32.n_modulus); 1485 do { 1486 rc = zcrypt_rsa_modexpo(perms, &mex64); 1487 } while (rc == -EAGAIN); 1488 /* on failure: retry once again after a requested rescan */ 1489 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1490 do { 1491 rc = zcrypt_rsa_modexpo(perms, &mex64); 1492 } while (rc == -EAGAIN); 1493 if (rc) 1494 return rc; 1495 return put_user(mex64.outputdatalength, 1496 &umex32->outputdatalength); 1497 } 1498 1499 struct compat_ica_rsa_modexpo_crt { 1500 compat_uptr_t inputdata; 1501 unsigned int inputdatalength; 1502 compat_uptr_t outputdata; 1503 unsigned int outputdatalength; 1504 compat_uptr_t bp_key; 1505 compat_uptr_t bq_key; 1506 compat_uptr_t np_prime; 1507 compat_uptr_t nq_prime; 1508 compat_uptr_t u_mult_inv; 1509 }; 1510 1511 static long trans_modexpo_crt32(struct ap_perms *perms, struct file *filp, 1512 unsigned int cmd, unsigned long arg) 1513 { 1514 struct compat_ica_rsa_modexpo_crt __user *ucrt32 = compat_ptr(arg); 1515 struct compat_ica_rsa_modexpo_crt crt32; 1516 struct ica_rsa_modexpo_crt crt64; 1517 long rc; 1518 1519 if (copy_from_user(&crt32, ucrt32, sizeof(crt32))) 1520 return -EFAULT; 1521 crt64.inputdata = compat_ptr(crt32.inputdata); 1522 crt64.inputdatalength = crt32.inputdatalength; 1523 crt64.outputdata = compat_ptr(crt32.outputdata); 1524 crt64.outputdatalength = crt32.outputdatalength; 1525 crt64.bp_key = compat_ptr(crt32.bp_key); 1526 crt64.bq_key = compat_ptr(crt32.bq_key); 1527 crt64.np_prime = compat_ptr(crt32.np_prime); 1528 crt64.nq_prime = compat_ptr(crt32.nq_prime); 1529 crt64.u_mult_inv = compat_ptr(crt32.u_mult_inv); 1530 do { 1531 rc = zcrypt_rsa_crt(perms, &crt64); 1532 } while (rc == -EAGAIN); 1533 /* on failure: retry once again after a requested rescan */ 1534 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1535 do { 1536 rc = zcrypt_rsa_crt(perms, &crt64); 1537 } while (rc == -EAGAIN); 1538 if (rc) 1539 return rc; 1540 return put_user(crt64.outputdatalength, 1541 &ucrt32->outputdatalength); 1542 } 1543 1544 struct compat_ica_xcRB { 1545 unsigned short agent_ID; 1546 unsigned int user_defined; 1547 unsigned short request_ID; 1548 unsigned int request_control_blk_length; 1549 unsigned char padding1[16 - sizeof(compat_uptr_t)]; 1550 compat_uptr_t request_control_blk_addr; 1551 unsigned int request_data_length; 1552 char padding2[16 - sizeof(compat_uptr_t)]; 1553 compat_uptr_t request_data_address; 1554 unsigned int reply_control_blk_length; 1555 char padding3[16 - sizeof(compat_uptr_t)]; 1556 compat_uptr_t reply_control_blk_addr; 1557 unsigned int reply_data_length; 1558 char padding4[16 - sizeof(compat_uptr_t)]; 1559 compat_uptr_t reply_data_addr; 1560 unsigned short priority_window; 1561 unsigned int status; 1562 } __packed; 1563 1564 static long trans_xcRB32(struct ap_perms *perms, struct file *filp, 1565 unsigned int cmd, unsigned long arg) 1566 { 1567 struct compat_ica_xcRB __user *uxcRB32 = compat_ptr(arg); 1568 struct compat_ica_xcRB xcRB32; 1569 struct ica_xcRB xcRB64; 1570 long rc; 1571 1572 if (copy_from_user(&xcRB32, uxcRB32, sizeof(xcRB32))) 1573 return -EFAULT; 1574 xcRB64.agent_ID = xcRB32.agent_ID; 1575 xcRB64.user_defined = xcRB32.user_defined; 1576 xcRB64.request_ID = xcRB32.request_ID; 1577 xcRB64.request_control_blk_length = 1578 xcRB32.request_control_blk_length; 1579 xcRB64.request_control_blk_addr = 1580 compat_ptr(xcRB32.request_control_blk_addr); 1581 xcRB64.request_data_length = 1582 xcRB32.request_data_length; 1583 xcRB64.request_data_address = 1584 compat_ptr(xcRB32.request_data_address); 1585 xcRB64.reply_control_blk_length = 1586 xcRB32.reply_control_blk_length; 1587 xcRB64.reply_control_blk_addr = 1588 compat_ptr(xcRB32.reply_control_blk_addr); 1589 xcRB64.reply_data_length = xcRB32.reply_data_length; 1590 xcRB64.reply_data_addr = 1591 compat_ptr(xcRB32.reply_data_addr); 1592 xcRB64.priority_window = xcRB32.priority_window; 1593 xcRB64.status = xcRB32.status; 1594 do { 1595 rc = _zcrypt_send_cprb(perms, &xcRB64); 1596 } while (rc == -EAGAIN); 1597 /* on failure: retry once again after a requested rescan */ 1598 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1599 do { 1600 rc = _zcrypt_send_cprb(perms, &xcRB64); 1601 } while (rc == -EAGAIN); 1602 xcRB32.reply_control_blk_length = xcRB64.reply_control_blk_length; 1603 xcRB32.reply_data_length = xcRB64.reply_data_length; 1604 xcRB32.status = xcRB64.status; 1605 if (copy_to_user(uxcRB32, &xcRB32, sizeof(xcRB32))) 1606 return -EFAULT; 1607 return rc; 1608 } 1609 1610 static long zcrypt_compat_ioctl(struct file *filp, unsigned int cmd, 1611 unsigned long arg) 1612 { 1613 int rc; 1614 struct ap_perms *perms = 1615 (struct ap_perms *) filp->private_data; 1616 1617 rc = zcrypt_check_ioctl(perms, cmd); 1618 if (rc) 1619 return rc; 1620 1621 if (cmd == ICARSAMODEXPO) 1622 return trans_modexpo32(perms, filp, cmd, arg); 1623 if (cmd == ICARSACRT) 1624 return trans_modexpo_crt32(perms, filp, cmd, arg); 1625 if (cmd == ZSECSENDCPRB) 1626 return trans_xcRB32(perms, filp, cmd, arg); 1627 return zcrypt_unlocked_ioctl(filp, cmd, arg); 1628 } 1629 #endif 1630 1631 /* 1632 * Misc device file operations. 1633 */ 1634 static const struct file_operations zcrypt_fops = { 1635 .owner = THIS_MODULE, 1636 .read = zcrypt_read, 1637 .write = zcrypt_write, 1638 .unlocked_ioctl = zcrypt_unlocked_ioctl, 1639 #ifdef CONFIG_COMPAT 1640 .compat_ioctl = zcrypt_compat_ioctl, 1641 #endif 1642 .open = zcrypt_open, 1643 .release = zcrypt_release, 1644 .llseek = no_llseek, 1645 }; 1646 1647 /* 1648 * Misc device. 1649 */ 1650 static struct miscdevice zcrypt_misc_device = { 1651 .minor = MISC_DYNAMIC_MINOR, 1652 .name = "z90crypt", 1653 .fops = &zcrypt_fops, 1654 }; 1655 1656 static int zcrypt_rng_device_count; 1657 static u32 *zcrypt_rng_buffer; 1658 static int zcrypt_rng_buffer_index; 1659 static DEFINE_MUTEX(zcrypt_rng_mutex); 1660 1661 static int zcrypt_rng_data_read(struct hwrng *rng, u32 *data) 1662 { 1663 int rc; 1664 1665 /* 1666 * We don't need locking here because the RNG API guarantees serialized 1667 * read method calls. 1668 */ 1669 if (zcrypt_rng_buffer_index == 0) { 1670 rc = zcrypt_rng((char *) zcrypt_rng_buffer); 1671 /* on failure: retry once again after a requested rescan */ 1672 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1673 rc = zcrypt_rng((char *) zcrypt_rng_buffer); 1674 if (rc < 0) 1675 return -EIO; 1676 zcrypt_rng_buffer_index = rc / sizeof(*data); 1677 } 1678 *data = zcrypt_rng_buffer[--zcrypt_rng_buffer_index]; 1679 return sizeof(*data); 1680 } 1681 1682 static struct hwrng zcrypt_rng_dev = { 1683 .name = "zcrypt", 1684 .data_read = zcrypt_rng_data_read, 1685 .quality = 990, 1686 }; 1687 1688 int zcrypt_rng_device_add(void) 1689 { 1690 int rc = 0; 1691 1692 mutex_lock(&zcrypt_rng_mutex); 1693 if (zcrypt_rng_device_count == 0) { 1694 zcrypt_rng_buffer = (u32 *) get_zeroed_page(GFP_KERNEL); 1695 if (!zcrypt_rng_buffer) { 1696 rc = -ENOMEM; 1697 goto out; 1698 } 1699 zcrypt_rng_buffer_index = 0; 1700 if (!zcrypt_hwrng_seed) 1701 zcrypt_rng_dev.quality = 0; 1702 rc = hwrng_register(&zcrypt_rng_dev); 1703 if (rc) 1704 goto out_free; 1705 zcrypt_rng_device_count = 1; 1706 } else 1707 zcrypt_rng_device_count++; 1708 mutex_unlock(&zcrypt_rng_mutex); 1709 return 0; 1710 1711 out_free: 1712 free_page((unsigned long) zcrypt_rng_buffer); 1713 out: 1714 mutex_unlock(&zcrypt_rng_mutex); 1715 return rc; 1716 } 1717 1718 void zcrypt_rng_device_remove(void) 1719 { 1720 mutex_lock(&zcrypt_rng_mutex); 1721 zcrypt_rng_device_count--; 1722 if (zcrypt_rng_device_count == 0) { 1723 hwrng_unregister(&zcrypt_rng_dev); 1724 free_page((unsigned long) zcrypt_rng_buffer); 1725 } 1726 mutex_unlock(&zcrypt_rng_mutex); 1727 } 1728 1729 int __init zcrypt_debug_init(void) 1730 { 1731 zcrypt_dbf_info = debug_register("zcrypt", 1, 1, 1732 DBF_MAX_SPRINTF_ARGS * sizeof(long)); 1733 debug_register_view(zcrypt_dbf_info, &debug_sprintf_view); 1734 debug_set_level(zcrypt_dbf_info, DBF_ERR); 1735 1736 return 0; 1737 } 1738 1739 void zcrypt_debug_exit(void) 1740 { 1741 debug_unregister(zcrypt_dbf_info); 1742 } 1743 1744 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 1745 1746 static int __init zcdn_init(void) 1747 { 1748 int rc; 1749 1750 /* create a new class 'zcrypt' */ 1751 zcrypt_class = class_create(THIS_MODULE, ZCRYPT_NAME); 1752 if (IS_ERR(zcrypt_class)) { 1753 rc = PTR_ERR(zcrypt_class); 1754 goto out_class_create_failed; 1755 } 1756 zcrypt_class->dev_release = zcdn_device_release; 1757 1758 /* alloc device minor range */ 1759 rc = alloc_chrdev_region(&zcrypt_devt, 1760 0, ZCRYPT_MAX_MINOR_NODES, 1761 ZCRYPT_NAME); 1762 if (rc) 1763 goto out_alloc_chrdev_failed; 1764 1765 cdev_init(&zcrypt_cdev, &zcrypt_fops); 1766 zcrypt_cdev.owner = THIS_MODULE; 1767 rc = cdev_add(&zcrypt_cdev, zcrypt_devt, ZCRYPT_MAX_MINOR_NODES); 1768 if (rc) 1769 goto out_cdev_add_failed; 1770 1771 /* need some class specific sysfs attributes */ 1772 rc = class_create_file(zcrypt_class, &class_attr_zcdn_create); 1773 if (rc) 1774 goto out_class_create_file_1_failed; 1775 rc = class_create_file(zcrypt_class, &class_attr_zcdn_destroy); 1776 if (rc) 1777 goto out_class_create_file_2_failed; 1778 1779 return 0; 1780 1781 out_class_create_file_2_failed: 1782 class_remove_file(zcrypt_class, &class_attr_zcdn_create); 1783 out_class_create_file_1_failed: 1784 cdev_del(&zcrypt_cdev); 1785 out_cdev_add_failed: 1786 unregister_chrdev_region(zcrypt_devt, ZCRYPT_MAX_MINOR_NODES); 1787 out_alloc_chrdev_failed: 1788 class_destroy(zcrypt_class); 1789 out_class_create_failed: 1790 return rc; 1791 } 1792 1793 static void zcdn_exit(void) 1794 { 1795 class_remove_file(zcrypt_class, &class_attr_zcdn_create); 1796 class_remove_file(zcrypt_class, &class_attr_zcdn_destroy); 1797 zcdn_destroy_all(); 1798 cdev_del(&zcrypt_cdev); 1799 unregister_chrdev_region(zcrypt_devt, ZCRYPT_MAX_MINOR_NODES); 1800 class_destroy(zcrypt_class); 1801 } 1802 1803 #endif 1804 1805 /** 1806 * zcrypt_api_init(): Module initialization. 1807 * 1808 * The module initialization code. 1809 */ 1810 int __init zcrypt_api_init(void) 1811 { 1812 int rc; 1813 1814 rc = zcrypt_debug_init(); 1815 if (rc) 1816 goto out; 1817 1818 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 1819 rc = zcdn_init(); 1820 if (rc) 1821 goto out; 1822 #endif 1823 1824 /* Register the request sprayer. */ 1825 rc = misc_register(&zcrypt_misc_device); 1826 if (rc < 0) 1827 goto out_misc_register_failed; 1828 1829 zcrypt_msgtype6_init(); 1830 zcrypt_msgtype50_init(); 1831 1832 return 0; 1833 1834 out_misc_register_failed: 1835 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 1836 zcdn_exit(); 1837 #endif 1838 zcrypt_debug_exit(); 1839 out: 1840 return rc; 1841 } 1842 1843 /** 1844 * zcrypt_api_exit(): Module termination. 1845 * 1846 * The module termination code. 1847 */ 1848 void __exit zcrypt_api_exit(void) 1849 { 1850 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 1851 zcdn_exit(); 1852 #endif 1853 misc_deregister(&zcrypt_misc_device); 1854 zcrypt_msgtype6_exit(); 1855 zcrypt_msgtype50_exit(); 1856 zcrypt_debug_exit(); 1857 } 1858 1859 module_init(zcrypt_api_init); 1860 module_exit(zcrypt_api_exit); 1861