1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright IBM Corp. 2001, 2018 4 * Author(s): Robert Burroughs 5 * Eric Rossman (edrossma@us.ibm.com) 6 * Cornelia Huck <cornelia.huck@de.ibm.com> 7 * 8 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com) 9 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com> 10 * Ralph Wuerthner <rwuerthn@de.ibm.com> 11 * MSGTYPE restruct: Holger Dengler <hd@linux.vnet.ibm.com> 12 * Multiple device nodes: Harald Freudenberger <freude@linux.ibm.com> 13 */ 14 15 #include <linux/module.h> 16 #include <linux/init.h> 17 #include <linux/interrupt.h> 18 #include <linux/miscdevice.h> 19 #include <linux/fs.h> 20 #include <linux/compat.h> 21 #include <linux/slab.h> 22 #include <linux/atomic.h> 23 #include <linux/uaccess.h> 24 #include <linux/hw_random.h> 25 #include <linux/debugfs.h> 26 #include <linux/cdev.h> 27 #include <linux/ctype.h> 28 #include <linux/capability.h> 29 #include <asm/debug.h> 30 31 #define CREATE_TRACE_POINTS 32 #include <asm/trace/zcrypt.h> 33 34 #include "zcrypt_api.h" 35 #include "zcrypt_debug.h" 36 37 #include "zcrypt_msgtype6.h" 38 #include "zcrypt_msgtype50.h" 39 #include "zcrypt_ccamisc.h" 40 #include "zcrypt_ep11misc.h" 41 42 /* 43 * Module description. 44 */ 45 MODULE_AUTHOR("IBM Corporation"); 46 MODULE_DESCRIPTION("Cryptographic Coprocessor interface, " \ 47 "Copyright IBM Corp. 2001, 2012"); 48 MODULE_LICENSE("GPL"); 49 50 /* 51 * zcrypt tracepoint functions 52 */ 53 EXPORT_TRACEPOINT_SYMBOL(s390_zcrypt_req); 54 EXPORT_TRACEPOINT_SYMBOL(s390_zcrypt_rep); 55 56 static int zcrypt_hwrng_seed = 1; 57 module_param_named(hwrng_seed, zcrypt_hwrng_seed, int, 0440); 58 MODULE_PARM_DESC(hwrng_seed, "Turn on/off hwrng auto seed, default is 1 (on)."); 59 60 DEFINE_SPINLOCK(zcrypt_list_lock); 61 LIST_HEAD(zcrypt_card_list); 62 63 static atomic_t zcrypt_open_count = ATOMIC_INIT(0); 64 static atomic_t zcrypt_rescan_count = ATOMIC_INIT(0); 65 66 atomic_t zcrypt_rescan_req = ATOMIC_INIT(0); 67 EXPORT_SYMBOL(zcrypt_rescan_req); 68 69 static LIST_HEAD(zcrypt_ops_list); 70 71 /* Zcrypt related debug feature stuff. */ 72 debug_info_t *zcrypt_dbf_info; 73 74 /* 75 * Process a rescan of the transport layer. 76 * 77 * Returns 1, if the rescan has been processed, otherwise 0. 78 */ 79 static inline int zcrypt_process_rescan(void) 80 { 81 if (atomic_read(&zcrypt_rescan_req)) { 82 atomic_set(&zcrypt_rescan_req, 0); 83 atomic_inc(&zcrypt_rescan_count); 84 ap_bus_force_rescan(); 85 ZCRYPT_DBF_INFO("%s rescan count=%07d\n", __func__, 86 atomic_inc_return(&zcrypt_rescan_count)); 87 return 1; 88 } 89 return 0; 90 } 91 92 void zcrypt_msgtype_register(struct zcrypt_ops *zops) 93 { 94 list_add_tail(&zops->list, &zcrypt_ops_list); 95 } 96 97 void zcrypt_msgtype_unregister(struct zcrypt_ops *zops) 98 { 99 list_del_init(&zops->list); 100 } 101 102 struct zcrypt_ops *zcrypt_msgtype(unsigned char *name, int variant) 103 { 104 struct zcrypt_ops *zops; 105 106 list_for_each_entry(zops, &zcrypt_ops_list, list) 107 if ((zops->variant == variant) && 108 (!strncmp(zops->name, name, sizeof(zops->name)))) 109 return zops; 110 return NULL; 111 } 112 EXPORT_SYMBOL(zcrypt_msgtype); 113 114 /* 115 * Multi device nodes extension functions. 116 */ 117 118 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 119 120 struct zcdn_device; 121 122 static struct class *zcrypt_class; 123 static dev_t zcrypt_devt; 124 static struct cdev zcrypt_cdev; 125 126 struct zcdn_device { 127 struct device device; 128 struct ap_perms perms; 129 }; 130 131 #define to_zcdn_dev(x) container_of((x), struct zcdn_device, device) 132 133 #define ZCDN_MAX_NAME 32 134 135 static int zcdn_create(const char *name); 136 static int zcdn_destroy(const char *name); 137 138 /* 139 * Find zcdn device by name. 140 * Returns reference to the zcdn device which needs to be released 141 * with put_device() after use. 142 */ 143 static inline struct zcdn_device *find_zcdndev_by_name(const char *name) 144 { 145 struct device *dev = class_find_device_by_name(zcrypt_class, name); 146 147 return dev ? to_zcdn_dev(dev) : NULL; 148 } 149 150 /* 151 * Find zcdn device by devt value. 152 * Returns reference to the zcdn device which needs to be released 153 * with put_device() after use. 154 */ 155 static inline struct zcdn_device *find_zcdndev_by_devt(dev_t devt) 156 { 157 struct device *dev = class_find_device_by_devt(zcrypt_class, devt); 158 159 return dev ? to_zcdn_dev(dev) : NULL; 160 } 161 162 static ssize_t ioctlmask_show(struct device *dev, 163 struct device_attribute *attr, 164 char *buf) 165 { 166 int i, rc; 167 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 168 169 if (mutex_lock_interruptible(&ap_perms_mutex)) 170 return -ERESTARTSYS; 171 172 buf[0] = '0'; 173 buf[1] = 'x'; 174 for (i = 0; i < sizeof(zcdndev->perms.ioctlm) / sizeof(long); i++) 175 snprintf(buf + 2 + 2 * i * sizeof(long), 176 PAGE_SIZE - 2 - 2 * i * sizeof(long), 177 "%016lx", zcdndev->perms.ioctlm[i]); 178 buf[2 + 2 * i * sizeof(long)] = '\n'; 179 buf[2 + 2 * i * sizeof(long) + 1] = '\0'; 180 rc = 2 + 2 * i * sizeof(long) + 1; 181 182 mutex_unlock(&ap_perms_mutex); 183 184 return rc; 185 } 186 187 static ssize_t ioctlmask_store(struct device *dev, 188 struct device_attribute *attr, 189 const char *buf, size_t count) 190 { 191 int rc; 192 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 193 194 rc = ap_parse_mask_str(buf, zcdndev->perms.ioctlm, 195 AP_IOCTLS, &ap_perms_mutex); 196 if (rc) 197 return rc; 198 199 return count; 200 } 201 202 static DEVICE_ATTR_RW(ioctlmask); 203 204 static ssize_t apmask_show(struct device *dev, 205 struct device_attribute *attr, 206 char *buf) 207 { 208 int i, rc; 209 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 210 211 if (mutex_lock_interruptible(&ap_perms_mutex)) 212 return -ERESTARTSYS; 213 214 buf[0] = '0'; 215 buf[1] = 'x'; 216 for (i = 0; i < sizeof(zcdndev->perms.apm) / sizeof(long); i++) 217 snprintf(buf + 2 + 2 * i * sizeof(long), 218 PAGE_SIZE - 2 - 2 * i * sizeof(long), 219 "%016lx", zcdndev->perms.apm[i]); 220 buf[2 + 2 * i * sizeof(long)] = '\n'; 221 buf[2 + 2 * i * sizeof(long) + 1] = '\0'; 222 rc = 2 + 2 * i * sizeof(long) + 1; 223 224 mutex_unlock(&ap_perms_mutex); 225 226 return rc; 227 } 228 229 static ssize_t apmask_store(struct device *dev, 230 struct device_attribute *attr, 231 const char *buf, size_t count) 232 { 233 int rc; 234 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 235 236 rc = ap_parse_mask_str(buf, zcdndev->perms.apm, 237 AP_DEVICES, &ap_perms_mutex); 238 if (rc) 239 return rc; 240 241 return count; 242 } 243 244 static DEVICE_ATTR_RW(apmask); 245 246 static ssize_t aqmask_show(struct device *dev, 247 struct device_attribute *attr, 248 char *buf) 249 { 250 int i, rc; 251 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 252 253 if (mutex_lock_interruptible(&ap_perms_mutex)) 254 return -ERESTARTSYS; 255 256 buf[0] = '0'; 257 buf[1] = 'x'; 258 for (i = 0; i < sizeof(zcdndev->perms.aqm) / sizeof(long); i++) 259 snprintf(buf + 2 + 2 * i * sizeof(long), 260 PAGE_SIZE - 2 - 2 * i * sizeof(long), 261 "%016lx", zcdndev->perms.aqm[i]); 262 buf[2 + 2 * i * sizeof(long)] = '\n'; 263 buf[2 + 2 * i * sizeof(long) + 1] = '\0'; 264 rc = 2 + 2 * i * sizeof(long) + 1; 265 266 mutex_unlock(&ap_perms_mutex); 267 268 return rc; 269 } 270 271 static ssize_t aqmask_store(struct device *dev, 272 struct device_attribute *attr, 273 const char *buf, size_t count) 274 { 275 int rc; 276 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 277 278 rc = ap_parse_mask_str(buf, zcdndev->perms.aqm, 279 AP_DOMAINS, &ap_perms_mutex); 280 if (rc) 281 return rc; 282 283 return count; 284 } 285 286 static DEVICE_ATTR_RW(aqmask); 287 288 static struct attribute *zcdn_dev_attrs[] = { 289 &dev_attr_ioctlmask.attr, 290 &dev_attr_apmask.attr, 291 &dev_attr_aqmask.attr, 292 NULL 293 }; 294 295 static struct attribute_group zcdn_dev_attr_group = { 296 .attrs = zcdn_dev_attrs 297 }; 298 299 static const struct attribute_group *zcdn_dev_attr_groups[] = { 300 &zcdn_dev_attr_group, 301 NULL 302 }; 303 304 static ssize_t zcdn_create_store(struct class *class, 305 struct class_attribute *attr, 306 const char *buf, size_t count) 307 { 308 int rc; 309 char name[ZCDN_MAX_NAME]; 310 311 strncpy(name, skip_spaces(buf), sizeof(name)); 312 name[sizeof(name) - 1] = '\0'; 313 314 rc = zcdn_create(strim(name)); 315 316 return rc ? rc : count; 317 } 318 319 static const struct class_attribute class_attr_zcdn_create = 320 __ATTR(create, 0600, NULL, zcdn_create_store); 321 322 static ssize_t zcdn_destroy_store(struct class *class, 323 struct class_attribute *attr, 324 const char *buf, size_t count) 325 { 326 int rc; 327 char name[ZCDN_MAX_NAME]; 328 329 strncpy(name, skip_spaces(buf), sizeof(name)); 330 name[sizeof(name) - 1] = '\0'; 331 332 rc = zcdn_destroy(strim(name)); 333 334 return rc ? rc : count; 335 } 336 337 static const struct class_attribute class_attr_zcdn_destroy = 338 __ATTR(destroy, 0600, NULL, zcdn_destroy_store); 339 340 static void zcdn_device_release(struct device *dev) 341 { 342 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 343 344 ZCRYPT_DBF_INFO("%s releasing zcdn device %d:%d\n", 345 __func__, MAJOR(dev->devt), MINOR(dev->devt)); 346 347 kfree(zcdndev); 348 } 349 350 static int zcdn_create(const char *name) 351 { 352 dev_t devt; 353 int i, rc = 0; 354 char nodename[ZCDN_MAX_NAME]; 355 struct zcdn_device *zcdndev; 356 357 if (mutex_lock_interruptible(&ap_perms_mutex)) 358 return -ERESTARTSYS; 359 360 /* check if device node with this name already exists */ 361 if (name[0]) { 362 zcdndev = find_zcdndev_by_name(name); 363 if (zcdndev) { 364 put_device(&zcdndev->device); 365 rc = -EEXIST; 366 goto unlockout; 367 } 368 } 369 370 /* find an unused minor number */ 371 for (i = 0; i < ZCRYPT_MAX_MINOR_NODES; i++) { 372 devt = MKDEV(MAJOR(zcrypt_devt), MINOR(zcrypt_devt) + i); 373 zcdndev = find_zcdndev_by_devt(devt); 374 if (zcdndev) 375 put_device(&zcdndev->device); 376 else 377 break; 378 } 379 if (i == ZCRYPT_MAX_MINOR_NODES) { 380 rc = -ENOSPC; 381 goto unlockout; 382 } 383 384 /* alloc and prepare a new zcdn device */ 385 zcdndev = kzalloc(sizeof(*zcdndev), GFP_KERNEL); 386 if (!zcdndev) { 387 rc = -ENOMEM; 388 goto unlockout; 389 } 390 zcdndev->device.release = zcdn_device_release; 391 zcdndev->device.class = zcrypt_class; 392 zcdndev->device.devt = devt; 393 zcdndev->device.groups = zcdn_dev_attr_groups; 394 if (name[0]) 395 strncpy(nodename, name, sizeof(nodename)); 396 else 397 snprintf(nodename, sizeof(nodename), 398 ZCRYPT_NAME "_%d", (int) MINOR(devt)); 399 nodename[sizeof(nodename)-1] = '\0'; 400 if (dev_set_name(&zcdndev->device, nodename)) { 401 rc = -EINVAL; 402 goto unlockout; 403 } 404 rc = device_register(&zcdndev->device); 405 if (rc) { 406 put_device(&zcdndev->device); 407 goto unlockout; 408 } 409 410 ZCRYPT_DBF_INFO("%s created zcdn device %d:%d\n", 411 __func__, MAJOR(devt), MINOR(devt)); 412 413 unlockout: 414 mutex_unlock(&ap_perms_mutex); 415 return rc; 416 } 417 418 static int zcdn_destroy(const char *name) 419 { 420 int rc = 0; 421 struct zcdn_device *zcdndev; 422 423 if (mutex_lock_interruptible(&ap_perms_mutex)) 424 return -ERESTARTSYS; 425 426 /* try to find this zcdn device */ 427 zcdndev = find_zcdndev_by_name(name); 428 if (!zcdndev) { 429 rc = -ENOENT; 430 goto unlockout; 431 } 432 433 /* 434 * The zcdn device is not hard destroyed. It is subject to 435 * reference counting and thus just needs to be unregistered. 436 */ 437 put_device(&zcdndev->device); 438 device_unregister(&zcdndev->device); 439 440 unlockout: 441 mutex_unlock(&ap_perms_mutex); 442 return rc; 443 } 444 445 static void zcdn_destroy_all(void) 446 { 447 int i; 448 dev_t devt; 449 struct zcdn_device *zcdndev; 450 451 mutex_lock(&ap_perms_mutex); 452 for (i = 0; i < ZCRYPT_MAX_MINOR_NODES; i++) { 453 devt = MKDEV(MAJOR(zcrypt_devt), MINOR(zcrypt_devt) + i); 454 zcdndev = find_zcdndev_by_devt(devt); 455 if (zcdndev) { 456 put_device(&zcdndev->device); 457 device_unregister(&zcdndev->device); 458 } 459 } 460 mutex_unlock(&ap_perms_mutex); 461 } 462 463 #endif 464 465 /* 466 * zcrypt_read (): Not supported beyond zcrypt 1.3.1. 467 * 468 * This function is not supported beyond zcrypt 1.3.1. 469 */ 470 static ssize_t zcrypt_read(struct file *filp, char __user *buf, 471 size_t count, loff_t *f_pos) 472 { 473 return -EPERM; 474 } 475 476 /* 477 * zcrypt_write(): Not allowed. 478 * 479 * Write is is not allowed 480 */ 481 static ssize_t zcrypt_write(struct file *filp, const char __user *buf, 482 size_t count, loff_t *f_pos) 483 { 484 return -EPERM; 485 } 486 487 /* 488 * zcrypt_open(): Count number of users. 489 * 490 * Device open function to count number of users. 491 */ 492 static int zcrypt_open(struct inode *inode, struct file *filp) 493 { 494 struct ap_perms *perms = &ap_perms; 495 496 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 497 if (filp->f_inode->i_cdev == &zcrypt_cdev) { 498 struct zcdn_device *zcdndev; 499 500 if (mutex_lock_interruptible(&ap_perms_mutex)) 501 return -ERESTARTSYS; 502 zcdndev = find_zcdndev_by_devt(filp->f_inode->i_rdev); 503 /* find returns a reference, no get_device() needed */ 504 mutex_unlock(&ap_perms_mutex); 505 if (zcdndev) 506 perms = &zcdndev->perms; 507 } 508 #endif 509 filp->private_data = (void *) perms; 510 511 atomic_inc(&zcrypt_open_count); 512 return stream_open(inode, filp); 513 } 514 515 /* 516 * zcrypt_release(): Count number of users. 517 * 518 * Device close function to count number of users. 519 */ 520 static int zcrypt_release(struct inode *inode, struct file *filp) 521 { 522 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 523 if (filp->f_inode->i_cdev == &zcrypt_cdev) { 524 struct zcdn_device *zcdndev; 525 526 mutex_lock(&ap_perms_mutex); 527 zcdndev = find_zcdndev_by_devt(filp->f_inode->i_rdev); 528 mutex_unlock(&ap_perms_mutex); 529 if (zcdndev) { 530 /* 2 puts here: one for find, one for open */ 531 put_device(&zcdndev->device); 532 put_device(&zcdndev->device); 533 } 534 } 535 #endif 536 537 atomic_dec(&zcrypt_open_count); 538 return 0; 539 } 540 541 static inline int zcrypt_check_ioctl(struct ap_perms *perms, 542 unsigned int cmd) 543 { 544 int rc = -EPERM; 545 int ioctlnr = (cmd & _IOC_NRMASK) >> _IOC_NRSHIFT; 546 547 if (ioctlnr > 0 && ioctlnr < AP_IOCTLS) { 548 if (test_bit_inv(ioctlnr, perms->ioctlm)) 549 rc = 0; 550 } 551 552 if (rc) 553 ZCRYPT_DBF_WARN("%s ioctl check failed: ioctlnr=0x%04x rc=%d\n", 554 __func__, ioctlnr, rc); 555 556 return rc; 557 } 558 559 static inline bool zcrypt_check_card(struct ap_perms *perms, int card) 560 { 561 return test_bit_inv(card, perms->apm) ? true : false; 562 } 563 564 static inline bool zcrypt_check_queue(struct ap_perms *perms, int queue) 565 { 566 return test_bit_inv(queue, perms->aqm) ? true : false; 567 } 568 569 static inline struct zcrypt_queue *zcrypt_pick_queue(struct zcrypt_card *zc, 570 struct zcrypt_queue *zq, 571 struct module **pmod, 572 unsigned int weight) 573 { 574 if (!zq || !try_module_get(zq->queue->ap_dev.device.driver->owner)) 575 return NULL; 576 zcrypt_queue_get(zq); 577 get_device(&zq->queue->ap_dev.device); 578 atomic_add(weight, &zc->load); 579 atomic_add(weight, &zq->load); 580 zq->request_count++; 581 *pmod = zq->queue->ap_dev.device.driver->owner; 582 return zq; 583 } 584 585 static inline void zcrypt_drop_queue(struct zcrypt_card *zc, 586 struct zcrypt_queue *zq, 587 struct module *mod, 588 unsigned int weight) 589 { 590 zq->request_count--; 591 atomic_sub(weight, &zc->load); 592 atomic_sub(weight, &zq->load); 593 put_device(&zq->queue->ap_dev.device); 594 zcrypt_queue_put(zq); 595 module_put(mod); 596 } 597 598 static inline bool zcrypt_card_compare(struct zcrypt_card *zc, 599 struct zcrypt_card *pref_zc, 600 unsigned int weight, 601 unsigned int pref_weight) 602 { 603 if (!pref_zc) 604 return true; 605 weight += atomic_read(&zc->load); 606 pref_weight += atomic_read(&pref_zc->load); 607 if (weight == pref_weight) 608 return atomic64_read(&zc->card->total_request_count) < 609 atomic64_read(&pref_zc->card->total_request_count); 610 return weight < pref_weight; 611 } 612 613 static inline bool zcrypt_queue_compare(struct zcrypt_queue *zq, 614 struct zcrypt_queue *pref_zq, 615 unsigned int weight, 616 unsigned int pref_weight) 617 { 618 if (!pref_zq) 619 return true; 620 weight += atomic_read(&zq->load); 621 pref_weight += atomic_read(&pref_zq->load); 622 if (weight == pref_weight) 623 return zq->queue->total_request_count < 624 pref_zq->queue->total_request_count; 625 return weight < pref_weight; 626 } 627 628 /* 629 * zcrypt ioctls. 630 */ 631 static long zcrypt_rsa_modexpo(struct ap_perms *perms, 632 struct zcrypt_track *tr, 633 struct ica_rsa_modexpo *mex) 634 { 635 struct zcrypt_card *zc, *pref_zc; 636 struct zcrypt_queue *zq, *pref_zq; 637 struct ap_message ap_msg; 638 unsigned int wgt = 0, pref_wgt = 0; 639 unsigned int func_code; 640 int cpen, qpen, qid = 0, rc = -ENODEV; 641 struct module *mod; 642 643 trace_s390_zcrypt_req(mex, TP_ICARSAMODEXPO); 644 645 ap_init_message(&ap_msg); 646 647 #ifdef CONFIG_ZCRYPT_DEBUG 648 if (tr && tr->fi.cmd) 649 ap_msg.fi.cmd = tr->fi.cmd; 650 #endif 651 652 if (mex->outputdatalength < mex->inputdatalength) { 653 func_code = 0; 654 rc = -EINVAL; 655 goto out; 656 } 657 658 /* 659 * As long as outputdatalength is big enough, we can set the 660 * outputdatalength equal to the inputdatalength, since that is the 661 * number of bytes we will copy in any case 662 */ 663 mex->outputdatalength = mex->inputdatalength; 664 665 rc = get_rsa_modex_fc(mex, &func_code); 666 if (rc) 667 goto out; 668 669 pref_zc = NULL; 670 pref_zq = NULL; 671 spin_lock(&zcrypt_list_lock); 672 for_each_zcrypt_card(zc) { 673 /* Check for useable accelarator or CCA card */ 674 if (!zc->online || !zc->card->config || 675 !(zc->card->functions & 0x18000000)) 676 continue; 677 /* Check for size limits */ 678 if (zc->min_mod_size > mex->inputdatalength || 679 zc->max_mod_size < mex->inputdatalength) 680 continue; 681 /* check if device node has admission for this card */ 682 if (!zcrypt_check_card(perms, zc->card->id)) 683 continue; 684 /* get weight index of the card device */ 685 wgt = zc->speed_rating[func_code]; 686 /* penalty if this msg was previously sent via this card */ 687 cpen = (tr && tr->again_counter && tr->last_qid && 688 AP_QID_CARD(tr->last_qid) == zc->card->id) ? 689 TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0; 690 if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt)) 691 continue; 692 for_each_zcrypt_queue(zq, zc) { 693 /* check if device is useable and eligible */ 694 if (!zq->online || !zq->ops->rsa_modexpo || 695 !zq->queue->config) 696 continue; 697 /* check if device node has admission for this queue */ 698 if (!zcrypt_check_queue(perms, 699 AP_QID_QUEUE(zq->queue->qid))) 700 continue; 701 /* penalty if the msg was previously sent at this qid */ 702 qpen = (tr && tr->again_counter && tr->last_qid && 703 tr->last_qid == zq->queue->qid) ? 704 TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0; 705 if (!zcrypt_queue_compare(zq, pref_zq, 706 wgt + cpen + qpen, pref_wgt)) 707 continue; 708 pref_zc = zc; 709 pref_zq = zq; 710 pref_wgt = wgt + cpen + qpen; 711 } 712 } 713 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt); 714 spin_unlock(&zcrypt_list_lock); 715 716 if (!pref_zq) { 717 rc = -ENODEV; 718 goto out; 719 } 720 721 qid = pref_zq->queue->qid; 722 rc = pref_zq->ops->rsa_modexpo(pref_zq, mex, &ap_msg); 723 724 spin_lock(&zcrypt_list_lock); 725 zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt); 726 spin_unlock(&zcrypt_list_lock); 727 728 out: 729 ap_release_message(&ap_msg); 730 if (tr) { 731 tr->last_rc = rc; 732 tr->last_qid = qid; 733 } 734 trace_s390_zcrypt_rep(mex, func_code, rc, 735 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 736 return rc; 737 } 738 739 static long zcrypt_rsa_crt(struct ap_perms *perms, 740 struct zcrypt_track *tr, 741 struct ica_rsa_modexpo_crt *crt) 742 { 743 struct zcrypt_card *zc, *pref_zc; 744 struct zcrypt_queue *zq, *pref_zq; 745 struct ap_message ap_msg; 746 unsigned int wgt = 0, pref_wgt = 0; 747 unsigned int func_code; 748 int cpen, qpen, qid = 0, rc = -ENODEV; 749 struct module *mod; 750 751 trace_s390_zcrypt_req(crt, TP_ICARSACRT); 752 753 ap_init_message(&ap_msg); 754 755 #ifdef CONFIG_ZCRYPT_DEBUG 756 if (tr && tr->fi.cmd) 757 ap_msg.fi.cmd = tr->fi.cmd; 758 #endif 759 760 if (crt->outputdatalength < crt->inputdatalength) { 761 func_code = 0; 762 rc = -EINVAL; 763 goto out; 764 } 765 766 /* 767 * As long as outputdatalength is big enough, we can set the 768 * outputdatalength equal to the inputdatalength, since that is the 769 * number of bytes we will copy in any case 770 */ 771 crt->outputdatalength = crt->inputdatalength; 772 773 rc = get_rsa_crt_fc(crt, &func_code); 774 if (rc) 775 goto out; 776 777 pref_zc = NULL; 778 pref_zq = NULL; 779 spin_lock(&zcrypt_list_lock); 780 for_each_zcrypt_card(zc) { 781 /* Check for useable accelarator or CCA card */ 782 if (!zc->online || !zc->card->config || 783 !(zc->card->functions & 0x18000000)) 784 continue; 785 /* Check for size limits */ 786 if (zc->min_mod_size > crt->inputdatalength || 787 zc->max_mod_size < crt->inputdatalength) 788 continue; 789 /* check if device node has admission for this card */ 790 if (!zcrypt_check_card(perms, zc->card->id)) 791 continue; 792 /* get weight index of the card device */ 793 wgt = zc->speed_rating[func_code]; 794 /* penalty if this msg was previously sent via this card */ 795 cpen = (tr && tr->again_counter && tr->last_qid && 796 AP_QID_CARD(tr->last_qid) == zc->card->id) ? 797 TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0; 798 if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt)) 799 continue; 800 for_each_zcrypt_queue(zq, zc) { 801 /* check if device is useable and eligible */ 802 if (!zq->online || !zq->ops->rsa_modexpo_crt || 803 !zq->queue->config) 804 continue; 805 /* check if device node has admission for this queue */ 806 if (!zcrypt_check_queue(perms, 807 AP_QID_QUEUE(zq->queue->qid))) 808 continue; 809 /* penalty if the msg was previously sent at this qid */ 810 qpen = (tr && tr->again_counter && tr->last_qid && 811 tr->last_qid == zq->queue->qid) ? 812 TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0; 813 if (!zcrypt_queue_compare(zq, pref_zq, 814 wgt + cpen + qpen, pref_wgt)) 815 continue; 816 pref_zc = zc; 817 pref_zq = zq; 818 pref_wgt = wgt + cpen + qpen; 819 } 820 } 821 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt); 822 spin_unlock(&zcrypt_list_lock); 823 824 if (!pref_zq) { 825 rc = -ENODEV; 826 goto out; 827 } 828 829 qid = pref_zq->queue->qid; 830 rc = pref_zq->ops->rsa_modexpo_crt(pref_zq, crt, &ap_msg); 831 832 spin_lock(&zcrypt_list_lock); 833 zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt); 834 spin_unlock(&zcrypt_list_lock); 835 836 out: 837 ap_release_message(&ap_msg); 838 if (tr) { 839 tr->last_rc = rc; 840 tr->last_qid = qid; 841 } 842 trace_s390_zcrypt_rep(crt, func_code, rc, 843 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 844 return rc; 845 } 846 847 static long _zcrypt_send_cprb(bool userspace, struct ap_perms *perms, 848 struct zcrypt_track *tr, 849 struct ica_xcRB *xcRB) 850 { 851 struct zcrypt_card *zc, *pref_zc; 852 struct zcrypt_queue *zq, *pref_zq; 853 struct ap_message ap_msg; 854 unsigned int wgt = 0, pref_wgt = 0; 855 unsigned int func_code; 856 unsigned short *domain, tdom; 857 int cpen, qpen, qid = 0, rc = -ENODEV; 858 struct module *mod; 859 860 trace_s390_zcrypt_req(xcRB, TB_ZSECSENDCPRB); 861 862 xcRB->status = 0; 863 ap_init_message(&ap_msg); 864 865 #ifdef CONFIG_ZCRYPT_DEBUG 866 if (tr && tr->fi.cmd) 867 ap_msg.fi.cmd = tr->fi.cmd; 868 if (tr && tr->fi.action == AP_FI_ACTION_CCA_AGENT_FF) { 869 ZCRYPT_DBF_WARN("%s fi cmd 0x%04x: forcing invalid agent_ID 'FF'\n", 870 __func__, tr->fi.cmd); 871 xcRB->agent_ID = 0x4646; 872 } 873 #endif 874 875 rc = get_cprb_fc(userspace, xcRB, &ap_msg, &func_code, &domain); 876 if (rc) 877 goto out; 878 879 /* 880 * If a valid target domain is set and this domain is NOT a usage 881 * domain but a control only domain, use the default domain as target. 882 */ 883 tdom = *domain; 884 if (tdom < AP_DOMAINS && 885 !ap_test_config_usage_domain(tdom) && 886 ap_test_config_ctrl_domain(tdom) && 887 ap_domain_index >= 0) 888 tdom = ap_domain_index; 889 890 pref_zc = NULL; 891 pref_zq = NULL; 892 spin_lock(&zcrypt_list_lock); 893 for_each_zcrypt_card(zc) { 894 /* Check for useable CCA card */ 895 if (!zc->online || !zc->card->config || 896 !(zc->card->functions & 0x10000000)) 897 continue; 898 /* Check for user selected CCA card */ 899 if (xcRB->user_defined != AUTOSELECT && 900 xcRB->user_defined != zc->card->id) 901 continue; 902 /* check if request size exceeds card max msg size */ 903 if (ap_msg.len > zc->card->maxmsgsize) 904 continue; 905 /* check if device node has admission for this card */ 906 if (!zcrypt_check_card(perms, zc->card->id)) 907 continue; 908 /* get weight index of the card device */ 909 wgt = speed_idx_cca(func_code) * zc->speed_rating[SECKEY]; 910 /* penalty if this msg was previously sent via this card */ 911 cpen = (tr && tr->again_counter && tr->last_qid && 912 AP_QID_CARD(tr->last_qid) == zc->card->id) ? 913 TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0; 914 if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt)) 915 continue; 916 for_each_zcrypt_queue(zq, zc) { 917 /* check for device useable and eligible */ 918 if (!zq->online || 919 !zq->ops->send_cprb || 920 !zq->queue->config || 921 (tdom != AUTOSEL_DOM && 922 tdom != AP_QID_QUEUE(zq->queue->qid))) 923 continue; 924 /* check if device node has admission for this queue */ 925 if (!zcrypt_check_queue(perms, 926 AP_QID_QUEUE(zq->queue->qid))) 927 continue; 928 /* penalty if the msg was previously sent at this qid */ 929 qpen = (tr && tr->again_counter && tr->last_qid && 930 tr->last_qid == zq->queue->qid) ? 931 TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0; 932 if (!zcrypt_queue_compare(zq, pref_zq, 933 wgt + cpen + qpen, pref_wgt)) 934 continue; 935 pref_zc = zc; 936 pref_zq = zq; 937 pref_wgt = wgt + cpen + qpen; 938 } 939 } 940 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt); 941 spin_unlock(&zcrypt_list_lock); 942 943 if (!pref_zq) { 944 rc = -ENODEV; 945 goto out; 946 } 947 948 /* in case of auto select, provide the correct domain */ 949 qid = pref_zq->queue->qid; 950 if (*domain == AUTOSEL_DOM) 951 *domain = AP_QID_QUEUE(qid); 952 953 #ifdef CONFIG_ZCRYPT_DEBUG 954 if (tr && tr->fi.action == AP_FI_ACTION_CCA_DOM_INVAL) { 955 ZCRYPT_DBF_WARN("%s fi cmd 0x%04x: forcing invalid domain\n", 956 __func__, tr->fi.cmd); 957 *domain = 99; 958 } 959 #endif 960 961 rc = pref_zq->ops->send_cprb(userspace, pref_zq, xcRB, &ap_msg); 962 963 spin_lock(&zcrypt_list_lock); 964 zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt); 965 spin_unlock(&zcrypt_list_lock); 966 967 out: 968 ap_release_message(&ap_msg); 969 if (tr) { 970 tr->last_rc = rc; 971 tr->last_qid = qid; 972 } 973 trace_s390_zcrypt_rep(xcRB, func_code, rc, 974 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 975 return rc; 976 } 977 978 long zcrypt_send_cprb(struct ica_xcRB *xcRB) 979 { 980 return _zcrypt_send_cprb(false, &ap_perms, NULL, xcRB); 981 } 982 EXPORT_SYMBOL(zcrypt_send_cprb); 983 984 static bool is_desired_ep11_card(unsigned int dev_id, 985 unsigned short target_num, 986 struct ep11_target_dev *targets) 987 { 988 while (target_num-- > 0) { 989 if (targets->ap_id == dev_id || targets->ap_id == AUTOSEL_AP) 990 return true; 991 targets++; 992 } 993 return false; 994 } 995 996 static bool is_desired_ep11_queue(unsigned int dev_qid, 997 unsigned short target_num, 998 struct ep11_target_dev *targets) 999 { 1000 int card = AP_QID_CARD(dev_qid), dom = AP_QID_QUEUE(dev_qid); 1001 1002 while (target_num-- > 0) { 1003 if ((targets->ap_id == card || targets->ap_id == AUTOSEL_AP) && 1004 (targets->dom_id == dom || targets->dom_id == AUTOSEL_DOM)) 1005 return true; 1006 targets++; 1007 } 1008 return false; 1009 } 1010 1011 static long _zcrypt_send_ep11_cprb(bool userspace, struct ap_perms *perms, 1012 struct zcrypt_track *tr, 1013 struct ep11_urb *xcrb) 1014 { 1015 struct zcrypt_card *zc, *pref_zc; 1016 struct zcrypt_queue *zq, *pref_zq; 1017 struct ep11_target_dev *targets; 1018 unsigned short target_num; 1019 unsigned int wgt = 0, pref_wgt = 0; 1020 unsigned int func_code; 1021 struct ap_message ap_msg; 1022 int cpen, qpen, qid = 0, rc = -ENODEV; 1023 struct module *mod; 1024 1025 trace_s390_zcrypt_req(xcrb, TP_ZSENDEP11CPRB); 1026 1027 ap_init_message(&ap_msg); 1028 1029 #ifdef CONFIG_ZCRYPT_DEBUG 1030 if (tr && tr->fi.cmd) 1031 ap_msg.fi.cmd = tr->fi.cmd; 1032 #endif 1033 1034 target_num = (unsigned short) xcrb->targets_num; 1035 1036 /* empty list indicates autoselect (all available targets) */ 1037 targets = NULL; 1038 if (target_num != 0) { 1039 struct ep11_target_dev __user *uptr; 1040 1041 targets = kcalloc(target_num, sizeof(*targets), GFP_KERNEL); 1042 if (!targets) { 1043 func_code = 0; 1044 rc = -ENOMEM; 1045 goto out; 1046 } 1047 1048 uptr = (struct ep11_target_dev __force __user *) xcrb->targets; 1049 if (z_copy_from_user(userspace, targets, uptr, 1050 target_num * sizeof(*targets))) { 1051 func_code = 0; 1052 rc = -EFAULT; 1053 goto out_free; 1054 } 1055 } 1056 1057 rc = get_ep11cprb_fc(userspace, xcrb, &ap_msg, &func_code); 1058 if (rc) 1059 goto out_free; 1060 1061 pref_zc = NULL; 1062 pref_zq = NULL; 1063 spin_lock(&zcrypt_list_lock); 1064 for_each_zcrypt_card(zc) { 1065 /* Check for useable EP11 card */ 1066 if (!zc->online || !zc->card->config || 1067 !(zc->card->functions & 0x04000000)) 1068 continue; 1069 /* Check for user selected EP11 card */ 1070 if (targets && 1071 !is_desired_ep11_card(zc->card->id, target_num, targets)) 1072 continue; 1073 /* check if request size exceeds card max msg size */ 1074 if (ap_msg.len > zc->card->maxmsgsize) 1075 continue; 1076 /* check if device node has admission for this card */ 1077 if (!zcrypt_check_card(perms, zc->card->id)) 1078 continue; 1079 /* get weight index of the card device */ 1080 wgt = speed_idx_ep11(func_code) * zc->speed_rating[SECKEY]; 1081 /* penalty if this msg was previously sent via this card */ 1082 cpen = (tr && tr->again_counter && tr->last_qid && 1083 AP_QID_CARD(tr->last_qid) == zc->card->id) ? 1084 TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0; 1085 if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt)) 1086 continue; 1087 for_each_zcrypt_queue(zq, zc) { 1088 /* check if device is useable and eligible */ 1089 if (!zq->online || 1090 !zq->ops->send_ep11_cprb || 1091 !zq->queue->config || 1092 (targets && 1093 !is_desired_ep11_queue(zq->queue->qid, 1094 target_num, targets))) 1095 continue; 1096 /* check if device node has admission for this queue */ 1097 if (!zcrypt_check_queue(perms, 1098 AP_QID_QUEUE(zq->queue->qid))) 1099 continue; 1100 /* penalty if the msg was previously sent at this qid */ 1101 qpen = (tr && tr->again_counter && tr->last_qid && 1102 tr->last_qid == zq->queue->qid) ? 1103 TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0; 1104 if (!zcrypt_queue_compare(zq, pref_zq, 1105 wgt + cpen + qpen, pref_wgt)) 1106 continue; 1107 pref_zc = zc; 1108 pref_zq = zq; 1109 pref_wgt = wgt + cpen + qpen; 1110 } 1111 } 1112 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt); 1113 spin_unlock(&zcrypt_list_lock); 1114 1115 if (!pref_zq) { 1116 rc = -ENODEV; 1117 goto out_free; 1118 } 1119 1120 qid = pref_zq->queue->qid; 1121 rc = pref_zq->ops->send_ep11_cprb(userspace, pref_zq, xcrb, &ap_msg); 1122 1123 spin_lock(&zcrypt_list_lock); 1124 zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt); 1125 spin_unlock(&zcrypt_list_lock); 1126 1127 out_free: 1128 kfree(targets); 1129 out: 1130 ap_release_message(&ap_msg); 1131 if (tr) { 1132 tr->last_rc = rc; 1133 tr->last_qid = qid; 1134 } 1135 trace_s390_zcrypt_rep(xcrb, func_code, rc, 1136 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 1137 return rc; 1138 } 1139 1140 long zcrypt_send_ep11_cprb(struct ep11_urb *xcrb) 1141 { 1142 return _zcrypt_send_ep11_cprb(false, &ap_perms, NULL, xcrb); 1143 } 1144 EXPORT_SYMBOL(zcrypt_send_ep11_cprb); 1145 1146 static long zcrypt_rng(char *buffer) 1147 { 1148 struct zcrypt_card *zc, *pref_zc; 1149 struct zcrypt_queue *zq, *pref_zq; 1150 unsigned int wgt = 0, pref_wgt = 0; 1151 unsigned int func_code; 1152 struct ap_message ap_msg; 1153 unsigned int domain; 1154 int qid = 0, rc = -ENODEV; 1155 struct module *mod; 1156 1157 trace_s390_zcrypt_req(buffer, TP_HWRNGCPRB); 1158 1159 ap_init_message(&ap_msg); 1160 rc = get_rng_fc(&ap_msg, &func_code, &domain); 1161 if (rc) 1162 goto out; 1163 1164 pref_zc = NULL; 1165 pref_zq = NULL; 1166 spin_lock(&zcrypt_list_lock); 1167 for_each_zcrypt_card(zc) { 1168 /* Check for useable CCA card */ 1169 if (!zc->online || !zc->card->config || 1170 !(zc->card->functions & 0x10000000)) 1171 continue; 1172 /* get weight index of the card device */ 1173 wgt = zc->speed_rating[func_code]; 1174 if (!zcrypt_card_compare(zc, pref_zc, wgt, pref_wgt)) 1175 continue; 1176 for_each_zcrypt_queue(zq, zc) { 1177 /* check if device is useable and eligible */ 1178 if (!zq->online || !zq->ops->rng || 1179 !zq->queue->config) 1180 continue; 1181 if (!zcrypt_queue_compare(zq, pref_zq, wgt, pref_wgt)) 1182 continue; 1183 pref_zc = zc; 1184 pref_zq = zq; 1185 pref_wgt = wgt; 1186 } 1187 } 1188 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt); 1189 spin_unlock(&zcrypt_list_lock); 1190 1191 if (!pref_zq) { 1192 rc = -ENODEV; 1193 goto out; 1194 } 1195 1196 qid = pref_zq->queue->qid; 1197 rc = pref_zq->ops->rng(pref_zq, buffer, &ap_msg); 1198 1199 spin_lock(&zcrypt_list_lock); 1200 zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt); 1201 spin_unlock(&zcrypt_list_lock); 1202 1203 out: 1204 ap_release_message(&ap_msg); 1205 trace_s390_zcrypt_rep(buffer, func_code, rc, 1206 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 1207 return rc; 1208 } 1209 1210 static void zcrypt_device_status_mask(struct zcrypt_device_status *devstatus) 1211 { 1212 struct zcrypt_card *zc; 1213 struct zcrypt_queue *zq; 1214 struct zcrypt_device_status *stat; 1215 int card, queue; 1216 1217 memset(devstatus, 0, MAX_ZDEV_ENTRIES 1218 * sizeof(struct zcrypt_device_status)); 1219 1220 spin_lock(&zcrypt_list_lock); 1221 for_each_zcrypt_card(zc) { 1222 for_each_zcrypt_queue(zq, zc) { 1223 card = AP_QID_CARD(zq->queue->qid); 1224 if (card >= MAX_ZDEV_CARDIDS) 1225 continue; 1226 queue = AP_QID_QUEUE(zq->queue->qid); 1227 stat = &devstatus[card * AP_DOMAINS + queue]; 1228 stat->hwtype = zc->card->ap_dev.device_type; 1229 stat->functions = zc->card->functions >> 26; 1230 stat->qid = zq->queue->qid; 1231 stat->online = zq->online ? 0x01 : 0x00; 1232 } 1233 } 1234 spin_unlock(&zcrypt_list_lock); 1235 } 1236 1237 void zcrypt_device_status_mask_ext(struct zcrypt_device_status_ext *devstatus) 1238 { 1239 struct zcrypt_card *zc; 1240 struct zcrypt_queue *zq; 1241 struct zcrypt_device_status_ext *stat; 1242 int card, queue; 1243 1244 memset(devstatus, 0, MAX_ZDEV_ENTRIES_EXT 1245 * sizeof(struct zcrypt_device_status_ext)); 1246 1247 spin_lock(&zcrypt_list_lock); 1248 for_each_zcrypt_card(zc) { 1249 for_each_zcrypt_queue(zq, zc) { 1250 card = AP_QID_CARD(zq->queue->qid); 1251 queue = AP_QID_QUEUE(zq->queue->qid); 1252 stat = &devstatus[card * AP_DOMAINS + queue]; 1253 stat->hwtype = zc->card->ap_dev.device_type; 1254 stat->functions = zc->card->functions >> 26; 1255 stat->qid = zq->queue->qid; 1256 stat->online = zq->online ? 0x01 : 0x00; 1257 } 1258 } 1259 spin_unlock(&zcrypt_list_lock); 1260 } 1261 EXPORT_SYMBOL(zcrypt_device_status_mask_ext); 1262 1263 int zcrypt_device_status_ext(int card, int queue, 1264 struct zcrypt_device_status_ext *devstat) 1265 { 1266 struct zcrypt_card *zc; 1267 struct zcrypt_queue *zq; 1268 1269 memset(devstat, 0, sizeof(*devstat)); 1270 1271 spin_lock(&zcrypt_list_lock); 1272 for_each_zcrypt_card(zc) { 1273 for_each_zcrypt_queue(zq, zc) { 1274 if (card == AP_QID_CARD(zq->queue->qid) && 1275 queue == AP_QID_QUEUE(zq->queue->qid)) { 1276 devstat->hwtype = zc->card->ap_dev.device_type; 1277 devstat->functions = zc->card->functions >> 26; 1278 devstat->qid = zq->queue->qid; 1279 devstat->online = zq->online ? 0x01 : 0x00; 1280 spin_unlock(&zcrypt_list_lock); 1281 return 0; 1282 } 1283 } 1284 } 1285 spin_unlock(&zcrypt_list_lock); 1286 1287 return -ENODEV; 1288 } 1289 EXPORT_SYMBOL(zcrypt_device_status_ext); 1290 1291 static void zcrypt_status_mask(char status[], size_t max_adapters) 1292 { 1293 struct zcrypt_card *zc; 1294 struct zcrypt_queue *zq; 1295 int card; 1296 1297 memset(status, 0, max_adapters); 1298 spin_lock(&zcrypt_list_lock); 1299 for_each_zcrypt_card(zc) { 1300 for_each_zcrypt_queue(zq, zc) { 1301 card = AP_QID_CARD(zq->queue->qid); 1302 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index 1303 || card >= max_adapters) 1304 continue; 1305 status[card] = zc->online ? zc->user_space_type : 0x0d; 1306 } 1307 } 1308 spin_unlock(&zcrypt_list_lock); 1309 } 1310 1311 static void zcrypt_qdepth_mask(char qdepth[], size_t max_adapters) 1312 { 1313 struct zcrypt_card *zc; 1314 struct zcrypt_queue *zq; 1315 int card; 1316 1317 memset(qdepth, 0, max_adapters); 1318 spin_lock(&zcrypt_list_lock); 1319 local_bh_disable(); 1320 for_each_zcrypt_card(zc) { 1321 for_each_zcrypt_queue(zq, zc) { 1322 card = AP_QID_CARD(zq->queue->qid); 1323 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index 1324 || card >= max_adapters) 1325 continue; 1326 spin_lock(&zq->queue->lock); 1327 qdepth[card] = 1328 zq->queue->pendingq_count + 1329 zq->queue->requestq_count; 1330 spin_unlock(&zq->queue->lock); 1331 } 1332 } 1333 local_bh_enable(); 1334 spin_unlock(&zcrypt_list_lock); 1335 } 1336 1337 static void zcrypt_perdev_reqcnt(u32 reqcnt[], size_t max_adapters) 1338 { 1339 struct zcrypt_card *zc; 1340 struct zcrypt_queue *zq; 1341 int card; 1342 u64 cnt; 1343 1344 memset(reqcnt, 0, sizeof(int) * max_adapters); 1345 spin_lock(&zcrypt_list_lock); 1346 local_bh_disable(); 1347 for_each_zcrypt_card(zc) { 1348 for_each_zcrypt_queue(zq, zc) { 1349 card = AP_QID_CARD(zq->queue->qid); 1350 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index 1351 || card >= max_adapters) 1352 continue; 1353 spin_lock(&zq->queue->lock); 1354 cnt = zq->queue->total_request_count; 1355 spin_unlock(&zq->queue->lock); 1356 reqcnt[card] = (cnt < UINT_MAX) ? (u32) cnt : UINT_MAX; 1357 } 1358 } 1359 local_bh_enable(); 1360 spin_unlock(&zcrypt_list_lock); 1361 } 1362 1363 static int zcrypt_pendingq_count(void) 1364 { 1365 struct zcrypt_card *zc; 1366 struct zcrypt_queue *zq; 1367 int pendingq_count; 1368 1369 pendingq_count = 0; 1370 spin_lock(&zcrypt_list_lock); 1371 local_bh_disable(); 1372 for_each_zcrypt_card(zc) { 1373 for_each_zcrypt_queue(zq, zc) { 1374 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index) 1375 continue; 1376 spin_lock(&zq->queue->lock); 1377 pendingq_count += zq->queue->pendingq_count; 1378 spin_unlock(&zq->queue->lock); 1379 } 1380 } 1381 local_bh_enable(); 1382 spin_unlock(&zcrypt_list_lock); 1383 return pendingq_count; 1384 } 1385 1386 static int zcrypt_requestq_count(void) 1387 { 1388 struct zcrypt_card *zc; 1389 struct zcrypt_queue *zq; 1390 int requestq_count; 1391 1392 requestq_count = 0; 1393 spin_lock(&zcrypt_list_lock); 1394 local_bh_disable(); 1395 for_each_zcrypt_card(zc) { 1396 for_each_zcrypt_queue(zq, zc) { 1397 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index) 1398 continue; 1399 spin_lock(&zq->queue->lock); 1400 requestq_count += zq->queue->requestq_count; 1401 spin_unlock(&zq->queue->lock); 1402 } 1403 } 1404 local_bh_enable(); 1405 spin_unlock(&zcrypt_list_lock); 1406 return requestq_count; 1407 } 1408 1409 static int icarsamodexpo_ioctl(struct ap_perms *perms, unsigned long arg) 1410 { 1411 int rc; 1412 struct zcrypt_track tr; 1413 struct ica_rsa_modexpo mex; 1414 struct ica_rsa_modexpo __user *umex = (void __user *) arg; 1415 1416 memset(&tr, 0, sizeof(tr)); 1417 if (copy_from_user(&mex, umex, sizeof(mex))) 1418 return -EFAULT; 1419 1420 #ifdef CONFIG_ZCRYPT_DEBUG 1421 if (mex.inputdatalength & (1U << 31)) { 1422 if (!capable(CAP_SYS_ADMIN)) 1423 return -EPERM; 1424 tr.fi.cmd = (u16)(mex.inputdatalength >> 16); 1425 } 1426 mex.inputdatalength &= 0x0000FFFF; 1427 #endif 1428 1429 do { 1430 rc = zcrypt_rsa_modexpo(perms, &tr, &mex); 1431 if (rc == -EAGAIN) 1432 tr.again_counter++; 1433 #ifdef CONFIG_ZCRYPT_DEBUG 1434 if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY)) 1435 break; 1436 #endif 1437 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1438 /* on failure: retry once again after a requested rescan */ 1439 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1440 do { 1441 rc = zcrypt_rsa_modexpo(perms, &tr, &mex); 1442 if (rc == -EAGAIN) 1443 tr.again_counter++; 1444 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1445 if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX) 1446 rc = -EIO; 1447 if (rc) { 1448 ZCRYPT_DBF_DBG("ioctl ICARSAMODEXPO rc=%d\n", rc); 1449 return rc; 1450 } 1451 return put_user(mex.outputdatalength, &umex->outputdatalength); 1452 } 1453 1454 static int icarsacrt_ioctl(struct ap_perms *perms, unsigned long arg) 1455 { 1456 int rc; 1457 struct zcrypt_track tr; 1458 struct ica_rsa_modexpo_crt crt; 1459 struct ica_rsa_modexpo_crt __user *ucrt = (void __user *) arg; 1460 1461 memset(&tr, 0, sizeof(tr)); 1462 if (copy_from_user(&crt, ucrt, sizeof(crt))) 1463 return -EFAULT; 1464 1465 #ifdef CONFIG_ZCRYPT_DEBUG 1466 if (crt.inputdatalength & (1U << 31)) { 1467 if (!capable(CAP_SYS_ADMIN)) 1468 return -EPERM; 1469 tr.fi.cmd = (u16)(crt.inputdatalength >> 16); 1470 } 1471 crt.inputdatalength &= 0x0000FFFF; 1472 #endif 1473 1474 do { 1475 rc = zcrypt_rsa_crt(perms, &tr, &crt); 1476 if (rc == -EAGAIN) 1477 tr.again_counter++; 1478 #ifdef CONFIG_ZCRYPT_DEBUG 1479 if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY)) 1480 break; 1481 #endif 1482 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1483 /* on failure: retry once again after a requested rescan */ 1484 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1485 do { 1486 rc = zcrypt_rsa_crt(perms, &tr, &crt); 1487 if (rc == -EAGAIN) 1488 tr.again_counter++; 1489 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1490 if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX) 1491 rc = -EIO; 1492 if (rc) { 1493 ZCRYPT_DBF_DBG("ioctl ICARSACRT rc=%d\n", rc); 1494 return rc; 1495 } 1496 return put_user(crt.outputdatalength, &ucrt->outputdatalength); 1497 } 1498 1499 static int zsecsendcprb_ioctl(struct ap_perms *perms, unsigned long arg) 1500 { 1501 int rc; 1502 struct ica_xcRB xcRB; 1503 struct zcrypt_track tr; 1504 struct ica_xcRB __user *uxcRB = (void __user *) arg; 1505 1506 memset(&tr, 0, sizeof(tr)); 1507 if (copy_from_user(&xcRB, uxcRB, sizeof(xcRB))) 1508 return -EFAULT; 1509 1510 #ifdef CONFIG_ZCRYPT_DEBUG 1511 if ((xcRB.status & 0x8000FFFF) == 0x80004649 /* 'FI' */) { 1512 if (!capable(CAP_SYS_ADMIN)) 1513 return -EPERM; 1514 tr.fi.cmd = (u16)(xcRB.status >> 16); 1515 } 1516 xcRB.status = 0; 1517 #endif 1518 1519 do { 1520 rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB); 1521 if (rc == -EAGAIN) 1522 tr.again_counter++; 1523 #ifdef CONFIG_ZCRYPT_DEBUG 1524 if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY)) 1525 break; 1526 #endif 1527 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1528 /* on failure: retry once again after a requested rescan */ 1529 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1530 do { 1531 rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB); 1532 if (rc == -EAGAIN) 1533 tr.again_counter++; 1534 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1535 if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX) 1536 rc = -EIO; 1537 if (rc) 1538 ZCRYPT_DBF_DBG("ioctl ZSENDCPRB rc=%d status=0x%x\n", 1539 rc, xcRB.status); 1540 if (copy_to_user(uxcRB, &xcRB, sizeof(xcRB))) 1541 return -EFAULT; 1542 return rc; 1543 } 1544 1545 static int zsendep11cprb_ioctl(struct ap_perms *perms, unsigned long arg) 1546 { 1547 int rc; 1548 struct ep11_urb xcrb; 1549 struct zcrypt_track tr; 1550 struct ep11_urb __user *uxcrb = (void __user *)arg; 1551 1552 memset(&tr, 0, sizeof(tr)); 1553 if (copy_from_user(&xcrb, uxcrb, sizeof(xcrb))) 1554 return -EFAULT; 1555 1556 #ifdef CONFIG_ZCRYPT_DEBUG 1557 if (xcrb.req_len & (1ULL << 63)) { 1558 if (!capable(CAP_SYS_ADMIN)) 1559 return -EPERM; 1560 tr.fi.cmd = (u16)(xcrb.req_len >> 48); 1561 } 1562 xcrb.req_len &= 0x0000FFFFFFFFFFFFULL; 1563 #endif 1564 1565 do { 1566 rc = _zcrypt_send_ep11_cprb(true, perms, &tr, &xcrb); 1567 if (rc == -EAGAIN) 1568 tr.again_counter++; 1569 #ifdef CONFIG_ZCRYPT_DEBUG 1570 if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY)) 1571 break; 1572 #endif 1573 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1574 /* on failure: retry once again after a requested rescan */ 1575 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1576 do { 1577 rc = _zcrypt_send_ep11_cprb(true, perms, &tr, &xcrb); 1578 if (rc == -EAGAIN) 1579 tr.again_counter++; 1580 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1581 if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX) 1582 rc = -EIO; 1583 if (rc) 1584 ZCRYPT_DBF_DBG("ioctl ZSENDEP11CPRB rc=%d\n", rc); 1585 if (copy_to_user(uxcrb, &xcrb, sizeof(xcrb))) 1586 return -EFAULT; 1587 return rc; 1588 } 1589 1590 static long zcrypt_unlocked_ioctl(struct file *filp, unsigned int cmd, 1591 unsigned long arg) 1592 { 1593 int rc; 1594 struct ap_perms *perms = 1595 (struct ap_perms *) filp->private_data; 1596 1597 rc = zcrypt_check_ioctl(perms, cmd); 1598 if (rc) 1599 return rc; 1600 1601 switch (cmd) { 1602 case ICARSAMODEXPO: 1603 return icarsamodexpo_ioctl(perms, arg); 1604 case ICARSACRT: 1605 return icarsacrt_ioctl(perms, arg); 1606 case ZSECSENDCPRB: 1607 return zsecsendcprb_ioctl(perms, arg); 1608 case ZSENDEP11CPRB: 1609 return zsendep11cprb_ioctl(perms, arg); 1610 case ZCRYPT_DEVICE_STATUS: { 1611 struct zcrypt_device_status_ext *device_status; 1612 size_t total_size = MAX_ZDEV_ENTRIES_EXT 1613 * sizeof(struct zcrypt_device_status_ext); 1614 1615 device_status = kzalloc(total_size, GFP_KERNEL); 1616 if (!device_status) 1617 return -ENOMEM; 1618 zcrypt_device_status_mask_ext(device_status); 1619 if (copy_to_user((char __user *) arg, device_status, 1620 total_size)) 1621 rc = -EFAULT; 1622 kfree(device_status); 1623 return rc; 1624 } 1625 case ZCRYPT_STATUS_MASK: { 1626 char status[AP_DEVICES]; 1627 1628 zcrypt_status_mask(status, AP_DEVICES); 1629 if (copy_to_user((char __user *) arg, status, sizeof(status))) 1630 return -EFAULT; 1631 return 0; 1632 } 1633 case ZCRYPT_QDEPTH_MASK: { 1634 char qdepth[AP_DEVICES]; 1635 1636 zcrypt_qdepth_mask(qdepth, AP_DEVICES); 1637 if (copy_to_user((char __user *) arg, qdepth, sizeof(qdepth))) 1638 return -EFAULT; 1639 return 0; 1640 } 1641 case ZCRYPT_PERDEV_REQCNT: { 1642 u32 *reqcnt; 1643 1644 reqcnt = kcalloc(AP_DEVICES, sizeof(u32), GFP_KERNEL); 1645 if (!reqcnt) 1646 return -ENOMEM; 1647 zcrypt_perdev_reqcnt(reqcnt, AP_DEVICES); 1648 if (copy_to_user((int __user *) arg, reqcnt, 1649 sizeof(u32) * AP_DEVICES)) 1650 rc = -EFAULT; 1651 kfree(reqcnt); 1652 return rc; 1653 } 1654 case Z90STAT_REQUESTQ_COUNT: 1655 return put_user(zcrypt_requestq_count(), (int __user *) arg); 1656 case Z90STAT_PENDINGQ_COUNT: 1657 return put_user(zcrypt_pendingq_count(), (int __user *) arg); 1658 case Z90STAT_TOTALOPEN_COUNT: 1659 return put_user(atomic_read(&zcrypt_open_count), 1660 (int __user *) arg); 1661 case Z90STAT_DOMAIN_INDEX: 1662 return put_user(ap_domain_index, (int __user *) arg); 1663 /* 1664 * Deprecated ioctls 1665 */ 1666 case ZDEVICESTATUS: { 1667 /* the old ioctl supports only 64 adapters */ 1668 struct zcrypt_device_status *device_status; 1669 size_t total_size = MAX_ZDEV_ENTRIES 1670 * sizeof(struct zcrypt_device_status); 1671 1672 device_status = kzalloc(total_size, GFP_KERNEL); 1673 if (!device_status) 1674 return -ENOMEM; 1675 zcrypt_device_status_mask(device_status); 1676 if (copy_to_user((char __user *) arg, device_status, 1677 total_size)) 1678 rc = -EFAULT; 1679 kfree(device_status); 1680 return rc; 1681 } 1682 case Z90STAT_STATUS_MASK: { 1683 /* the old ioctl supports only 64 adapters */ 1684 char status[MAX_ZDEV_CARDIDS]; 1685 1686 zcrypt_status_mask(status, MAX_ZDEV_CARDIDS); 1687 if (copy_to_user((char __user *) arg, status, sizeof(status))) 1688 return -EFAULT; 1689 return 0; 1690 } 1691 case Z90STAT_QDEPTH_MASK: { 1692 /* the old ioctl supports only 64 adapters */ 1693 char qdepth[MAX_ZDEV_CARDIDS]; 1694 1695 zcrypt_qdepth_mask(qdepth, MAX_ZDEV_CARDIDS); 1696 if (copy_to_user((char __user *) arg, qdepth, sizeof(qdepth))) 1697 return -EFAULT; 1698 return 0; 1699 } 1700 case Z90STAT_PERDEV_REQCNT: { 1701 /* the old ioctl supports only 64 adapters */ 1702 u32 reqcnt[MAX_ZDEV_CARDIDS]; 1703 1704 zcrypt_perdev_reqcnt(reqcnt, MAX_ZDEV_CARDIDS); 1705 if (copy_to_user((int __user *) arg, reqcnt, sizeof(reqcnt))) 1706 return -EFAULT; 1707 return 0; 1708 } 1709 /* unknown ioctl number */ 1710 default: 1711 ZCRYPT_DBF_DBG("unknown ioctl 0x%08x\n", cmd); 1712 return -ENOIOCTLCMD; 1713 } 1714 } 1715 1716 #ifdef CONFIG_COMPAT 1717 /* 1718 * ioctl32 conversion routines 1719 */ 1720 struct compat_ica_rsa_modexpo { 1721 compat_uptr_t inputdata; 1722 unsigned int inputdatalength; 1723 compat_uptr_t outputdata; 1724 unsigned int outputdatalength; 1725 compat_uptr_t b_key; 1726 compat_uptr_t n_modulus; 1727 }; 1728 1729 static long trans_modexpo32(struct ap_perms *perms, struct file *filp, 1730 unsigned int cmd, unsigned long arg) 1731 { 1732 struct compat_ica_rsa_modexpo __user *umex32 = compat_ptr(arg); 1733 struct compat_ica_rsa_modexpo mex32; 1734 struct ica_rsa_modexpo mex64; 1735 struct zcrypt_track tr; 1736 long rc; 1737 1738 memset(&tr, 0, sizeof(tr)); 1739 if (copy_from_user(&mex32, umex32, sizeof(mex32))) 1740 return -EFAULT; 1741 mex64.inputdata = compat_ptr(mex32.inputdata); 1742 mex64.inputdatalength = mex32.inputdatalength; 1743 mex64.outputdata = compat_ptr(mex32.outputdata); 1744 mex64.outputdatalength = mex32.outputdatalength; 1745 mex64.b_key = compat_ptr(mex32.b_key); 1746 mex64.n_modulus = compat_ptr(mex32.n_modulus); 1747 do { 1748 rc = zcrypt_rsa_modexpo(perms, &tr, &mex64); 1749 if (rc == -EAGAIN) 1750 tr.again_counter++; 1751 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1752 /* on failure: retry once again after a requested rescan */ 1753 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1754 do { 1755 rc = zcrypt_rsa_modexpo(perms, &tr, &mex64); 1756 if (rc == -EAGAIN) 1757 tr.again_counter++; 1758 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1759 if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX) 1760 rc = -EIO; 1761 if (rc) 1762 return rc; 1763 return put_user(mex64.outputdatalength, 1764 &umex32->outputdatalength); 1765 } 1766 1767 struct compat_ica_rsa_modexpo_crt { 1768 compat_uptr_t inputdata; 1769 unsigned int inputdatalength; 1770 compat_uptr_t outputdata; 1771 unsigned int outputdatalength; 1772 compat_uptr_t bp_key; 1773 compat_uptr_t bq_key; 1774 compat_uptr_t np_prime; 1775 compat_uptr_t nq_prime; 1776 compat_uptr_t u_mult_inv; 1777 }; 1778 1779 static long trans_modexpo_crt32(struct ap_perms *perms, struct file *filp, 1780 unsigned int cmd, unsigned long arg) 1781 { 1782 struct compat_ica_rsa_modexpo_crt __user *ucrt32 = compat_ptr(arg); 1783 struct compat_ica_rsa_modexpo_crt crt32; 1784 struct ica_rsa_modexpo_crt crt64; 1785 struct zcrypt_track tr; 1786 long rc; 1787 1788 memset(&tr, 0, sizeof(tr)); 1789 if (copy_from_user(&crt32, ucrt32, sizeof(crt32))) 1790 return -EFAULT; 1791 crt64.inputdata = compat_ptr(crt32.inputdata); 1792 crt64.inputdatalength = crt32.inputdatalength; 1793 crt64.outputdata = compat_ptr(crt32.outputdata); 1794 crt64.outputdatalength = crt32.outputdatalength; 1795 crt64.bp_key = compat_ptr(crt32.bp_key); 1796 crt64.bq_key = compat_ptr(crt32.bq_key); 1797 crt64.np_prime = compat_ptr(crt32.np_prime); 1798 crt64.nq_prime = compat_ptr(crt32.nq_prime); 1799 crt64.u_mult_inv = compat_ptr(crt32.u_mult_inv); 1800 do { 1801 rc = zcrypt_rsa_crt(perms, &tr, &crt64); 1802 if (rc == -EAGAIN) 1803 tr.again_counter++; 1804 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1805 /* on failure: retry once again after a requested rescan */ 1806 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1807 do { 1808 rc = zcrypt_rsa_crt(perms, &tr, &crt64); 1809 if (rc == -EAGAIN) 1810 tr.again_counter++; 1811 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1812 if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX) 1813 rc = -EIO; 1814 if (rc) 1815 return rc; 1816 return put_user(crt64.outputdatalength, 1817 &ucrt32->outputdatalength); 1818 } 1819 1820 struct compat_ica_xcRB { 1821 unsigned short agent_ID; 1822 unsigned int user_defined; 1823 unsigned short request_ID; 1824 unsigned int request_control_blk_length; 1825 unsigned char padding1[16 - sizeof(compat_uptr_t)]; 1826 compat_uptr_t request_control_blk_addr; 1827 unsigned int request_data_length; 1828 char padding2[16 - sizeof(compat_uptr_t)]; 1829 compat_uptr_t request_data_address; 1830 unsigned int reply_control_blk_length; 1831 char padding3[16 - sizeof(compat_uptr_t)]; 1832 compat_uptr_t reply_control_blk_addr; 1833 unsigned int reply_data_length; 1834 char padding4[16 - sizeof(compat_uptr_t)]; 1835 compat_uptr_t reply_data_addr; 1836 unsigned short priority_window; 1837 unsigned int status; 1838 } __packed; 1839 1840 static long trans_xcRB32(struct ap_perms *perms, struct file *filp, 1841 unsigned int cmd, unsigned long arg) 1842 { 1843 struct compat_ica_xcRB __user *uxcRB32 = compat_ptr(arg); 1844 struct compat_ica_xcRB xcRB32; 1845 struct zcrypt_track tr; 1846 struct ica_xcRB xcRB64; 1847 long rc; 1848 1849 memset(&tr, 0, sizeof(tr)); 1850 if (copy_from_user(&xcRB32, uxcRB32, sizeof(xcRB32))) 1851 return -EFAULT; 1852 xcRB64.agent_ID = xcRB32.agent_ID; 1853 xcRB64.user_defined = xcRB32.user_defined; 1854 xcRB64.request_ID = xcRB32.request_ID; 1855 xcRB64.request_control_blk_length = 1856 xcRB32.request_control_blk_length; 1857 xcRB64.request_control_blk_addr = 1858 compat_ptr(xcRB32.request_control_blk_addr); 1859 xcRB64.request_data_length = 1860 xcRB32.request_data_length; 1861 xcRB64.request_data_address = 1862 compat_ptr(xcRB32.request_data_address); 1863 xcRB64.reply_control_blk_length = 1864 xcRB32.reply_control_blk_length; 1865 xcRB64.reply_control_blk_addr = 1866 compat_ptr(xcRB32.reply_control_blk_addr); 1867 xcRB64.reply_data_length = xcRB32.reply_data_length; 1868 xcRB64.reply_data_addr = 1869 compat_ptr(xcRB32.reply_data_addr); 1870 xcRB64.priority_window = xcRB32.priority_window; 1871 xcRB64.status = xcRB32.status; 1872 do { 1873 rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB64); 1874 if (rc == -EAGAIN) 1875 tr.again_counter++; 1876 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1877 /* on failure: retry once again after a requested rescan */ 1878 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1879 do { 1880 rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB64); 1881 if (rc == -EAGAIN) 1882 tr.again_counter++; 1883 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1884 if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX) 1885 rc = -EIO; 1886 xcRB32.reply_control_blk_length = xcRB64.reply_control_blk_length; 1887 xcRB32.reply_data_length = xcRB64.reply_data_length; 1888 xcRB32.status = xcRB64.status; 1889 if (copy_to_user(uxcRB32, &xcRB32, sizeof(xcRB32))) 1890 return -EFAULT; 1891 return rc; 1892 } 1893 1894 static long zcrypt_compat_ioctl(struct file *filp, unsigned int cmd, 1895 unsigned long arg) 1896 { 1897 int rc; 1898 struct ap_perms *perms = 1899 (struct ap_perms *) filp->private_data; 1900 1901 rc = zcrypt_check_ioctl(perms, cmd); 1902 if (rc) 1903 return rc; 1904 1905 if (cmd == ICARSAMODEXPO) 1906 return trans_modexpo32(perms, filp, cmd, arg); 1907 if (cmd == ICARSACRT) 1908 return trans_modexpo_crt32(perms, filp, cmd, arg); 1909 if (cmd == ZSECSENDCPRB) 1910 return trans_xcRB32(perms, filp, cmd, arg); 1911 return zcrypt_unlocked_ioctl(filp, cmd, arg); 1912 } 1913 #endif 1914 1915 /* 1916 * Misc device file operations. 1917 */ 1918 static const struct file_operations zcrypt_fops = { 1919 .owner = THIS_MODULE, 1920 .read = zcrypt_read, 1921 .write = zcrypt_write, 1922 .unlocked_ioctl = zcrypt_unlocked_ioctl, 1923 #ifdef CONFIG_COMPAT 1924 .compat_ioctl = zcrypt_compat_ioctl, 1925 #endif 1926 .open = zcrypt_open, 1927 .release = zcrypt_release, 1928 .llseek = no_llseek, 1929 }; 1930 1931 /* 1932 * Misc device. 1933 */ 1934 static struct miscdevice zcrypt_misc_device = { 1935 .minor = MISC_DYNAMIC_MINOR, 1936 .name = "z90crypt", 1937 .fops = &zcrypt_fops, 1938 }; 1939 1940 static int zcrypt_rng_device_count; 1941 static u32 *zcrypt_rng_buffer; 1942 static int zcrypt_rng_buffer_index; 1943 static DEFINE_MUTEX(zcrypt_rng_mutex); 1944 1945 static int zcrypt_rng_data_read(struct hwrng *rng, u32 *data) 1946 { 1947 int rc; 1948 1949 /* 1950 * We don't need locking here because the RNG API guarantees serialized 1951 * read method calls. 1952 */ 1953 if (zcrypt_rng_buffer_index == 0) { 1954 rc = zcrypt_rng((char *) zcrypt_rng_buffer); 1955 /* on failure: retry once again after a requested rescan */ 1956 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1957 rc = zcrypt_rng((char *) zcrypt_rng_buffer); 1958 if (rc < 0) 1959 return -EIO; 1960 zcrypt_rng_buffer_index = rc / sizeof(*data); 1961 } 1962 *data = zcrypt_rng_buffer[--zcrypt_rng_buffer_index]; 1963 return sizeof(*data); 1964 } 1965 1966 static struct hwrng zcrypt_rng_dev = { 1967 .name = "zcrypt", 1968 .data_read = zcrypt_rng_data_read, 1969 .quality = 990, 1970 }; 1971 1972 int zcrypt_rng_device_add(void) 1973 { 1974 int rc = 0; 1975 1976 mutex_lock(&zcrypt_rng_mutex); 1977 if (zcrypt_rng_device_count == 0) { 1978 zcrypt_rng_buffer = (u32 *) get_zeroed_page(GFP_KERNEL); 1979 if (!zcrypt_rng_buffer) { 1980 rc = -ENOMEM; 1981 goto out; 1982 } 1983 zcrypt_rng_buffer_index = 0; 1984 if (!zcrypt_hwrng_seed) 1985 zcrypt_rng_dev.quality = 0; 1986 rc = hwrng_register(&zcrypt_rng_dev); 1987 if (rc) 1988 goto out_free; 1989 zcrypt_rng_device_count = 1; 1990 } else 1991 zcrypt_rng_device_count++; 1992 mutex_unlock(&zcrypt_rng_mutex); 1993 return 0; 1994 1995 out_free: 1996 free_page((unsigned long) zcrypt_rng_buffer); 1997 out: 1998 mutex_unlock(&zcrypt_rng_mutex); 1999 return rc; 2000 } 2001 2002 void zcrypt_rng_device_remove(void) 2003 { 2004 mutex_lock(&zcrypt_rng_mutex); 2005 zcrypt_rng_device_count--; 2006 if (zcrypt_rng_device_count == 0) { 2007 hwrng_unregister(&zcrypt_rng_dev); 2008 free_page((unsigned long) zcrypt_rng_buffer); 2009 } 2010 mutex_unlock(&zcrypt_rng_mutex); 2011 } 2012 2013 /* 2014 * Wait until the zcrypt api is operational. 2015 * The AP bus scan and the binding of ap devices to device drivers is 2016 * an asynchronous job. This function waits until these initial jobs 2017 * are done and so the zcrypt api should be ready to serve crypto 2018 * requests - if there are resources available. The function uses an 2019 * internal timeout of 60s. The very first caller will either wait for 2020 * ap bus bindings complete or the timeout happens. This state will be 2021 * remembered for further callers which will only be blocked until a 2022 * decision is made (timeout or bindings complete). 2023 * On timeout -ETIME is returned, on success the return value is 0. 2024 */ 2025 int zcrypt_wait_api_operational(void) 2026 { 2027 static DEFINE_MUTEX(zcrypt_wait_api_lock); 2028 static int zcrypt_wait_api_state; 2029 int rc; 2030 2031 rc = mutex_lock_interruptible(&zcrypt_wait_api_lock); 2032 if (rc) 2033 return rc; 2034 2035 switch (zcrypt_wait_api_state) { 2036 case 0: 2037 /* initial state, invoke wait for the ap bus complete */ 2038 rc = ap_wait_init_apqn_bindings_complete( 2039 msecs_to_jiffies(60 * 1000)); 2040 switch (rc) { 2041 case 0: 2042 /* ap bus bindings are complete */ 2043 zcrypt_wait_api_state = 1; 2044 break; 2045 case -EINTR: 2046 /* interrupted, go back to caller */ 2047 break; 2048 case -ETIME: 2049 /* timeout */ 2050 ZCRYPT_DBF_WARN("%s ap_wait_init_apqn_bindings_complete()=ETIME\n", 2051 __func__); 2052 zcrypt_wait_api_state = -ETIME; 2053 break; 2054 default: 2055 /* other failure */ 2056 ZCRYPT_DBF_DBG("%s ap_wait_init_apqn_bindings_complete()=%d\n", 2057 __func__, rc); 2058 break; 2059 } 2060 break; 2061 case 1: 2062 /* a previous caller already found ap bus bindings complete */ 2063 rc = 0; 2064 break; 2065 default: 2066 /* a previous caller had timeout or other failure */ 2067 rc = zcrypt_wait_api_state; 2068 break; 2069 } 2070 2071 mutex_unlock(&zcrypt_wait_api_lock); 2072 2073 return rc; 2074 } 2075 EXPORT_SYMBOL(zcrypt_wait_api_operational); 2076 2077 int __init zcrypt_debug_init(void) 2078 { 2079 zcrypt_dbf_info = debug_register("zcrypt", 2, 1, 2080 DBF_MAX_SPRINTF_ARGS * sizeof(long)); 2081 debug_register_view(zcrypt_dbf_info, &debug_sprintf_view); 2082 debug_set_level(zcrypt_dbf_info, DBF_ERR); 2083 2084 return 0; 2085 } 2086 2087 void zcrypt_debug_exit(void) 2088 { 2089 debug_unregister(zcrypt_dbf_info); 2090 } 2091 2092 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 2093 2094 static int __init zcdn_init(void) 2095 { 2096 int rc; 2097 2098 /* create a new class 'zcrypt' */ 2099 zcrypt_class = class_create(THIS_MODULE, ZCRYPT_NAME); 2100 if (IS_ERR(zcrypt_class)) { 2101 rc = PTR_ERR(zcrypt_class); 2102 goto out_class_create_failed; 2103 } 2104 zcrypt_class->dev_release = zcdn_device_release; 2105 2106 /* alloc device minor range */ 2107 rc = alloc_chrdev_region(&zcrypt_devt, 2108 0, ZCRYPT_MAX_MINOR_NODES, 2109 ZCRYPT_NAME); 2110 if (rc) 2111 goto out_alloc_chrdev_failed; 2112 2113 cdev_init(&zcrypt_cdev, &zcrypt_fops); 2114 zcrypt_cdev.owner = THIS_MODULE; 2115 rc = cdev_add(&zcrypt_cdev, zcrypt_devt, ZCRYPT_MAX_MINOR_NODES); 2116 if (rc) 2117 goto out_cdev_add_failed; 2118 2119 /* need some class specific sysfs attributes */ 2120 rc = class_create_file(zcrypt_class, &class_attr_zcdn_create); 2121 if (rc) 2122 goto out_class_create_file_1_failed; 2123 rc = class_create_file(zcrypt_class, &class_attr_zcdn_destroy); 2124 if (rc) 2125 goto out_class_create_file_2_failed; 2126 2127 return 0; 2128 2129 out_class_create_file_2_failed: 2130 class_remove_file(zcrypt_class, &class_attr_zcdn_create); 2131 out_class_create_file_1_failed: 2132 cdev_del(&zcrypt_cdev); 2133 out_cdev_add_failed: 2134 unregister_chrdev_region(zcrypt_devt, ZCRYPT_MAX_MINOR_NODES); 2135 out_alloc_chrdev_failed: 2136 class_destroy(zcrypt_class); 2137 out_class_create_failed: 2138 return rc; 2139 } 2140 2141 static void zcdn_exit(void) 2142 { 2143 class_remove_file(zcrypt_class, &class_attr_zcdn_create); 2144 class_remove_file(zcrypt_class, &class_attr_zcdn_destroy); 2145 zcdn_destroy_all(); 2146 cdev_del(&zcrypt_cdev); 2147 unregister_chrdev_region(zcrypt_devt, ZCRYPT_MAX_MINOR_NODES); 2148 class_destroy(zcrypt_class); 2149 } 2150 2151 #endif 2152 2153 /* 2154 * zcrypt_api_init(): Module initialization. 2155 * 2156 * The module initialization code. 2157 */ 2158 int __init zcrypt_api_init(void) 2159 { 2160 int rc; 2161 2162 rc = zcrypt_debug_init(); 2163 if (rc) 2164 goto out; 2165 2166 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 2167 rc = zcdn_init(); 2168 if (rc) 2169 goto out; 2170 #endif 2171 2172 /* Register the request sprayer. */ 2173 rc = misc_register(&zcrypt_misc_device); 2174 if (rc < 0) 2175 goto out_misc_register_failed; 2176 2177 zcrypt_msgtype6_init(); 2178 zcrypt_msgtype50_init(); 2179 2180 return 0; 2181 2182 out_misc_register_failed: 2183 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 2184 zcdn_exit(); 2185 #endif 2186 zcrypt_debug_exit(); 2187 out: 2188 return rc; 2189 } 2190 2191 /* 2192 * zcrypt_api_exit(): Module termination. 2193 * 2194 * The module termination code. 2195 */ 2196 void __exit zcrypt_api_exit(void) 2197 { 2198 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 2199 zcdn_exit(); 2200 #endif 2201 misc_deregister(&zcrypt_misc_device); 2202 zcrypt_msgtype6_exit(); 2203 zcrypt_msgtype50_exit(); 2204 zcrypt_ccamisc_exit(); 2205 zcrypt_ep11misc_exit(); 2206 zcrypt_debug_exit(); 2207 } 2208 2209 module_init(zcrypt_api_init); 2210 module_exit(zcrypt_api_exit); 2211