1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright IBM Corp. 2001, 2018 4 * Author(s): Robert Burroughs 5 * Eric Rossman (edrossma@us.ibm.com) 6 * Cornelia Huck <cornelia.huck@de.ibm.com> 7 * 8 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com) 9 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com> 10 * Ralph Wuerthner <rwuerthn@de.ibm.com> 11 * MSGTYPE restruct: Holger Dengler <hd@linux.vnet.ibm.com> 12 * Multiple device nodes: Harald Freudenberger <freude@linux.ibm.com> 13 */ 14 15 #include <linux/module.h> 16 #include <linux/init.h> 17 #include <linux/interrupt.h> 18 #include <linux/miscdevice.h> 19 #include <linux/fs.h> 20 #include <linux/compat.h> 21 #include <linux/slab.h> 22 #include <linux/atomic.h> 23 #include <linux/uaccess.h> 24 #include <linux/hw_random.h> 25 #include <linux/debugfs.h> 26 #include <linux/cdev.h> 27 #include <linux/ctype.h> 28 #include <asm/debug.h> 29 30 #define CREATE_TRACE_POINTS 31 #include <asm/trace/zcrypt.h> 32 33 #include "zcrypt_api.h" 34 #include "zcrypt_debug.h" 35 36 #include "zcrypt_msgtype6.h" 37 #include "zcrypt_msgtype50.h" 38 #include "zcrypt_ccamisc.h" 39 #include "zcrypt_ep11misc.h" 40 41 /* 42 * Module description. 43 */ 44 MODULE_AUTHOR("IBM Corporation"); 45 MODULE_DESCRIPTION("Cryptographic Coprocessor interface, " \ 46 "Copyright IBM Corp. 2001, 2012"); 47 MODULE_LICENSE("GPL"); 48 49 /* 50 * zcrypt tracepoint functions 51 */ 52 EXPORT_TRACEPOINT_SYMBOL(s390_zcrypt_req); 53 EXPORT_TRACEPOINT_SYMBOL(s390_zcrypt_rep); 54 55 static int zcrypt_hwrng_seed = 1; 56 module_param_named(hwrng_seed, zcrypt_hwrng_seed, int, 0440); 57 MODULE_PARM_DESC(hwrng_seed, "Turn on/off hwrng auto seed, default is 1 (on)."); 58 59 DEFINE_SPINLOCK(zcrypt_list_lock); 60 LIST_HEAD(zcrypt_card_list); 61 int zcrypt_device_count; 62 63 static atomic_t zcrypt_open_count = ATOMIC_INIT(0); 64 static atomic_t zcrypt_rescan_count = ATOMIC_INIT(0); 65 66 atomic_t zcrypt_rescan_req = ATOMIC_INIT(0); 67 EXPORT_SYMBOL(zcrypt_rescan_req); 68 69 static LIST_HEAD(zcrypt_ops_list); 70 71 /* Zcrypt related debug feature stuff. */ 72 debug_info_t *zcrypt_dbf_info; 73 74 /** 75 * Process a rescan of the transport layer. 76 * 77 * Returns 1, if the rescan has been processed, otherwise 0. 78 */ 79 static inline int zcrypt_process_rescan(void) 80 { 81 if (atomic_read(&zcrypt_rescan_req)) { 82 atomic_set(&zcrypt_rescan_req, 0); 83 atomic_inc(&zcrypt_rescan_count); 84 ap_bus_force_rescan(); 85 ZCRYPT_DBF(DBF_INFO, "rescan count=%07d\n", 86 atomic_inc_return(&zcrypt_rescan_count)); 87 return 1; 88 } 89 return 0; 90 } 91 92 void zcrypt_msgtype_register(struct zcrypt_ops *zops) 93 { 94 list_add_tail(&zops->list, &zcrypt_ops_list); 95 } 96 97 void zcrypt_msgtype_unregister(struct zcrypt_ops *zops) 98 { 99 list_del_init(&zops->list); 100 } 101 102 struct zcrypt_ops *zcrypt_msgtype(unsigned char *name, int variant) 103 { 104 struct zcrypt_ops *zops; 105 106 list_for_each_entry(zops, &zcrypt_ops_list, list) 107 if ((zops->variant == variant) && 108 (!strncmp(zops->name, name, sizeof(zops->name)))) 109 return zops; 110 return NULL; 111 } 112 EXPORT_SYMBOL(zcrypt_msgtype); 113 114 /* 115 * Multi device nodes extension functions. 116 */ 117 118 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 119 120 struct zcdn_device; 121 122 static struct class *zcrypt_class; 123 static dev_t zcrypt_devt; 124 static struct cdev zcrypt_cdev; 125 126 struct zcdn_device { 127 struct device device; 128 struct ap_perms perms; 129 }; 130 131 #define to_zcdn_dev(x) container_of((x), struct zcdn_device, device) 132 133 #define ZCDN_MAX_NAME 32 134 135 static int zcdn_create(const char *name); 136 static int zcdn_destroy(const char *name); 137 138 /* 139 * Find zcdn device by name. 140 * Returns reference to the zcdn device which needs to be released 141 * with put_device() after use. 142 */ 143 static inline struct zcdn_device *find_zcdndev_by_name(const char *name) 144 { 145 struct device *dev = class_find_device_by_name(zcrypt_class, name); 146 147 return dev ? to_zcdn_dev(dev) : NULL; 148 } 149 150 /* 151 * Find zcdn device by devt value. 152 * Returns reference to the zcdn device which needs to be released 153 * with put_device() after use. 154 */ 155 static inline struct zcdn_device *find_zcdndev_by_devt(dev_t devt) 156 { 157 struct device *dev = class_find_device_by_devt(zcrypt_class, devt); 158 159 return dev ? to_zcdn_dev(dev) : NULL; 160 } 161 162 static ssize_t ioctlmask_show(struct device *dev, 163 struct device_attribute *attr, 164 char *buf) 165 { 166 int i, rc; 167 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 168 169 if (mutex_lock_interruptible(&ap_perms_mutex)) 170 return -ERESTARTSYS; 171 172 buf[0] = '0'; 173 buf[1] = 'x'; 174 for (i = 0; i < sizeof(zcdndev->perms.ioctlm) / sizeof(long); i++) 175 snprintf(buf + 2 + 2 * i * sizeof(long), 176 PAGE_SIZE - 2 - 2 * i * sizeof(long), 177 "%016lx", zcdndev->perms.ioctlm[i]); 178 buf[2 + 2 * i * sizeof(long)] = '\n'; 179 buf[2 + 2 * i * sizeof(long) + 1] = '\0'; 180 rc = 2 + 2 * i * sizeof(long) + 1; 181 182 mutex_unlock(&ap_perms_mutex); 183 184 return rc; 185 } 186 187 static ssize_t ioctlmask_store(struct device *dev, 188 struct device_attribute *attr, 189 const char *buf, size_t count) 190 { 191 int rc; 192 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 193 194 rc = ap_parse_mask_str(buf, zcdndev->perms.ioctlm, 195 AP_IOCTLS, &ap_perms_mutex); 196 if (rc) 197 return rc; 198 199 return count; 200 } 201 202 static DEVICE_ATTR_RW(ioctlmask); 203 204 static ssize_t apmask_show(struct device *dev, 205 struct device_attribute *attr, 206 char *buf) 207 { 208 int i, rc; 209 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 210 211 if (mutex_lock_interruptible(&ap_perms_mutex)) 212 return -ERESTARTSYS; 213 214 buf[0] = '0'; 215 buf[1] = 'x'; 216 for (i = 0; i < sizeof(zcdndev->perms.apm) / sizeof(long); i++) 217 snprintf(buf + 2 + 2 * i * sizeof(long), 218 PAGE_SIZE - 2 - 2 * i * sizeof(long), 219 "%016lx", zcdndev->perms.apm[i]); 220 buf[2 + 2 * i * sizeof(long)] = '\n'; 221 buf[2 + 2 * i * sizeof(long) + 1] = '\0'; 222 rc = 2 + 2 * i * sizeof(long) + 1; 223 224 mutex_unlock(&ap_perms_mutex); 225 226 return rc; 227 } 228 229 static ssize_t apmask_store(struct device *dev, 230 struct device_attribute *attr, 231 const char *buf, size_t count) 232 { 233 int rc; 234 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 235 236 rc = ap_parse_mask_str(buf, zcdndev->perms.apm, 237 AP_DEVICES, &ap_perms_mutex); 238 if (rc) 239 return rc; 240 241 return count; 242 } 243 244 static DEVICE_ATTR_RW(apmask); 245 246 static ssize_t aqmask_show(struct device *dev, 247 struct device_attribute *attr, 248 char *buf) 249 { 250 int i, rc; 251 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 252 253 if (mutex_lock_interruptible(&ap_perms_mutex)) 254 return -ERESTARTSYS; 255 256 buf[0] = '0'; 257 buf[1] = 'x'; 258 for (i = 0; i < sizeof(zcdndev->perms.aqm) / sizeof(long); i++) 259 snprintf(buf + 2 + 2 * i * sizeof(long), 260 PAGE_SIZE - 2 - 2 * i * sizeof(long), 261 "%016lx", zcdndev->perms.aqm[i]); 262 buf[2 + 2 * i * sizeof(long)] = '\n'; 263 buf[2 + 2 * i * sizeof(long) + 1] = '\0'; 264 rc = 2 + 2 * i * sizeof(long) + 1; 265 266 mutex_unlock(&ap_perms_mutex); 267 268 return rc; 269 } 270 271 static ssize_t aqmask_store(struct device *dev, 272 struct device_attribute *attr, 273 const char *buf, size_t count) 274 { 275 int rc; 276 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 277 278 rc = ap_parse_mask_str(buf, zcdndev->perms.aqm, 279 AP_DOMAINS, &ap_perms_mutex); 280 if (rc) 281 return rc; 282 283 return count; 284 } 285 286 static DEVICE_ATTR_RW(aqmask); 287 288 static struct attribute *zcdn_dev_attrs[] = { 289 &dev_attr_ioctlmask.attr, 290 &dev_attr_apmask.attr, 291 &dev_attr_aqmask.attr, 292 NULL 293 }; 294 295 static struct attribute_group zcdn_dev_attr_group = { 296 .attrs = zcdn_dev_attrs 297 }; 298 299 static const struct attribute_group *zcdn_dev_attr_groups[] = { 300 &zcdn_dev_attr_group, 301 NULL 302 }; 303 304 static ssize_t zcdn_create_store(struct class *class, 305 struct class_attribute *attr, 306 const char *buf, size_t count) 307 { 308 int rc; 309 char name[ZCDN_MAX_NAME]; 310 311 strncpy(name, skip_spaces(buf), sizeof(name)); 312 name[sizeof(name) - 1] = '\0'; 313 314 rc = zcdn_create(strim(name)); 315 316 return rc ? rc : count; 317 } 318 319 static const struct class_attribute class_attr_zcdn_create = 320 __ATTR(create, 0600, NULL, zcdn_create_store); 321 322 static ssize_t zcdn_destroy_store(struct class *class, 323 struct class_attribute *attr, 324 const char *buf, size_t count) 325 { 326 int rc; 327 char name[ZCDN_MAX_NAME]; 328 329 strncpy(name, skip_spaces(buf), sizeof(name)); 330 name[sizeof(name) - 1] = '\0'; 331 332 rc = zcdn_destroy(strim(name)); 333 334 return rc ? rc : count; 335 } 336 337 static const struct class_attribute class_attr_zcdn_destroy = 338 __ATTR(destroy, 0600, NULL, zcdn_destroy_store); 339 340 static void zcdn_device_release(struct device *dev) 341 { 342 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 343 344 ZCRYPT_DBF(DBF_INFO, "releasing zcdn device %d:%d\n", 345 MAJOR(dev->devt), MINOR(dev->devt)); 346 347 kfree(zcdndev); 348 } 349 350 static int zcdn_create(const char *name) 351 { 352 dev_t devt; 353 int i, rc = 0; 354 char nodename[ZCDN_MAX_NAME]; 355 struct zcdn_device *zcdndev; 356 357 if (mutex_lock_interruptible(&ap_perms_mutex)) 358 return -ERESTARTSYS; 359 360 /* check if device node with this name already exists */ 361 if (name[0]) { 362 zcdndev = find_zcdndev_by_name(name); 363 if (zcdndev) { 364 put_device(&zcdndev->device); 365 rc = -EEXIST; 366 goto unlockout; 367 } 368 } 369 370 /* find an unused minor number */ 371 for (i = 0; i < ZCRYPT_MAX_MINOR_NODES; i++) { 372 devt = MKDEV(MAJOR(zcrypt_devt), MINOR(zcrypt_devt) + i); 373 zcdndev = find_zcdndev_by_devt(devt); 374 if (zcdndev) 375 put_device(&zcdndev->device); 376 else 377 break; 378 } 379 if (i == ZCRYPT_MAX_MINOR_NODES) { 380 rc = -ENOSPC; 381 goto unlockout; 382 } 383 384 /* alloc and prepare a new zcdn device */ 385 zcdndev = kzalloc(sizeof(*zcdndev), GFP_KERNEL); 386 if (!zcdndev) { 387 rc = -ENOMEM; 388 goto unlockout; 389 } 390 zcdndev->device.release = zcdn_device_release; 391 zcdndev->device.class = zcrypt_class; 392 zcdndev->device.devt = devt; 393 zcdndev->device.groups = zcdn_dev_attr_groups; 394 if (name[0]) 395 strncpy(nodename, name, sizeof(nodename)); 396 else 397 snprintf(nodename, sizeof(nodename), 398 ZCRYPT_NAME "_%d", (int) MINOR(devt)); 399 nodename[sizeof(nodename)-1] = '\0'; 400 if (dev_set_name(&zcdndev->device, nodename)) { 401 rc = -EINVAL; 402 goto unlockout; 403 } 404 rc = device_register(&zcdndev->device); 405 if (rc) { 406 put_device(&zcdndev->device); 407 goto unlockout; 408 } 409 410 ZCRYPT_DBF(DBF_INFO, "created zcdn device %d:%d\n", 411 MAJOR(devt), MINOR(devt)); 412 413 unlockout: 414 mutex_unlock(&ap_perms_mutex); 415 return rc; 416 } 417 418 static int zcdn_destroy(const char *name) 419 { 420 int rc = 0; 421 struct zcdn_device *zcdndev; 422 423 if (mutex_lock_interruptible(&ap_perms_mutex)) 424 return -ERESTARTSYS; 425 426 /* try to find this zcdn device */ 427 zcdndev = find_zcdndev_by_name(name); 428 if (!zcdndev) { 429 rc = -ENOENT; 430 goto unlockout; 431 } 432 433 /* 434 * The zcdn device is not hard destroyed. It is subject to 435 * reference counting and thus just needs to be unregistered. 436 */ 437 put_device(&zcdndev->device); 438 device_unregister(&zcdndev->device); 439 440 unlockout: 441 mutex_unlock(&ap_perms_mutex); 442 return rc; 443 } 444 445 static void zcdn_destroy_all(void) 446 { 447 int i; 448 dev_t devt; 449 struct zcdn_device *zcdndev; 450 451 mutex_lock(&ap_perms_mutex); 452 for (i = 0; i < ZCRYPT_MAX_MINOR_NODES; i++) { 453 devt = MKDEV(MAJOR(zcrypt_devt), MINOR(zcrypt_devt) + i); 454 zcdndev = find_zcdndev_by_devt(devt); 455 if (zcdndev) { 456 put_device(&zcdndev->device); 457 device_unregister(&zcdndev->device); 458 } 459 } 460 mutex_unlock(&ap_perms_mutex); 461 } 462 463 #endif 464 465 /** 466 * zcrypt_read (): Not supported beyond zcrypt 1.3.1. 467 * 468 * This function is not supported beyond zcrypt 1.3.1. 469 */ 470 static ssize_t zcrypt_read(struct file *filp, char __user *buf, 471 size_t count, loff_t *f_pos) 472 { 473 return -EPERM; 474 } 475 476 /** 477 * zcrypt_write(): Not allowed. 478 * 479 * Write is is not allowed 480 */ 481 static ssize_t zcrypt_write(struct file *filp, const char __user *buf, 482 size_t count, loff_t *f_pos) 483 { 484 return -EPERM; 485 } 486 487 /** 488 * zcrypt_open(): Count number of users. 489 * 490 * Device open function to count number of users. 491 */ 492 static int zcrypt_open(struct inode *inode, struct file *filp) 493 { 494 struct ap_perms *perms = &ap_perms; 495 496 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 497 if (filp->f_inode->i_cdev == &zcrypt_cdev) { 498 struct zcdn_device *zcdndev; 499 500 if (mutex_lock_interruptible(&ap_perms_mutex)) 501 return -ERESTARTSYS; 502 zcdndev = find_zcdndev_by_devt(filp->f_inode->i_rdev); 503 /* find returns a reference, no get_device() needed */ 504 mutex_unlock(&ap_perms_mutex); 505 if (zcdndev) 506 perms = &zcdndev->perms; 507 } 508 #endif 509 filp->private_data = (void *) perms; 510 511 atomic_inc(&zcrypt_open_count); 512 return stream_open(inode, filp); 513 } 514 515 /** 516 * zcrypt_release(): Count number of users. 517 * 518 * Device close function to count number of users. 519 */ 520 static int zcrypt_release(struct inode *inode, struct file *filp) 521 { 522 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 523 if (filp->f_inode->i_cdev == &zcrypt_cdev) { 524 struct zcdn_device *zcdndev; 525 526 mutex_lock(&ap_perms_mutex); 527 zcdndev = find_zcdndev_by_devt(filp->f_inode->i_rdev); 528 mutex_unlock(&ap_perms_mutex); 529 if (zcdndev) { 530 /* 2 puts here: one for find, one for open */ 531 put_device(&zcdndev->device); 532 put_device(&zcdndev->device); 533 } 534 } 535 #endif 536 537 atomic_dec(&zcrypt_open_count); 538 return 0; 539 } 540 541 static inline int zcrypt_check_ioctl(struct ap_perms *perms, 542 unsigned int cmd) 543 { 544 int rc = -EPERM; 545 int ioctlnr = (cmd & _IOC_NRMASK) >> _IOC_NRSHIFT; 546 547 if (ioctlnr > 0 && ioctlnr < AP_IOCTLS) { 548 if (test_bit_inv(ioctlnr, perms->ioctlm)) 549 rc = 0; 550 } 551 552 if (rc) 553 ZCRYPT_DBF(DBF_WARN, 554 "ioctl check failed: ioctlnr=0x%04x rc=%d\n", 555 ioctlnr, rc); 556 557 return rc; 558 } 559 560 static inline bool zcrypt_check_card(struct ap_perms *perms, int card) 561 { 562 return test_bit_inv(card, perms->apm) ? true : false; 563 } 564 565 static inline bool zcrypt_check_queue(struct ap_perms *perms, int queue) 566 { 567 return test_bit_inv(queue, perms->aqm) ? true : false; 568 } 569 570 static inline struct zcrypt_queue *zcrypt_pick_queue(struct zcrypt_card *zc, 571 struct zcrypt_queue *zq, 572 struct module **pmod, 573 unsigned int weight) 574 { 575 if (!zq || !try_module_get(zq->queue->ap_dev.drv->driver.owner)) 576 return NULL; 577 zcrypt_queue_get(zq); 578 get_device(&zq->queue->ap_dev.device); 579 atomic_add(weight, &zc->load); 580 atomic_add(weight, &zq->load); 581 zq->request_count++; 582 *pmod = zq->queue->ap_dev.drv->driver.owner; 583 return zq; 584 } 585 586 static inline void zcrypt_drop_queue(struct zcrypt_card *zc, 587 struct zcrypt_queue *zq, 588 struct module *mod, 589 unsigned int weight) 590 { 591 zq->request_count--; 592 atomic_sub(weight, &zc->load); 593 atomic_sub(weight, &zq->load); 594 put_device(&zq->queue->ap_dev.device); 595 zcrypt_queue_put(zq); 596 module_put(mod); 597 } 598 599 static inline bool zcrypt_card_compare(struct zcrypt_card *zc, 600 struct zcrypt_card *pref_zc, 601 unsigned int weight, 602 unsigned int pref_weight) 603 { 604 if (!pref_zc) 605 return false; 606 weight += atomic_read(&zc->load); 607 pref_weight += atomic_read(&pref_zc->load); 608 if (weight == pref_weight) 609 return atomic64_read(&zc->card->total_request_count) > 610 atomic64_read(&pref_zc->card->total_request_count); 611 return weight > pref_weight; 612 } 613 614 static inline bool zcrypt_queue_compare(struct zcrypt_queue *zq, 615 struct zcrypt_queue *pref_zq, 616 unsigned int weight, 617 unsigned int pref_weight) 618 { 619 if (!pref_zq) 620 return false; 621 weight += atomic_read(&zq->load); 622 pref_weight += atomic_read(&pref_zq->load); 623 if (weight == pref_weight) 624 return zq->queue->total_request_count > 625 pref_zq->queue->total_request_count; 626 return weight > pref_weight; 627 } 628 629 /* 630 * zcrypt ioctls. 631 */ 632 static long zcrypt_rsa_modexpo(struct ap_perms *perms, 633 struct ica_rsa_modexpo *mex) 634 { 635 struct zcrypt_card *zc, *pref_zc; 636 struct zcrypt_queue *zq, *pref_zq; 637 unsigned int weight = 0, pref_weight = 0; 638 unsigned int func_code; 639 int qid = 0, rc = -ENODEV; 640 struct module *mod; 641 642 trace_s390_zcrypt_req(mex, TP_ICARSAMODEXPO); 643 644 if (mex->outputdatalength < mex->inputdatalength) { 645 func_code = 0; 646 rc = -EINVAL; 647 goto out; 648 } 649 650 /* 651 * As long as outputdatalength is big enough, we can set the 652 * outputdatalength equal to the inputdatalength, since that is the 653 * number of bytes we will copy in any case 654 */ 655 mex->outputdatalength = mex->inputdatalength; 656 657 rc = get_rsa_modex_fc(mex, &func_code); 658 if (rc) 659 goto out; 660 661 pref_zc = NULL; 662 pref_zq = NULL; 663 spin_lock(&zcrypt_list_lock); 664 for_each_zcrypt_card(zc) { 665 /* Check for online accelarator and CCA cards */ 666 if (!zc->online || !(zc->card->functions & 0x18000000)) 667 continue; 668 /* Check for size limits */ 669 if (zc->min_mod_size > mex->inputdatalength || 670 zc->max_mod_size < mex->inputdatalength) 671 continue; 672 /* check if device node has admission for this card */ 673 if (!zcrypt_check_card(perms, zc->card->id)) 674 continue; 675 /* get weight index of the card device */ 676 weight = zc->speed_rating[func_code]; 677 if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight)) 678 continue; 679 for_each_zcrypt_queue(zq, zc) { 680 /* check if device is online and eligible */ 681 if (!zq->online || !zq->ops->rsa_modexpo) 682 continue; 683 /* check if device node has admission for this queue */ 684 if (!zcrypt_check_queue(perms, 685 AP_QID_QUEUE(zq->queue->qid))) 686 continue; 687 if (zcrypt_queue_compare(zq, pref_zq, 688 weight, pref_weight)) 689 continue; 690 pref_zc = zc; 691 pref_zq = zq; 692 pref_weight = weight; 693 } 694 } 695 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, weight); 696 spin_unlock(&zcrypt_list_lock); 697 698 if (!pref_zq) { 699 rc = -ENODEV; 700 goto out; 701 } 702 703 qid = pref_zq->queue->qid; 704 rc = pref_zq->ops->rsa_modexpo(pref_zq, mex); 705 706 spin_lock(&zcrypt_list_lock); 707 zcrypt_drop_queue(pref_zc, pref_zq, mod, weight); 708 spin_unlock(&zcrypt_list_lock); 709 710 out: 711 trace_s390_zcrypt_rep(mex, func_code, rc, 712 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 713 return rc; 714 } 715 716 static long zcrypt_rsa_crt(struct ap_perms *perms, 717 struct ica_rsa_modexpo_crt *crt) 718 { 719 struct zcrypt_card *zc, *pref_zc; 720 struct zcrypt_queue *zq, *pref_zq; 721 unsigned int weight = 0, pref_weight = 0; 722 unsigned int func_code; 723 int qid = 0, rc = -ENODEV; 724 struct module *mod; 725 726 trace_s390_zcrypt_req(crt, TP_ICARSACRT); 727 728 if (crt->outputdatalength < crt->inputdatalength) { 729 func_code = 0; 730 rc = -EINVAL; 731 goto out; 732 } 733 734 /* 735 * As long as outputdatalength is big enough, we can set the 736 * outputdatalength equal to the inputdatalength, since that is the 737 * number of bytes we will copy in any case 738 */ 739 crt->outputdatalength = crt->inputdatalength; 740 741 rc = get_rsa_crt_fc(crt, &func_code); 742 if (rc) 743 goto out; 744 745 pref_zc = NULL; 746 pref_zq = NULL; 747 spin_lock(&zcrypt_list_lock); 748 for_each_zcrypt_card(zc) { 749 /* Check for online accelarator and CCA cards */ 750 if (!zc->online || !(zc->card->functions & 0x18000000)) 751 continue; 752 /* Check for size limits */ 753 if (zc->min_mod_size > crt->inputdatalength || 754 zc->max_mod_size < crt->inputdatalength) 755 continue; 756 /* check if device node has admission for this card */ 757 if (!zcrypt_check_card(perms, zc->card->id)) 758 continue; 759 /* get weight index of the card device */ 760 weight = zc->speed_rating[func_code]; 761 if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight)) 762 continue; 763 for_each_zcrypt_queue(zq, zc) { 764 /* check if device is online and eligible */ 765 if (!zq->online || !zq->ops->rsa_modexpo_crt) 766 continue; 767 /* check if device node has admission for this queue */ 768 if (!zcrypt_check_queue(perms, 769 AP_QID_QUEUE(zq->queue->qid))) 770 continue; 771 if (zcrypt_queue_compare(zq, pref_zq, 772 weight, pref_weight)) 773 continue; 774 pref_zc = zc; 775 pref_zq = zq; 776 pref_weight = weight; 777 } 778 } 779 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, weight); 780 spin_unlock(&zcrypt_list_lock); 781 782 if (!pref_zq) { 783 rc = -ENODEV; 784 goto out; 785 } 786 787 qid = pref_zq->queue->qid; 788 rc = pref_zq->ops->rsa_modexpo_crt(pref_zq, crt); 789 790 spin_lock(&zcrypt_list_lock); 791 zcrypt_drop_queue(pref_zc, pref_zq, mod, weight); 792 spin_unlock(&zcrypt_list_lock); 793 794 out: 795 trace_s390_zcrypt_rep(crt, func_code, rc, 796 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 797 return rc; 798 } 799 800 static long _zcrypt_send_cprb(struct ap_perms *perms, 801 struct ica_xcRB *xcRB) 802 { 803 struct zcrypt_card *zc, *pref_zc; 804 struct zcrypt_queue *zq, *pref_zq; 805 struct ap_message ap_msg; 806 unsigned int weight = 0, pref_weight = 0; 807 unsigned int func_code; 808 unsigned short *domain, tdom; 809 int qid = 0, rc = -ENODEV; 810 struct module *mod; 811 812 trace_s390_zcrypt_req(xcRB, TB_ZSECSENDCPRB); 813 814 xcRB->status = 0; 815 ap_init_message(&ap_msg); 816 rc = get_cprb_fc(xcRB, &ap_msg, &func_code, &domain); 817 if (rc) 818 goto out; 819 820 /* 821 * If a valid target domain is set and this domain is NOT a usage 822 * domain but a control only domain, use the default domain as target. 823 */ 824 tdom = *domain; 825 if (tdom < AP_DOMAINS && 826 !ap_test_config_usage_domain(tdom) && 827 ap_test_config_ctrl_domain(tdom) && 828 ap_domain_index >= 0) 829 tdom = ap_domain_index; 830 831 pref_zc = NULL; 832 pref_zq = NULL; 833 spin_lock(&zcrypt_list_lock); 834 for_each_zcrypt_card(zc) { 835 /* Check for online CCA cards */ 836 if (!zc->online || !(zc->card->functions & 0x10000000)) 837 continue; 838 /* Check for user selected CCA card */ 839 if (xcRB->user_defined != AUTOSELECT && 840 xcRB->user_defined != zc->card->id) 841 continue; 842 /* check if device node has admission for this card */ 843 if (!zcrypt_check_card(perms, zc->card->id)) 844 continue; 845 /* get weight index of the card device */ 846 weight = speed_idx_cca(func_code) * zc->speed_rating[SECKEY]; 847 if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight)) 848 continue; 849 for_each_zcrypt_queue(zq, zc) { 850 /* check if device is online and eligible */ 851 if (!zq->online || 852 !zq->ops->send_cprb || 853 (tdom != AUTOSEL_DOM && 854 tdom != AP_QID_QUEUE(zq->queue->qid))) 855 continue; 856 /* check if device node has admission for this queue */ 857 if (!zcrypt_check_queue(perms, 858 AP_QID_QUEUE(zq->queue->qid))) 859 continue; 860 if (zcrypt_queue_compare(zq, pref_zq, 861 weight, pref_weight)) 862 continue; 863 pref_zc = zc; 864 pref_zq = zq; 865 pref_weight = weight; 866 } 867 } 868 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, weight); 869 spin_unlock(&zcrypt_list_lock); 870 871 if (!pref_zq) { 872 rc = -ENODEV; 873 goto out; 874 } 875 876 /* in case of auto select, provide the correct domain */ 877 qid = pref_zq->queue->qid; 878 if (*domain == AUTOSEL_DOM) 879 *domain = AP_QID_QUEUE(qid); 880 881 rc = pref_zq->ops->send_cprb(pref_zq, xcRB, &ap_msg); 882 883 spin_lock(&zcrypt_list_lock); 884 zcrypt_drop_queue(pref_zc, pref_zq, mod, weight); 885 spin_unlock(&zcrypt_list_lock); 886 887 out: 888 ap_release_message(&ap_msg); 889 trace_s390_zcrypt_rep(xcRB, func_code, rc, 890 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 891 return rc; 892 } 893 894 long zcrypt_send_cprb(struct ica_xcRB *xcRB) 895 { 896 return _zcrypt_send_cprb(&ap_perms, xcRB); 897 } 898 EXPORT_SYMBOL(zcrypt_send_cprb); 899 900 static bool is_desired_ep11_card(unsigned int dev_id, 901 unsigned short target_num, 902 struct ep11_target_dev *targets) 903 { 904 while (target_num-- > 0) { 905 if (targets->ap_id == dev_id || targets->ap_id == AUTOSEL_AP) 906 return true; 907 targets++; 908 } 909 return false; 910 } 911 912 static bool is_desired_ep11_queue(unsigned int dev_qid, 913 unsigned short target_num, 914 struct ep11_target_dev *targets) 915 { 916 int card = AP_QID_CARD(dev_qid), dom = AP_QID_QUEUE(dev_qid); 917 918 while (target_num-- > 0) { 919 if ((targets->ap_id == card || targets->ap_id == AUTOSEL_AP) && 920 (targets->dom_id == dom || targets->dom_id == AUTOSEL_DOM)) 921 return true; 922 targets++; 923 } 924 return false; 925 } 926 927 static long _zcrypt_send_ep11_cprb(struct ap_perms *perms, 928 struct ep11_urb *xcrb) 929 { 930 struct zcrypt_card *zc, *pref_zc; 931 struct zcrypt_queue *zq, *pref_zq; 932 struct ep11_target_dev *targets; 933 unsigned short target_num; 934 unsigned int weight = 0, pref_weight = 0; 935 unsigned int func_code; 936 struct ap_message ap_msg; 937 int qid = 0, rc = -ENODEV; 938 struct module *mod; 939 940 trace_s390_zcrypt_req(xcrb, TP_ZSENDEP11CPRB); 941 942 ap_init_message(&ap_msg); 943 944 target_num = (unsigned short) xcrb->targets_num; 945 946 /* empty list indicates autoselect (all available targets) */ 947 targets = NULL; 948 if (target_num != 0) { 949 struct ep11_target_dev __user *uptr; 950 951 targets = kcalloc(target_num, sizeof(*targets), GFP_KERNEL); 952 if (!targets) { 953 func_code = 0; 954 rc = -ENOMEM; 955 goto out; 956 } 957 958 uptr = (struct ep11_target_dev __force __user *) xcrb->targets; 959 if (copy_from_user(targets, uptr, 960 target_num * sizeof(*targets))) { 961 func_code = 0; 962 rc = -EFAULT; 963 goto out_free; 964 } 965 } 966 967 rc = get_ep11cprb_fc(xcrb, &ap_msg, &func_code); 968 if (rc) 969 goto out_free; 970 971 pref_zc = NULL; 972 pref_zq = NULL; 973 spin_lock(&zcrypt_list_lock); 974 for_each_zcrypt_card(zc) { 975 /* Check for online EP11 cards */ 976 if (!zc->online || !(zc->card->functions & 0x04000000)) 977 continue; 978 /* Check for user selected EP11 card */ 979 if (targets && 980 !is_desired_ep11_card(zc->card->id, target_num, targets)) 981 continue; 982 /* check if device node has admission for this card */ 983 if (!zcrypt_check_card(perms, zc->card->id)) 984 continue; 985 /* get weight index of the card device */ 986 weight = speed_idx_ep11(func_code) * zc->speed_rating[SECKEY]; 987 if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight)) 988 continue; 989 for_each_zcrypt_queue(zq, zc) { 990 /* check if device is online and eligible */ 991 if (!zq->online || 992 !zq->ops->send_ep11_cprb || 993 (targets && 994 !is_desired_ep11_queue(zq->queue->qid, 995 target_num, targets))) 996 continue; 997 /* check if device node has admission for this queue */ 998 if (!zcrypt_check_queue(perms, 999 AP_QID_QUEUE(zq->queue->qid))) 1000 continue; 1001 if (zcrypt_queue_compare(zq, pref_zq, 1002 weight, pref_weight)) 1003 continue; 1004 pref_zc = zc; 1005 pref_zq = zq; 1006 pref_weight = weight; 1007 } 1008 } 1009 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, weight); 1010 spin_unlock(&zcrypt_list_lock); 1011 1012 if (!pref_zq) { 1013 rc = -ENODEV; 1014 goto out_free; 1015 } 1016 1017 qid = pref_zq->queue->qid; 1018 rc = pref_zq->ops->send_ep11_cprb(pref_zq, xcrb, &ap_msg); 1019 1020 spin_lock(&zcrypt_list_lock); 1021 zcrypt_drop_queue(pref_zc, pref_zq, mod, weight); 1022 spin_unlock(&zcrypt_list_lock); 1023 1024 out_free: 1025 kfree(targets); 1026 out: 1027 ap_release_message(&ap_msg); 1028 trace_s390_zcrypt_rep(xcrb, func_code, rc, 1029 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 1030 return rc; 1031 } 1032 1033 long zcrypt_send_ep11_cprb(struct ep11_urb *xcrb) 1034 { 1035 return _zcrypt_send_ep11_cprb(&ap_perms, xcrb); 1036 } 1037 EXPORT_SYMBOL(zcrypt_send_ep11_cprb); 1038 1039 static long zcrypt_rng(char *buffer) 1040 { 1041 struct zcrypt_card *zc, *pref_zc; 1042 struct zcrypt_queue *zq, *pref_zq; 1043 unsigned int weight = 0, pref_weight = 0; 1044 unsigned int func_code; 1045 struct ap_message ap_msg; 1046 unsigned int domain; 1047 int qid = 0, rc = -ENODEV; 1048 struct module *mod; 1049 1050 trace_s390_zcrypt_req(buffer, TP_HWRNGCPRB); 1051 1052 ap_init_message(&ap_msg); 1053 rc = get_rng_fc(&ap_msg, &func_code, &domain); 1054 if (rc) 1055 goto out; 1056 1057 pref_zc = NULL; 1058 pref_zq = NULL; 1059 spin_lock(&zcrypt_list_lock); 1060 for_each_zcrypt_card(zc) { 1061 /* Check for online CCA cards */ 1062 if (!zc->online || !(zc->card->functions & 0x10000000)) 1063 continue; 1064 /* get weight index of the card device */ 1065 weight = zc->speed_rating[func_code]; 1066 if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight)) 1067 continue; 1068 for_each_zcrypt_queue(zq, zc) { 1069 /* check if device is online and eligible */ 1070 if (!zq->online || !zq->ops->rng) 1071 continue; 1072 if (zcrypt_queue_compare(zq, pref_zq, 1073 weight, pref_weight)) 1074 continue; 1075 pref_zc = zc; 1076 pref_zq = zq; 1077 pref_weight = weight; 1078 } 1079 } 1080 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, weight); 1081 spin_unlock(&zcrypt_list_lock); 1082 1083 if (!pref_zq) { 1084 rc = -ENODEV; 1085 goto out; 1086 } 1087 1088 qid = pref_zq->queue->qid; 1089 rc = pref_zq->ops->rng(pref_zq, buffer, &ap_msg); 1090 1091 spin_lock(&zcrypt_list_lock); 1092 zcrypt_drop_queue(pref_zc, pref_zq, mod, weight); 1093 spin_unlock(&zcrypt_list_lock); 1094 1095 out: 1096 ap_release_message(&ap_msg); 1097 trace_s390_zcrypt_rep(buffer, func_code, rc, 1098 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 1099 return rc; 1100 } 1101 1102 static void zcrypt_device_status_mask(struct zcrypt_device_status *devstatus) 1103 { 1104 struct zcrypt_card *zc; 1105 struct zcrypt_queue *zq; 1106 struct zcrypt_device_status *stat; 1107 int card, queue; 1108 1109 memset(devstatus, 0, MAX_ZDEV_ENTRIES 1110 * sizeof(struct zcrypt_device_status)); 1111 1112 spin_lock(&zcrypt_list_lock); 1113 for_each_zcrypt_card(zc) { 1114 for_each_zcrypt_queue(zq, zc) { 1115 card = AP_QID_CARD(zq->queue->qid); 1116 if (card >= MAX_ZDEV_CARDIDS) 1117 continue; 1118 queue = AP_QID_QUEUE(zq->queue->qid); 1119 stat = &devstatus[card * AP_DOMAINS + queue]; 1120 stat->hwtype = zc->card->ap_dev.device_type; 1121 stat->functions = zc->card->functions >> 26; 1122 stat->qid = zq->queue->qid; 1123 stat->online = zq->online ? 0x01 : 0x00; 1124 } 1125 } 1126 spin_unlock(&zcrypt_list_lock); 1127 } 1128 1129 void zcrypt_device_status_mask_ext(struct zcrypt_device_status_ext *devstatus) 1130 { 1131 struct zcrypt_card *zc; 1132 struct zcrypt_queue *zq; 1133 struct zcrypt_device_status_ext *stat; 1134 int card, queue; 1135 1136 memset(devstatus, 0, MAX_ZDEV_ENTRIES_EXT 1137 * sizeof(struct zcrypt_device_status_ext)); 1138 1139 spin_lock(&zcrypt_list_lock); 1140 for_each_zcrypt_card(zc) { 1141 for_each_zcrypt_queue(zq, zc) { 1142 card = AP_QID_CARD(zq->queue->qid); 1143 queue = AP_QID_QUEUE(zq->queue->qid); 1144 stat = &devstatus[card * AP_DOMAINS + queue]; 1145 stat->hwtype = zc->card->ap_dev.device_type; 1146 stat->functions = zc->card->functions >> 26; 1147 stat->qid = zq->queue->qid; 1148 stat->online = zq->online ? 0x01 : 0x00; 1149 } 1150 } 1151 spin_unlock(&zcrypt_list_lock); 1152 } 1153 EXPORT_SYMBOL(zcrypt_device_status_mask_ext); 1154 1155 int zcrypt_device_status_ext(int card, int queue, 1156 struct zcrypt_device_status_ext *devstat) 1157 { 1158 struct zcrypt_card *zc; 1159 struct zcrypt_queue *zq; 1160 1161 memset(devstat, 0, sizeof(*devstat)); 1162 1163 spin_lock(&zcrypt_list_lock); 1164 for_each_zcrypt_card(zc) { 1165 for_each_zcrypt_queue(zq, zc) { 1166 if (card == AP_QID_CARD(zq->queue->qid) && 1167 queue == AP_QID_QUEUE(zq->queue->qid)) { 1168 devstat->hwtype = zc->card->ap_dev.device_type; 1169 devstat->functions = zc->card->functions >> 26; 1170 devstat->qid = zq->queue->qid; 1171 devstat->online = zq->online ? 0x01 : 0x00; 1172 spin_unlock(&zcrypt_list_lock); 1173 return 0; 1174 } 1175 } 1176 } 1177 spin_unlock(&zcrypt_list_lock); 1178 1179 return -ENODEV; 1180 } 1181 EXPORT_SYMBOL(zcrypt_device_status_ext); 1182 1183 static void zcrypt_status_mask(char status[], size_t max_adapters) 1184 { 1185 struct zcrypt_card *zc; 1186 struct zcrypt_queue *zq; 1187 int card; 1188 1189 memset(status, 0, max_adapters); 1190 spin_lock(&zcrypt_list_lock); 1191 for_each_zcrypt_card(zc) { 1192 for_each_zcrypt_queue(zq, zc) { 1193 card = AP_QID_CARD(zq->queue->qid); 1194 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index 1195 || card >= max_adapters) 1196 continue; 1197 status[card] = zc->online ? zc->user_space_type : 0x0d; 1198 } 1199 } 1200 spin_unlock(&zcrypt_list_lock); 1201 } 1202 1203 static void zcrypt_qdepth_mask(char qdepth[], size_t max_adapters) 1204 { 1205 struct zcrypt_card *zc; 1206 struct zcrypt_queue *zq; 1207 int card; 1208 1209 memset(qdepth, 0, max_adapters); 1210 spin_lock(&zcrypt_list_lock); 1211 local_bh_disable(); 1212 for_each_zcrypt_card(zc) { 1213 for_each_zcrypt_queue(zq, zc) { 1214 card = AP_QID_CARD(zq->queue->qid); 1215 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index 1216 || card >= max_adapters) 1217 continue; 1218 spin_lock(&zq->queue->lock); 1219 qdepth[card] = 1220 zq->queue->pendingq_count + 1221 zq->queue->requestq_count; 1222 spin_unlock(&zq->queue->lock); 1223 } 1224 } 1225 local_bh_enable(); 1226 spin_unlock(&zcrypt_list_lock); 1227 } 1228 1229 static void zcrypt_perdev_reqcnt(u32 reqcnt[], size_t max_adapters) 1230 { 1231 struct zcrypt_card *zc; 1232 struct zcrypt_queue *zq; 1233 int card; 1234 u64 cnt; 1235 1236 memset(reqcnt, 0, sizeof(int) * max_adapters); 1237 spin_lock(&zcrypt_list_lock); 1238 local_bh_disable(); 1239 for_each_zcrypt_card(zc) { 1240 for_each_zcrypt_queue(zq, zc) { 1241 card = AP_QID_CARD(zq->queue->qid); 1242 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index 1243 || card >= max_adapters) 1244 continue; 1245 spin_lock(&zq->queue->lock); 1246 cnt = zq->queue->total_request_count; 1247 spin_unlock(&zq->queue->lock); 1248 reqcnt[card] = (cnt < UINT_MAX) ? (u32) cnt : UINT_MAX; 1249 } 1250 } 1251 local_bh_enable(); 1252 spin_unlock(&zcrypt_list_lock); 1253 } 1254 1255 static int zcrypt_pendingq_count(void) 1256 { 1257 struct zcrypt_card *zc; 1258 struct zcrypt_queue *zq; 1259 int pendingq_count; 1260 1261 pendingq_count = 0; 1262 spin_lock(&zcrypt_list_lock); 1263 local_bh_disable(); 1264 for_each_zcrypt_card(zc) { 1265 for_each_zcrypt_queue(zq, zc) { 1266 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index) 1267 continue; 1268 spin_lock(&zq->queue->lock); 1269 pendingq_count += zq->queue->pendingq_count; 1270 spin_unlock(&zq->queue->lock); 1271 } 1272 } 1273 local_bh_enable(); 1274 spin_unlock(&zcrypt_list_lock); 1275 return pendingq_count; 1276 } 1277 1278 static int zcrypt_requestq_count(void) 1279 { 1280 struct zcrypt_card *zc; 1281 struct zcrypt_queue *zq; 1282 int requestq_count; 1283 1284 requestq_count = 0; 1285 spin_lock(&zcrypt_list_lock); 1286 local_bh_disable(); 1287 for_each_zcrypt_card(zc) { 1288 for_each_zcrypt_queue(zq, zc) { 1289 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index) 1290 continue; 1291 spin_lock(&zq->queue->lock); 1292 requestq_count += zq->queue->requestq_count; 1293 spin_unlock(&zq->queue->lock); 1294 } 1295 } 1296 local_bh_enable(); 1297 spin_unlock(&zcrypt_list_lock); 1298 return requestq_count; 1299 } 1300 1301 static int icarsamodexpo_ioctl(struct ap_perms *perms, unsigned long arg) 1302 { 1303 int rc; 1304 struct ica_rsa_modexpo mex; 1305 struct ica_rsa_modexpo __user *umex = (void __user *) arg; 1306 1307 if (copy_from_user(&mex, umex, sizeof(mex))) 1308 return -EFAULT; 1309 do { 1310 rc = zcrypt_rsa_modexpo(perms, &mex); 1311 } while (rc == -EAGAIN); 1312 /* on failure: retry once again after a requested rescan */ 1313 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1314 do { 1315 rc = zcrypt_rsa_modexpo(perms, &mex); 1316 } while (rc == -EAGAIN); 1317 if (rc) { 1318 ZCRYPT_DBF(DBF_DEBUG, "ioctl ICARSAMODEXPO rc=%d\n", rc); 1319 return rc; 1320 } 1321 return put_user(mex.outputdatalength, &umex->outputdatalength); 1322 } 1323 1324 static int icarsacrt_ioctl(struct ap_perms *perms, unsigned long arg) 1325 { 1326 int rc; 1327 struct ica_rsa_modexpo_crt crt; 1328 struct ica_rsa_modexpo_crt __user *ucrt = (void __user *) arg; 1329 1330 if (copy_from_user(&crt, ucrt, sizeof(crt))) 1331 return -EFAULT; 1332 do { 1333 rc = zcrypt_rsa_crt(perms, &crt); 1334 } while (rc == -EAGAIN); 1335 /* on failure: retry once again after a requested rescan */ 1336 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1337 do { 1338 rc = zcrypt_rsa_crt(perms, &crt); 1339 } while (rc == -EAGAIN); 1340 if (rc) { 1341 ZCRYPT_DBF(DBF_DEBUG, "ioctl ICARSACRT rc=%d\n", rc); 1342 return rc; 1343 } 1344 return put_user(crt.outputdatalength, &ucrt->outputdatalength); 1345 } 1346 1347 static int zsecsendcprb_ioctl(struct ap_perms *perms, unsigned long arg) 1348 { 1349 int rc; 1350 struct ica_xcRB xcRB; 1351 struct ica_xcRB __user *uxcRB = (void __user *) arg; 1352 1353 if (copy_from_user(&xcRB, uxcRB, sizeof(xcRB))) 1354 return -EFAULT; 1355 do { 1356 rc = _zcrypt_send_cprb(perms, &xcRB); 1357 } while (rc == -EAGAIN); 1358 /* on failure: retry once again after a requested rescan */ 1359 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1360 do { 1361 rc = _zcrypt_send_cprb(perms, &xcRB); 1362 } while (rc == -EAGAIN); 1363 if (rc) 1364 ZCRYPT_DBF(DBF_DEBUG, "ioctl ZSENDCPRB rc=%d status=0x%x\n", 1365 rc, xcRB.status); 1366 if (copy_to_user(uxcRB, &xcRB, sizeof(xcRB))) 1367 return -EFAULT; 1368 return rc; 1369 } 1370 1371 static int zsendep11cprb_ioctl(struct ap_perms *perms, unsigned long arg) 1372 { 1373 int rc; 1374 struct ep11_urb xcrb; 1375 struct ep11_urb __user *uxcrb = (void __user *)arg; 1376 1377 if (copy_from_user(&xcrb, uxcrb, sizeof(xcrb))) 1378 return -EFAULT; 1379 do { 1380 rc = _zcrypt_send_ep11_cprb(perms, &xcrb); 1381 } while (rc == -EAGAIN); 1382 /* on failure: retry once again after a requested rescan */ 1383 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1384 do { 1385 rc = _zcrypt_send_ep11_cprb(perms, &xcrb); 1386 } while (rc == -EAGAIN); 1387 if (rc) 1388 ZCRYPT_DBF(DBF_DEBUG, "ioctl ZSENDEP11CPRB rc=%d\n", rc); 1389 if (copy_to_user(uxcrb, &xcrb, sizeof(xcrb))) 1390 return -EFAULT; 1391 return rc; 1392 } 1393 1394 static long zcrypt_unlocked_ioctl(struct file *filp, unsigned int cmd, 1395 unsigned long arg) 1396 { 1397 int rc; 1398 struct ap_perms *perms = 1399 (struct ap_perms *) filp->private_data; 1400 1401 rc = zcrypt_check_ioctl(perms, cmd); 1402 if (rc) 1403 return rc; 1404 1405 switch (cmd) { 1406 case ICARSAMODEXPO: 1407 return icarsamodexpo_ioctl(perms, arg); 1408 case ICARSACRT: 1409 return icarsacrt_ioctl(perms, arg); 1410 case ZSECSENDCPRB: 1411 return zsecsendcprb_ioctl(perms, arg); 1412 case ZSENDEP11CPRB: 1413 return zsendep11cprb_ioctl(perms, arg); 1414 case ZCRYPT_DEVICE_STATUS: { 1415 struct zcrypt_device_status_ext *device_status; 1416 size_t total_size = MAX_ZDEV_ENTRIES_EXT 1417 * sizeof(struct zcrypt_device_status_ext); 1418 1419 device_status = kzalloc(total_size, GFP_KERNEL); 1420 if (!device_status) 1421 return -ENOMEM; 1422 zcrypt_device_status_mask_ext(device_status); 1423 if (copy_to_user((char __user *) arg, device_status, 1424 total_size)) 1425 rc = -EFAULT; 1426 kfree(device_status); 1427 return rc; 1428 } 1429 case ZCRYPT_STATUS_MASK: { 1430 char status[AP_DEVICES]; 1431 1432 zcrypt_status_mask(status, AP_DEVICES); 1433 if (copy_to_user((char __user *) arg, status, sizeof(status))) 1434 return -EFAULT; 1435 return 0; 1436 } 1437 case ZCRYPT_QDEPTH_MASK: { 1438 char qdepth[AP_DEVICES]; 1439 1440 zcrypt_qdepth_mask(qdepth, AP_DEVICES); 1441 if (copy_to_user((char __user *) arg, qdepth, sizeof(qdepth))) 1442 return -EFAULT; 1443 return 0; 1444 } 1445 case ZCRYPT_PERDEV_REQCNT: { 1446 u32 *reqcnt; 1447 1448 reqcnt = kcalloc(AP_DEVICES, sizeof(u32), GFP_KERNEL); 1449 if (!reqcnt) 1450 return -ENOMEM; 1451 zcrypt_perdev_reqcnt(reqcnt, AP_DEVICES); 1452 if (copy_to_user((int __user *) arg, reqcnt, 1453 sizeof(u32) * AP_DEVICES)) 1454 rc = -EFAULT; 1455 kfree(reqcnt); 1456 return rc; 1457 } 1458 case Z90STAT_REQUESTQ_COUNT: 1459 return put_user(zcrypt_requestq_count(), (int __user *) arg); 1460 case Z90STAT_PENDINGQ_COUNT: 1461 return put_user(zcrypt_pendingq_count(), (int __user *) arg); 1462 case Z90STAT_TOTALOPEN_COUNT: 1463 return put_user(atomic_read(&zcrypt_open_count), 1464 (int __user *) arg); 1465 case Z90STAT_DOMAIN_INDEX: 1466 return put_user(ap_domain_index, (int __user *) arg); 1467 /* 1468 * Deprecated ioctls 1469 */ 1470 case ZDEVICESTATUS: { 1471 /* the old ioctl supports only 64 adapters */ 1472 struct zcrypt_device_status *device_status; 1473 size_t total_size = MAX_ZDEV_ENTRIES 1474 * sizeof(struct zcrypt_device_status); 1475 1476 device_status = kzalloc(total_size, GFP_KERNEL); 1477 if (!device_status) 1478 return -ENOMEM; 1479 zcrypt_device_status_mask(device_status); 1480 if (copy_to_user((char __user *) arg, device_status, 1481 total_size)) 1482 rc = -EFAULT; 1483 kfree(device_status); 1484 return rc; 1485 } 1486 case Z90STAT_STATUS_MASK: { 1487 /* the old ioctl supports only 64 adapters */ 1488 char status[MAX_ZDEV_CARDIDS]; 1489 1490 zcrypt_status_mask(status, MAX_ZDEV_CARDIDS); 1491 if (copy_to_user((char __user *) arg, status, sizeof(status))) 1492 return -EFAULT; 1493 return 0; 1494 } 1495 case Z90STAT_QDEPTH_MASK: { 1496 /* the old ioctl supports only 64 adapters */ 1497 char qdepth[MAX_ZDEV_CARDIDS]; 1498 1499 zcrypt_qdepth_mask(qdepth, MAX_ZDEV_CARDIDS); 1500 if (copy_to_user((char __user *) arg, qdepth, sizeof(qdepth))) 1501 return -EFAULT; 1502 return 0; 1503 } 1504 case Z90STAT_PERDEV_REQCNT: { 1505 /* the old ioctl supports only 64 adapters */ 1506 u32 reqcnt[MAX_ZDEV_CARDIDS]; 1507 1508 zcrypt_perdev_reqcnt(reqcnt, MAX_ZDEV_CARDIDS); 1509 if (copy_to_user((int __user *) arg, reqcnt, sizeof(reqcnt))) 1510 return -EFAULT; 1511 return 0; 1512 } 1513 /* unknown ioctl number */ 1514 default: 1515 ZCRYPT_DBF(DBF_DEBUG, "unknown ioctl 0x%08x\n", cmd); 1516 return -ENOIOCTLCMD; 1517 } 1518 } 1519 1520 #ifdef CONFIG_COMPAT 1521 /* 1522 * ioctl32 conversion routines 1523 */ 1524 struct compat_ica_rsa_modexpo { 1525 compat_uptr_t inputdata; 1526 unsigned int inputdatalength; 1527 compat_uptr_t outputdata; 1528 unsigned int outputdatalength; 1529 compat_uptr_t b_key; 1530 compat_uptr_t n_modulus; 1531 }; 1532 1533 static long trans_modexpo32(struct ap_perms *perms, struct file *filp, 1534 unsigned int cmd, unsigned long arg) 1535 { 1536 struct compat_ica_rsa_modexpo __user *umex32 = compat_ptr(arg); 1537 struct compat_ica_rsa_modexpo mex32; 1538 struct ica_rsa_modexpo mex64; 1539 long rc; 1540 1541 if (copy_from_user(&mex32, umex32, sizeof(mex32))) 1542 return -EFAULT; 1543 mex64.inputdata = compat_ptr(mex32.inputdata); 1544 mex64.inputdatalength = mex32.inputdatalength; 1545 mex64.outputdata = compat_ptr(mex32.outputdata); 1546 mex64.outputdatalength = mex32.outputdatalength; 1547 mex64.b_key = compat_ptr(mex32.b_key); 1548 mex64.n_modulus = compat_ptr(mex32.n_modulus); 1549 do { 1550 rc = zcrypt_rsa_modexpo(perms, &mex64); 1551 } while (rc == -EAGAIN); 1552 /* on failure: retry once again after a requested rescan */ 1553 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1554 do { 1555 rc = zcrypt_rsa_modexpo(perms, &mex64); 1556 } while (rc == -EAGAIN); 1557 if (rc) 1558 return rc; 1559 return put_user(mex64.outputdatalength, 1560 &umex32->outputdatalength); 1561 } 1562 1563 struct compat_ica_rsa_modexpo_crt { 1564 compat_uptr_t inputdata; 1565 unsigned int inputdatalength; 1566 compat_uptr_t outputdata; 1567 unsigned int outputdatalength; 1568 compat_uptr_t bp_key; 1569 compat_uptr_t bq_key; 1570 compat_uptr_t np_prime; 1571 compat_uptr_t nq_prime; 1572 compat_uptr_t u_mult_inv; 1573 }; 1574 1575 static long trans_modexpo_crt32(struct ap_perms *perms, struct file *filp, 1576 unsigned int cmd, unsigned long arg) 1577 { 1578 struct compat_ica_rsa_modexpo_crt __user *ucrt32 = compat_ptr(arg); 1579 struct compat_ica_rsa_modexpo_crt crt32; 1580 struct ica_rsa_modexpo_crt crt64; 1581 long rc; 1582 1583 if (copy_from_user(&crt32, ucrt32, sizeof(crt32))) 1584 return -EFAULT; 1585 crt64.inputdata = compat_ptr(crt32.inputdata); 1586 crt64.inputdatalength = crt32.inputdatalength; 1587 crt64.outputdata = compat_ptr(crt32.outputdata); 1588 crt64.outputdatalength = crt32.outputdatalength; 1589 crt64.bp_key = compat_ptr(crt32.bp_key); 1590 crt64.bq_key = compat_ptr(crt32.bq_key); 1591 crt64.np_prime = compat_ptr(crt32.np_prime); 1592 crt64.nq_prime = compat_ptr(crt32.nq_prime); 1593 crt64.u_mult_inv = compat_ptr(crt32.u_mult_inv); 1594 do { 1595 rc = zcrypt_rsa_crt(perms, &crt64); 1596 } while (rc == -EAGAIN); 1597 /* on failure: retry once again after a requested rescan */ 1598 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1599 do { 1600 rc = zcrypt_rsa_crt(perms, &crt64); 1601 } while (rc == -EAGAIN); 1602 if (rc) 1603 return rc; 1604 return put_user(crt64.outputdatalength, 1605 &ucrt32->outputdatalength); 1606 } 1607 1608 struct compat_ica_xcRB { 1609 unsigned short agent_ID; 1610 unsigned int user_defined; 1611 unsigned short request_ID; 1612 unsigned int request_control_blk_length; 1613 unsigned char padding1[16 - sizeof(compat_uptr_t)]; 1614 compat_uptr_t request_control_blk_addr; 1615 unsigned int request_data_length; 1616 char padding2[16 - sizeof(compat_uptr_t)]; 1617 compat_uptr_t request_data_address; 1618 unsigned int reply_control_blk_length; 1619 char padding3[16 - sizeof(compat_uptr_t)]; 1620 compat_uptr_t reply_control_blk_addr; 1621 unsigned int reply_data_length; 1622 char padding4[16 - sizeof(compat_uptr_t)]; 1623 compat_uptr_t reply_data_addr; 1624 unsigned short priority_window; 1625 unsigned int status; 1626 } __packed; 1627 1628 static long trans_xcRB32(struct ap_perms *perms, struct file *filp, 1629 unsigned int cmd, unsigned long arg) 1630 { 1631 struct compat_ica_xcRB __user *uxcRB32 = compat_ptr(arg); 1632 struct compat_ica_xcRB xcRB32; 1633 struct ica_xcRB xcRB64; 1634 long rc; 1635 1636 if (copy_from_user(&xcRB32, uxcRB32, sizeof(xcRB32))) 1637 return -EFAULT; 1638 xcRB64.agent_ID = xcRB32.agent_ID; 1639 xcRB64.user_defined = xcRB32.user_defined; 1640 xcRB64.request_ID = xcRB32.request_ID; 1641 xcRB64.request_control_blk_length = 1642 xcRB32.request_control_blk_length; 1643 xcRB64.request_control_blk_addr = 1644 compat_ptr(xcRB32.request_control_blk_addr); 1645 xcRB64.request_data_length = 1646 xcRB32.request_data_length; 1647 xcRB64.request_data_address = 1648 compat_ptr(xcRB32.request_data_address); 1649 xcRB64.reply_control_blk_length = 1650 xcRB32.reply_control_blk_length; 1651 xcRB64.reply_control_blk_addr = 1652 compat_ptr(xcRB32.reply_control_blk_addr); 1653 xcRB64.reply_data_length = xcRB32.reply_data_length; 1654 xcRB64.reply_data_addr = 1655 compat_ptr(xcRB32.reply_data_addr); 1656 xcRB64.priority_window = xcRB32.priority_window; 1657 xcRB64.status = xcRB32.status; 1658 do { 1659 rc = _zcrypt_send_cprb(perms, &xcRB64); 1660 } while (rc == -EAGAIN); 1661 /* on failure: retry once again after a requested rescan */ 1662 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1663 do { 1664 rc = _zcrypt_send_cprb(perms, &xcRB64); 1665 } while (rc == -EAGAIN); 1666 xcRB32.reply_control_blk_length = xcRB64.reply_control_blk_length; 1667 xcRB32.reply_data_length = xcRB64.reply_data_length; 1668 xcRB32.status = xcRB64.status; 1669 if (copy_to_user(uxcRB32, &xcRB32, sizeof(xcRB32))) 1670 return -EFAULT; 1671 return rc; 1672 } 1673 1674 static long zcrypt_compat_ioctl(struct file *filp, unsigned int cmd, 1675 unsigned long arg) 1676 { 1677 int rc; 1678 struct ap_perms *perms = 1679 (struct ap_perms *) filp->private_data; 1680 1681 rc = zcrypt_check_ioctl(perms, cmd); 1682 if (rc) 1683 return rc; 1684 1685 if (cmd == ICARSAMODEXPO) 1686 return trans_modexpo32(perms, filp, cmd, arg); 1687 if (cmd == ICARSACRT) 1688 return trans_modexpo_crt32(perms, filp, cmd, arg); 1689 if (cmd == ZSECSENDCPRB) 1690 return trans_xcRB32(perms, filp, cmd, arg); 1691 return zcrypt_unlocked_ioctl(filp, cmd, arg); 1692 } 1693 #endif 1694 1695 /* 1696 * Misc device file operations. 1697 */ 1698 static const struct file_operations zcrypt_fops = { 1699 .owner = THIS_MODULE, 1700 .read = zcrypt_read, 1701 .write = zcrypt_write, 1702 .unlocked_ioctl = zcrypt_unlocked_ioctl, 1703 #ifdef CONFIG_COMPAT 1704 .compat_ioctl = zcrypt_compat_ioctl, 1705 #endif 1706 .open = zcrypt_open, 1707 .release = zcrypt_release, 1708 .llseek = no_llseek, 1709 }; 1710 1711 /* 1712 * Misc device. 1713 */ 1714 static struct miscdevice zcrypt_misc_device = { 1715 .minor = MISC_DYNAMIC_MINOR, 1716 .name = "z90crypt", 1717 .fops = &zcrypt_fops, 1718 }; 1719 1720 static int zcrypt_rng_device_count; 1721 static u32 *zcrypt_rng_buffer; 1722 static int zcrypt_rng_buffer_index; 1723 static DEFINE_MUTEX(zcrypt_rng_mutex); 1724 1725 static int zcrypt_rng_data_read(struct hwrng *rng, u32 *data) 1726 { 1727 int rc; 1728 1729 /* 1730 * We don't need locking here because the RNG API guarantees serialized 1731 * read method calls. 1732 */ 1733 if (zcrypt_rng_buffer_index == 0) { 1734 rc = zcrypt_rng((char *) zcrypt_rng_buffer); 1735 /* on failure: retry once again after a requested rescan */ 1736 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1737 rc = zcrypt_rng((char *) zcrypt_rng_buffer); 1738 if (rc < 0) 1739 return -EIO; 1740 zcrypt_rng_buffer_index = rc / sizeof(*data); 1741 } 1742 *data = zcrypt_rng_buffer[--zcrypt_rng_buffer_index]; 1743 return sizeof(*data); 1744 } 1745 1746 static struct hwrng zcrypt_rng_dev = { 1747 .name = "zcrypt", 1748 .data_read = zcrypt_rng_data_read, 1749 .quality = 990, 1750 }; 1751 1752 int zcrypt_rng_device_add(void) 1753 { 1754 int rc = 0; 1755 1756 mutex_lock(&zcrypt_rng_mutex); 1757 if (zcrypt_rng_device_count == 0) { 1758 zcrypt_rng_buffer = (u32 *) get_zeroed_page(GFP_KERNEL); 1759 if (!zcrypt_rng_buffer) { 1760 rc = -ENOMEM; 1761 goto out; 1762 } 1763 zcrypt_rng_buffer_index = 0; 1764 if (!zcrypt_hwrng_seed) 1765 zcrypt_rng_dev.quality = 0; 1766 rc = hwrng_register(&zcrypt_rng_dev); 1767 if (rc) 1768 goto out_free; 1769 zcrypt_rng_device_count = 1; 1770 } else 1771 zcrypt_rng_device_count++; 1772 mutex_unlock(&zcrypt_rng_mutex); 1773 return 0; 1774 1775 out_free: 1776 free_page((unsigned long) zcrypt_rng_buffer); 1777 out: 1778 mutex_unlock(&zcrypt_rng_mutex); 1779 return rc; 1780 } 1781 1782 void zcrypt_rng_device_remove(void) 1783 { 1784 mutex_lock(&zcrypt_rng_mutex); 1785 zcrypt_rng_device_count--; 1786 if (zcrypt_rng_device_count == 0) { 1787 hwrng_unregister(&zcrypt_rng_dev); 1788 free_page((unsigned long) zcrypt_rng_buffer); 1789 } 1790 mutex_unlock(&zcrypt_rng_mutex); 1791 } 1792 1793 int __init zcrypt_debug_init(void) 1794 { 1795 zcrypt_dbf_info = debug_register("zcrypt", 1, 1, 1796 DBF_MAX_SPRINTF_ARGS * sizeof(long)); 1797 debug_register_view(zcrypt_dbf_info, &debug_sprintf_view); 1798 debug_set_level(zcrypt_dbf_info, DBF_ERR); 1799 1800 return 0; 1801 } 1802 1803 void zcrypt_debug_exit(void) 1804 { 1805 debug_unregister(zcrypt_dbf_info); 1806 } 1807 1808 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 1809 1810 static int __init zcdn_init(void) 1811 { 1812 int rc; 1813 1814 /* create a new class 'zcrypt' */ 1815 zcrypt_class = class_create(THIS_MODULE, ZCRYPT_NAME); 1816 if (IS_ERR(zcrypt_class)) { 1817 rc = PTR_ERR(zcrypt_class); 1818 goto out_class_create_failed; 1819 } 1820 zcrypt_class->dev_release = zcdn_device_release; 1821 1822 /* alloc device minor range */ 1823 rc = alloc_chrdev_region(&zcrypt_devt, 1824 0, ZCRYPT_MAX_MINOR_NODES, 1825 ZCRYPT_NAME); 1826 if (rc) 1827 goto out_alloc_chrdev_failed; 1828 1829 cdev_init(&zcrypt_cdev, &zcrypt_fops); 1830 zcrypt_cdev.owner = THIS_MODULE; 1831 rc = cdev_add(&zcrypt_cdev, zcrypt_devt, ZCRYPT_MAX_MINOR_NODES); 1832 if (rc) 1833 goto out_cdev_add_failed; 1834 1835 /* need some class specific sysfs attributes */ 1836 rc = class_create_file(zcrypt_class, &class_attr_zcdn_create); 1837 if (rc) 1838 goto out_class_create_file_1_failed; 1839 rc = class_create_file(zcrypt_class, &class_attr_zcdn_destroy); 1840 if (rc) 1841 goto out_class_create_file_2_failed; 1842 1843 return 0; 1844 1845 out_class_create_file_2_failed: 1846 class_remove_file(zcrypt_class, &class_attr_zcdn_create); 1847 out_class_create_file_1_failed: 1848 cdev_del(&zcrypt_cdev); 1849 out_cdev_add_failed: 1850 unregister_chrdev_region(zcrypt_devt, ZCRYPT_MAX_MINOR_NODES); 1851 out_alloc_chrdev_failed: 1852 class_destroy(zcrypt_class); 1853 out_class_create_failed: 1854 return rc; 1855 } 1856 1857 static void zcdn_exit(void) 1858 { 1859 class_remove_file(zcrypt_class, &class_attr_zcdn_create); 1860 class_remove_file(zcrypt_class, &class_attr_zcdn_destroy); 1861 zcdn_destroy_all(); 1862 cdev_del(&zcrypt_cdev); 1863 unregister_chrdev_region(zcrypt_devt, ZCRYPT_MAX_MINOR_NODES); 1864 class_destroy(zcrypt_class); 1865 } 1866 1867 #endif 1868 1869 /** 1870 * zcrypt_api_init(): Module initialization. 1871 * 1872 * The module initialization code. 1873 */ 1874 int __init zcrypt_api_init(void) 1875 { 1876 int rc; 1877 1878 rc = zcrypt_debug_init(); 1879 if (rc) 1880 goto out; 1881 1882 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 1883 rc = zcdn_init(); 1884 if (rc) 1885 goto out; 1886 #endif 1887 1888 /* Register the request sprayer. */ 1889 rc = misc_register(&zcrypt_misc_device); 1890 if (rc < 0) 1891 goto out_misc_register_failed; 1892 1893 zcrypt_msgtype6_init(); 1894 zcrypt_msgtype50_init(); 1895 1896 return 0; 1897 1898 out_misc_register_failed: 1899 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 1900 zcdn_exit(); 1901 #endif 1902 zcrypt_debug_exit(); 1903 out: 1904 return rc; 1905 } 1906 1907 /** 1908 * zcrypt_api_exit(): Module termination. 1909 * 1910 * The module termination code. 1911 */ 1912 void __exit zcrypt_api_exit(void) 1913 { 1914 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES 1915 zcdn_exit(); 1916 #endif 1917 misc_deregister(&zcrypt_misc_device); 1918 zcrypt_msgtype6_exit(); 1919 zcrypt_msgtype50_exit(); 1920 zcrypt_ccamisc_exit(); 1921 zcrypt_ep11misc_exit(); 1922 zcrypt_debug_exit(); 1923 } 1924 1925 module_init(zcrypt_api_init); 1926 module_exit(zcrypt_api_exit); 1927