zcrypt_api.c (60088B)
1// SPDX-License-Identifier: GPL-2.0+ 2/* 3 * Copyright IBM Corp. 2001, 2018 4 * Author(s): Robert Burroughs 5 * Eric Rossman (edrossma@us.ibm.com) 6 * Cornelia Huck <cornelia.huck@de.ibm.com> 7 * 8 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com) 9 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com> 10 * Ralph Wuerthner <rwuerthn@de.ibm.com> 11 * MSGTYPE restruct: Holger Dengler <hd@linux.vnet.ibm.com> 12 * Multiple device nodes: Harald Freudenberger <freude@linux.ibm.com> 13 */ 14 15#include <linux/module.h> 16#include <linux/init.h> 17#include <linux/interrupt.h> 18#include <linux/miscdevice.h> 19#include <linux/fs.h> 20#include <linux/compat.h> 21#include <linux/slab.h> 22#include <linux/atomic.h> 23#include <linux/uaccess.h> 24#include <linux/hw_random.h> 25#include <linux/debugfs.h> 26#include <linux/cdev.h> 27#include <linux/ctype.h> 28#include <linux/capability.h> 29#include <asm/debug.h> 30 31#define CREATE_TRACE_POINTS 32#include <asm/trace/zcrypt.h> 33 34#include "zcrypt_api.h" 35#include "zcrypt_debug.h" 36 37#include "zcrypt_msgtype6.h" 38#include "zcrypt_msgtype50.h" 39#include "zcrypt_ccamisc.h" 40#include "zcrypt_ep11misc.h" 41 42/* 43 * Module description. 44 */ 45MODULE_AUTHOR("IBM Corporation"); 46MODULE_DESCRIPTION("Cryptographic Coprocessor interface, " \ 47 "Copyright IBM Corp. 2001, 2012"); 48MODULE_LICENSE("GPL"); 49 50/* 51 * zcrypt tracepoint functions 52 */ 53EXPORT_TRACEPOINT_SYMBOL(s390_zcrypt_req); 54EXPORT_TRACEPOINT_SYMBOL(s390_zcrypt_rep); 55 56static int zcrypt_hwrng_seed = 1; 57module_param_named(hwrng_seed, zcrypt_hwrng_seed, int, 0440); 58MODULE_PARM_DESC(hwrng_seed, "Turn on/off hwrng auto seed, default is 1 (on)."); 59 60DEFINE_SPINLOCK(zcrypt_list_lock); 61LIST_HEAD(zcrypt_card_list); 62 63static atomic_t zcrypt_open_count = ATOMIC_INIT(0); 64static atomic_t zcrypt_rescan_count = ATOMIC_INIT(0); 65 66atomic_t zcrypt_rescan_req = ATOMIC_INIT(0); 67EXPORT_SYMBOL(zcrypt_rescan_req); 68 69static LIST_HEAD(zcrypt_ops_list); 70 71/* Zcrypt related debug feature stuff. */ 72debug_info_t *zcrypt_dbf_info; 73 74/* 75 * Process a rescan of the transport layer. 76 * 77 * Returns 1, if the rescan has been processed, otherwise 0. 78 */ 79static inline int zcrypt_process_rescan(void) 80{ 81 if (atomic_read(&zcrypt_rescan_req)) { 82 atomic_set(&zcrypt_rescan_req, 0); 83 atomic_inc(&zcrypt_rescan_count); 84 ap_bus_force_rescan(); 85 ZCRYPT_DBF_INFO("%s rescan count=%07d\n", __func__, 86 atomic_inc_return(&zcrypt_rescan_count)); 87 return 1; 88 } 89 return 0; 90} 91 92void zcrypt_msgtype_register(struct zcrypt_ops *zops) 93{ 94 list_add_tail(&zops->list, &zcrypt_ops_list); 95} 96 97void zcrypt_msgtype_unregister(struct zcrypt_ops *zops) 98{ 99 list_del_init(&zops->list); 100} 101 102struct zcrypt_ops *zcrypt_msgtype(unsigned char *name, int variant) 103{ 104 struct zcrypt_ops *zops; 105 106 list_for_each_entry(zops, &zcrypt_ops_list, list) 107 if (zops->variant == variant && 108 (!strncmp(zops->name, name, sizeof(zops->name)))) 109 return zops; 110 return NULL; 111} 112EXPORT_SYMBOL(zcrypt_msgtype); 113 114/* 115 * Multi device nodes extension functions. 116 */ 117 118#ifdef CONFIG_ZCRYPT_MULTIDEVNODES 119 120struct zcdn_device; 121 122static struct class *zcrypt_class; 123static dev_t zcrypt_devt; 124static struct cdev zcrypt_cdev; 125 126struct zcdn_device { 127 struct device device; 128 struct ap_perms perms; 129}; 130 131#define to_zcdn_dev(x) container_of((x), struct zcdn_device, device) 132 133#define ZCDN_MAX_NAME 32 134 135static int zcdn_create(const char *name); 136static int zcdn_destroy(const char *name); 137 138/* 139 * Find zcdn device by name. 140 * Returns reference to the zcdn device which needs to be released 141 * with put_device() after use. 142 */ 143static inline struct zcdn_device *find_zcdndev_by_name(const char *name) 144{ 145 struct device *dev = class_find_device_by_name(zcrypt_class, name); 146 147 return dev ? to_zcdn_dev(dev) : NULL; 148} 149 150/* 151 * Find zcdn device by devt value. 152 * Returns reference to the zcdn device which needs to be released 153 * with put_device() after use. 154 */ 155static inline struct zcdn_device *find_zcdndev_by_devt(dev_t devt) 156{ 157 struct device *dev = class_find_device_by_devt(zcrypt_class, devt); 158 159 return dev ? to_zcdn_dev(dev) : NULL; 160} 161 162static ssize_t ioctlmask_show(struct device *dev, 163 struct device_attribute *attr, 164 char *buf) 165{ 166 int i, rc; 167 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 168 169 if (mutex_lock_interruptible(&ap_perms_mutex)) 170 return -ERESTARTSYS; 171 172 buf[0] = '0'; 173 buf[1] = 'x'; 174 for (i = 0; i < sizeof(zcdndev->perms.ioctlm) / sizeof(long); i++) 175 snprintf(buf + 2 + 2 * i * sizeof(long), 176 PAGE_SIZE - 2 - 2 * i * sizeof(long), 177 "%016lx", zcdndev->perms.ioctlm[i]); 178 buf[2 + 2 * i * sizeof(long)] = '\n'; 179 buf[2 + 2 * i * sizeof(long) + 1] = '\0'; 180 rc = 2 + 2 * i * sizeof(long) + 1; 181 182 mutex_unlock(&ap_perms_mutex); 183 184 return rc; 185} 186 187static ssize_t ioctlmask_store(struct device *dev, 188 struct device_attribute *attr, 189 const char *buf, size_t count) 190{ 191 int rc; 192 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 193 194 rc = ap_parse_mask_str(buf, zcdndev->perms.ioctlm, 195 AP_IOCTLS, &ap_perms_mutex); 196 if (rc) 197 return rc; 198 199 return count; 200} 201 202static DEVICE_ATTR_RW(ioctlmask); 203 204static ssize_t apmask_show(struct device *dev, 205 struct device_attribute *attr, 206 char *buf) 207{ 208 int i, rc; 209 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 210 211 if (mutex_lock_interruptible(&ap_perms_mutex)) 212 return -ERESTARTSYS; 213 214 buf[0] = '0'; 215 buf[1] = 'x'; 216 for (i = 0; i < sizeof(zcdndev->perms.apm) / sizeof(long); i++) 217 snprintf(buf + 2 + 2 * i * sizeof(long), 218 PAGE_SIZE - 2 - 2 * i * sizeof(long), 219 "%016lx", zcdndev->perms.apm[i]); 220 buf[2 + 2 * i * sizeof(long)] = '\n'; 221 buf[2 + 2 * i * sizeof(long) + 1] = '\0'; 222 rc = 2 + 2 * i * sizeof(long) + 1; 223 224 mutex_unlock(&ap_perms_mutex); 225 226 return rc; 227} 228 229static ssize_t apmask_store(struct device *dev, 230 struct device_attribute *attr, 231 const char *buf, size_t count) 232{ 233 int rc; 234 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 235 236 rc = ap_parse_mask_str(buf, zcdndev->perms.apm, 237 AP_DEVICES, &ap_perms_mutex); 238 if (rc) 239 return rc; 240 241 return count; 242} 243 244static DEVICE_ATTR_RW(apmask); 245 246static ssize_t aqmask_show(struct device *dev, 247 struct device_attribute *attr, 248 char *buf) 249{ 250 int i, rc; 251 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 252 253 if (mutex_lock_interruptible(&ap_perms_mutex)) 254 return -ERESTARTSYS; 255 256 buf[0] = '0'; 257 buf[1] = 'x'; 258 for (i = 0; i < sizeof(zcdndev->perms.aqm) / sizeof(long); i++) 259 snprintf(buf + 2 + 2 * i * sizeof(long), 260 PAGE_SIZE - 2 - 2 * i * sizeof(long), 261 "%016lx", zcdndev->perms.aqm[i]); 262 buf[2 + 2 * i * sizeof(long)] = '\n'; 263 buf[2 + 2 * i * sizeof(long) + 1] = '\0'; 264 rc = 2 + 2 * i * sizeof(long) + 1; 265 266 mutex_unlock(&ap_perms_mutex); 267 268 return rc; 269} 270 271static ssize_t aqmask_store(struct device *dev, 272 struct device_attribute *attr, 273 const char *buf, size_t count) 274{ 275 int rc; 276 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 277 278 rc = ap_parse_mask_str(buf, zcdndev->perms.aqm, 279 AP_DOMAINS, &ap_perms_mutex); 280 if (rc) 281 return rc; 282 283 return count; 284} 285 286static DEVICE_ATTR_RW(aqmask); 287 288static ssize_t admask_show(struct device *dev, 289 struct device_attribute *attr, 290 char *buf) 291{ 292 int i, rc; 293 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 294 295 if (mutex_lock_interruptible(&ap_perms_mutex)) 296 return -ERESTARTSYS; 297 298 buf[0] = '0'; 299 buf[1] = 'x'; 300 for (i = 0; i < sizeof(zcdndev->perms.adm) / sizeof(long); i++) 301 snprintf(buf + 2 + 2 * i * sizeof(long), 302 PAGE_SIZE - 2 - 2 * i * sizeof(long), 303 "%016lx", zcdndev->perms.adm[i]); 304 buf[2 + 2 * i * sizeof(long)] = '\n'; 305 buf[2 + 2 * i * sizeof(long) + 1] = '\0'; 306 rc = 2 + 2 * i * sizeof(long) + 1; 307 308 mutex_unlock(&ap_perms_mutex); 309 310 return rc; 311} 312 313static ssize_t admask_store(struct device *dev, 314 struct device_attribute *attr, 315 const char *buf, size_t count) 316{ 317 int rc; 318 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 319 320 rc = ap_parse_mask_str(buf, zcdndev->perms.adm, 321 AP_DOMAINS, &ap_perms_mutex); 322 if (rc) 323 return rc; 324 325 return count; 326} 327 328static DEVICE_ATTR_RW(admask); 329 330static struct attribute *zcdn_dev_attrs[] = { 331 &dev_attr_ioctlmask.attr, 332 &dev_attr_apmask.attr, 333 &dev_attr_aqmask.attr, 334 &dev_attr_admask.attr, 335 NULL 336}; 337 338static struct attribute_group zcdn_dev_attr_group = { 339 .attrs = zcdn_dev_attrs 340}; 341 342static const struct attribute_group *zcdn_dev_attr_groups[] = { 343 &zcdn_dev_attr_group, 344 NULL 345}; 346 347static ssize_t zcdn_create_store(struct class *class, 348 struct class_attribute *attr, 349 const char *buf, size_t count) 350{ 351 int rc; 352 char name[ZCDN_MAX_NAME]; 353 354 strncpy(name, skip_spaces(buf), sizeof(name)); 355 name[sizeof(name) - 1] = '\0'; 356 357 rc = zcdn_create(strim(name)); 358 359 return rc ? rc : count; 360} 361 362static const struct class_attribute class_attr_zcdn_create = 363 __ATTR(create, 0600, NULL, zcdn_create_store); 364 365static ssize_t zcdn_destroy_store(struct class *class, 366 struct class_attribute *attr, 367 const char *buf, size_t count) 368{ 369 int rc; 370 char name[ZCDN_MAX_NAME]; 371 372 strncpy(name, skip_spaces(buf), sizeof(name)); 373 name[sizeof(name) - 1] = '\0'; 374 375 rc = zcdn_destroy(strim(name)); 376 377 return rc ? rc : count; 378} 379 380static const struct class_attribute class_attr_zcdn_destroy = 381 __ATTR(destroy, 0600, NULL, zcdn_destroy_store); 382 383static void zcdn_device_release(struct device *dev) 384{ 385 struct zcdn_device *zcdndev = to_zcdn_dev(dev); 386 387 ZCRYPT_DBF_INFO("%s releasing zcdn device %d:%d\n", 388 __func__, MAJOR(dev->devt), MINOR(dev->devt)); 389 390 kfree(zcdndev); 391} 392 393static int zcdn_create(const char *name) 394{ 395 dev_t devt; 396 int i, rc = 0; 397 char nodename[ZCDN_MAX_NAME]; 398 struct zcdn_device *zcdndev; 399 400 if (mutex_lock_interruptible(&ap_perms_mutex)) 401 return -ERESTARTSYS; 402 403 /* check if device node with this name already exists */ 404 if (name[0]) { 405 zcdndev = find_zcdndev_by_name(name); 406 if (zcdndev) { 407 put_device(&zcdndev->device); 408 rc = -EEXIST; 409 goto unlockout; 410 } 411 } 412 413 /* find an unused minor number */ 414 for (i = 0; i < ZCRYPT_MAX_MINOR_NODES; i++) { 415 devt = MKDEV(MAJOR(zcrypt_devt), MINOR(zcrypt_devt) + i); 416 zcdndev = find_zcdndev_by_devt(devt); 417 if (zcdndev) 418 put_device(&zcdndev->device); 419 else 420 break; 421 } 422 if (i == ZCRYPT_MAX_MINOR_NODES) { 423 rc = -ENOSPC; 424 goto unlockout; 425 } 426 427 /* alloc and prepare a new zcdn device */ 428 zcdndev = kzalloc(sizeof(*zcdndev), GFP_KERNEL); 429 if (!zcdndev) { 430 rc = -ENOMEM; 431 goto unlockout; 432 } 433 zcdndev->device.release = zcdn_device_release; 434 zcdndev->device.class = zcrypt_class; 435 zcdndev->device.devt = devt; 436 zcdndev->device.groups = zcdn_dev_attr_groups; 437 if (name[0]) 438 strncpy(nodename, name, sizeof(nodename)); 439 else 440 snprintf(nodename, sizeof(nodename), 441 ZCRYPT_NAME "_%d", (int)MINOR(devt)); 442 nodename[sizeof(nodename) - 1] = '\0'; 443 if (dev_set_name(&zcdndev->device, nodename)) { 444 rc = -EINVAL; 445 goto unlockout; 446 } 447 rc = device_register(&zcdndev->device); 448 if (rc) { 449 put_device(&zcdndev->device); 450 goto unlockout; 451 } 452 453 ZCRYPT_DBF_INFO("%s created zcdn device %d:%d\n", 454 __func__, MAJOR(devt), MINOR(devt)); 455 456unlockout: 457 mutex_unlock(&ap_perms_mutex); 458 return rc; 459} 460 461static int zcdn_destroy(const char *name) 462{ 463 int rc = 0; 464 struct zcdn_device *zcdndev; 465 466 if (mutex_lock_interruptible(&ap_perms_mutex)) 467 return -ERESTARTSYS; 468 469 /* try to find this zcdn device */ 470 zcdndev = find_zcdndev_by_name(name); 471 if (!zcdndev) { 472 rc = -ENOENT; 473 goto unlockout; 474 } 475 476 /* 477 * The zcdn device is not hard destroyed. It is subject to 478 * reference counting and thus just needs to be unregistered. 479 */ 480 put_device(&zcdndev->device); 481 device_unregister(&zcdndev->device); 482 483unlockout: 484 mutex_unlock(&ap_perms_mutex); 485 return rc; 486} 487 488static void zcdn_destroy_all(void) 489{ 490 int i; 491 dev_t devt; 492 struct zcdn_device *zcdndev; 493 494 mutex_lock(&ap_perms_mutex); 495 for (i = 0; i < ZCRYPT_MAX_MINOR_NODES; i++) { 496 devt = MKDEV(MAJOR(zcrypt_devt), MINOR(zcrypt_devt) + i); 497 zcdndev = find_zcdndev_by_devt(devt); 498 if (zcdndev) { 499 put_device(&zcdndev->device); 500 device_unregister(&zcdndev->device); 501 } 502 } 503 mutex_unlock(&ap_perms_mutex); 504} 505 506#endif 507 508/* 509 * zcrypt_read (): Not supported beyond zcrypt 1.3.1. 510 * 511 * This function is not supported beyond zcrypt 1.3.1. 512 */ 513static ssize_t zcrypt_read(struct file *filp, char __user *buf, 514 size_t count, loff_t *f_pos) 515{ 516 return -EPERM; 517} 518 519/* 520 * zcrypt_write(): Not allowed. 521 * 522 * Write is not allowed 523 */ 524static ssize_t zcrypt_write(struct file *filp, const char __user *buf, 525 size_t count, loff_t *f_pos) 526{ 527 return -EPERM; 528} 529 530/* 531 * zcrypt_open(): Count number of users. 532 * 533 * Device open function to count number of users. 534 */ 535static int zcrypt_open(struct inode *inode, struct file *filp) 536{ 537 struct ap_perms *perms = &ap_perms; 538 539#ifdef CONFIG_ZCRYPT_MULTIDEVNODES 540 if (filp->f_inode->i_cdev == &zcrypt_cdev) { 541 struct zcdn_device *zcdndev; 542 543 if (mutex_lock_interruptible(&ap_perms_mutex)) 544 return -ERESTARTSYS; 545 zcdndev = find_zcdndev_by_devt(filp->f_inode->i_rdev); 546 /* find returns a reference, no get_device() needed */ 547 mutex_unlock(&ap_perms_mutex); 548 if (zcdndev) 549 perms = &zcdndev->perms; 550 } 551#endif 552 filp->private_data = (void *)perms; 553 554 atomic_inc(&zcrypt_open_count); 555 return stream_open(inode, filp); 556} 557 558/* 559 * zcrypt_release(): Count number of users. 560 * 561 * Device close function to count number of users. 562 */ 563static int zcrypt_release(struct inode *inode, struct file *filp) 564{ 565#ifdef CONFIG_ZCRYPT_MULTIDEVNODES 566 if (filp->f_inode->i_cdev == &zcrypt_cdev) { 567 struct zcdn_device *zcdndev; 568 569 mutex_lock(&ap_perms_mutex); 570 zcdndev = find_zcdndev_by_devt(filp->f_inode->i_rdev); 571 mutex_unlock(&ap_perms_mutex); 572 if (zcdndev) { 573 /* 2 puts here: one for find, one for open */ 574 put_device(&zcdndev->device); 575 put_device(&zcdndev->device); 576 } 577 } 578#endif 579 580 atomic_dec(&zcrypt_open_count); 581 return 0; 582} 583 584static inline int zcrypt_check_ioctl(struct ap_perms *perms, 585 unsigned int cmd) 586{ 587 int rc = -EPERM; 588 int ioctlnr = (cmd & _IOC_NRMASK) >> _IOC_NRSHIFT; 589 590 if (ioctlnr > 0 && ioctlnr < AP_IOCTLS) { 591 if (test_bit_inv(ioctlnr, perms->ioctlm)) 592 rc = 0; 593 } 594 595 if (rc) 596 ZCRYPT_DBF_WARN("%s ioctl check failed: ioctlnr=0x%04x rc=%d\n", 597 __func__, ioctlnr, rc); 598 599 return rc; 600} 601 602static inline bool zcrypt_check_card(struct ap_perms *perms, int card) 603{ 604 return test_bit_inv(card, perms->apm) ? true : false; 605} 606 607static inline bool zcrypt_check_queue(struct ap_perms *perms, int queue) 608{ 609 return test_bit_inv(queue, perms->aqm) ? true : false; 610} 611 612static inline struct zcrypt_queue *zcrypt_pick_queue(struct zcrypt_card *zc, 613 struct zcrypt_queue *zq, 614 struct module **pmod, 615 unsigned int weight) 616{ 617 if (!zq || !try_module_get(zq->queue->ap_dev.device.driver->owner)) 618 return NULL; 619 zcrypt_queue_get(zq); 620 get_device(&zq->queue->ap_dev.device); 621 atomic_add(weight, &zc->load); 622 atomic_add(weight, &zq->load); 623 zq->request_count++; 624 *pmod = zq->queue->ap_dev.device.driver->owner; 625 return zq; 626} 627 628static inline void zcrypt_drop_queue(struct zcrypt_card *zc, 629 struct zcrypt_queue *zq, 630 struct module *mod, 631 unsigned int weight) 632{ 633 zq->request_count--; 634 atomic_sub(weight, &zc->load); 635 atomic_sub(weight, &zq->load); 636 put_device(&zq->queue->ap_dev.device); 637 zcrypt_queue_put(zq); 638 module_put(mod); 639} 640 641static inline bool zcrypt_card_compare(struct zcrypt_card *zc, 642 struct zcrypt_card *pref_zc, 643 unsigned int weight, 644 unsigned int pref_weight) 645{ 646 if (!pref_zc) 647 return true; 648 weight += atomic_read(&zc->load); 649 pref_weight += atomic_read(&pref_zc->load); 650 if (weight == pref_weight) 651 return atomic64_read(&zc->card->total_request_count) < 652 atomic64_read(&pref_zc->card->total_request_count); 653 return weight < pref_weight; 654} 655 656static inline bool zcrypt_queue_compare(struct zcrypt_queue *zq, 657 struct zcrypt_queue *pref_zq, 658 unsigned int weight, 659 unsigned int pref_weight) 660{ 661 if (!pref_zq) 662 return true; 663 weight += atomic_read(&zq->load); 664 pref_weight += atomic_read(&pref_zq->load); 665 if (weight == pref_weight) 666 return zq->queue->total_request_count < 667 pref_zq->queue->total_request_count; 668 return weight < pref_weight; 669} 670 671/* 672 * zcrypt ioctls. 673 */ 674static long zcrypt_rsa_modexpo(struct ap_perms *perms, 675 struct zcrypt_track *tr, 676 struct ica_rsa_modexpo *mex) 677{ 678 struct zcrypt_card *zc, *pref_zc; 679 struct zcrypt_queue *zq, *pref_zq; 680 struct ap_message ap_msg; 681 unsigned int wgt = 0, pref_wgt = 0; 682 unsigned int func_code; 683 int cpen, qpen, qid = 0, rc = -ENODEV; 684 struct module *mod; 685 686 trace_s390_zcrypt_req(mex, TP_ICARSAMODEXPO); 687 688 ap_init_message(&ap_msg); 689 690#ifdef CONFIG_ZCRYPT_DEBUG 691 if (tr && tr->fi.cmd) 692 ap_msg.fi.cmd = tr->fi.cmd; 693#endif 694 695 if (mex->outputdatalength < mex->inputdatalength) { 696 func_code = 0; 697 rc = -EINVAL; 698 goto out; 699 } 700 701 /* 702 * As long as outputdatalength is big enough, we can set the 703 * outputdatalength equal to the inputdatalength, since that is the 704 * number of bytes we will copy in any case 705 */ 706 mex->outputdatalength = mex->inputdatalength; 707 708 rc = get_rsa_modex_fc(mex, &func_code); 709 if (rc) 710 goto out; 711 712 pref_zc = NULL; 713 pref_zq = NULL; 714 spin_lock(&zcrypt_list_lock); 715 for_each_zcrypt_card(zc) { 716 /* Check for usable accelarator or CCA card */ 717 if (!zc->online || !zc->card->config || zc->card->chkstop || 718 !(zc->card->functions & 0x18000000)) 719 continue; 720 /* Check for size limits */ 721 if (zc->min_mod_size > mex->inputdatalength || 722 zc->max_mod_size < mex->inputdatalength) 723 continue; 724 /* check if device node has admission for this card */ 725 if (!zcrypt_check_card(perms, zc->card->id)) 726 continue; 727 /* get weight index of the card device */ 728 wgt = zc->speed_rating[func_code]; 729 /* penalty if this msg was previously sent via this card */ 730 cpen = (tr && tr->again_counter && tr->last_qid && 731 AP_QID_CARD(tr->last_qid) == zc->card->id) ? 732 TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0; 733 if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt)) 734 continue; 735 for_each_zcrypt_queue(zq, zc) { 736 /* check if device is usable and eligible */ 737 if (!zq->online || !zq->ops->rsa_modexpo || 738 !zq->queue->config || zq->queue->chkstop) 739 continue; 740 /* check if device node has admission for this queue */ 741 if (!zcrypt_check_queue(perms, 742 AP_QID_QUEUE(zq->queue->qid))) 743 continue; 744 /* penalty if the msg was previously sent at this qid */ 745 qpen = (tr && tr->again_counter && tr->last_qid && 746 tr->last_qid == zq->queue->qid) ? 747 TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0; 748 if (!zcrypt_queue_compare(zq, pref_zq, 749 wgt + cpen + qpen, pref_wgt)) 750 continue; 751 pref_zc = zc; 752 pref_zq = zq; 753 pref_wgt = wgt + cpen + qpen; 754 } 755 } 756 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt); 757 spin_unlock(&zcrypt_list_lock); 758 759 if (!pref_zq) { 760 ZCRYPT_DBF_DBG("%s no matching queue found => ENODEV\n", 761 __func__); 762 rc = -ENODEV; 763 goto out; 764 } 765 766 qid = pref_zq->queue->qid; 767 rc = pref_zq->ops->rsa_modexpo(pref_zq, mex, &ap_msg); 768 769 spin_lock(&zcrypt_list_lock); 770 zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt); 771 spin_unlock(&zcrypt_list_lock); 772 773out: 774 ap_release_message(&ap_msg); 775 if (tr) { 776 tr->last_rc = rc; 777 tr->last_qid = qid; 778 } 779 trace_s390_zcrypt_rep(mex, func_code, rc, 780 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 781 return rc; 782} 783 784static long zcrypt_rsa_crt(struct ap_perms *perms, 785 struct zcrypt_track *tr, 786 struct ica_rsa_modexpo_crt *crt) 787{ 788 struct zcrypt_card *zc, *pref_zc; 789 struct zcrypt_queue *zq, *pref_zq; 790 struct ap_message ap_msg; 791 unsigned int wgt = 0, pref_wgt = 0; 792 unsigned int func_code; 793 int cpen, qpen, qid = 0, rc = -ENODEV; 794 struct module *mod; 795 796 trace_s390_zcrypt_req(crt, TP_ICARSACRT); 797 798 ap_init_message(&ap_msg); 799 800#ifdef CONFIG_ZCRYPT_DEBUG 801 if (tr && tr->fi.cmd) 802 ap_msg.fi.cmd = tr->fi.cmd; 803#endif 804 805 if (crt->outputdatalength < crt->inputdatalength) { 806 func_code = 0; 807 rc = -EINVAL; 808 goto out; 809 } 810 811 /* 812 * As long as outputdatalength is big enough, we can set the 813 * outputdatalength equal to the inputdatalength, since that is the 814 * number of bytes we will copy in any case 815 */ 816 crt->outputdatalength = crt->inputdatalength; 817 818 rc = get_rsa_crt_fc(crt, &func_code); 819 if (rc) 820 goto out; 821 822 pref_zc = NULL; 823 pref_zq = NULL; 824 spin_lock(&zcrypt_list_lock); 825 for_each_zcrypt_card(zc) { 826 /* Check for usable accelarator or CCA card */ 827 if (!zc->online || !zc->card->config || zc->card->chkstop || 828 !(zc->card->functions & 0x18000000)) 829 continue; 830 /* Check for size limits */ 831 if (zc->min_mod_size > crt->inputdatalength || 832 zc->max_mod_size < crt->inputdatalength) 833 continue; 834 /* check if device node has admission for this card */ 835 if (!zcrypt_check_card(perms, zc->card->id)) 836 continue; 837 /* get weight index of the card device */ 838 wgt = zc->speed_rating[func_code]; 839 /* penalty if this msg was previously sent via this card */ 840 cpen = (tr && tr->again_counter && tr->last_qid && 841 AP_QID_CARD(tr->last_qid) == zc->card->id) ? 842 TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0; 843 if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt)) 844 continue; 845 for_each_zcrypt_queue(zq, zc) { 846 /* check if device is usable and eligible */ 847 if (!zq->online || !zq->ops->rsa_modexpo_crt || 848 !zq->queue->config || zq->queue->chkstop) 849 continue; 850 /* check if device node has admission for this queue */ 851 if (!zcrypt_check_queue(perms, 852 AP_QID_QUEUE(zq->queue->qid))) 853 continue; 854 /* penalty if the msg was previously sent at this qid */ 855 qpen = (tr && tr->again_counter && tr->last_qid && 856 tr->last_qid == zq->queue->qid) ? 857 TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0; 858 if (!zcrypt_queue_compare(zq, pref_zq, 859 wgt + cpen + qpen, pref_wgt)) 860 continue; 861 pref_zc = zc; 862 pref_zq = zq; 863 pref_wgt = wgt + cpen + qpen; 864 } 865 } 866 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt); 867 spin_unlock(&zcrypt_list_lock); 868 869 if (!pref_zq) { 870 ZCRYPT_DBF_DBG("%s no matching queue found => ENODEV\n", 871 __func__); 872 rc = -ENODEV; 873 goto out; 874 } 875 876 qid = pref_zq->queue->qid; 877 rc = pref_zq->ops->rsa_modexpo_crt(pref_zq, crt, &ap_msg); 878 879 spin_lock(&zcrypt_list_lock); 880 zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt); 881 spin_unlock(&zcrypt_list_lock); 882 883out: 884 ap_release_message(&ap_msg); 885 if (tr) { 886 tr->last_rc = rc; 887 tr->last_qid = qid; 888 } 889 trace_s390_zcrypt_rep(crt, func_code, rc, 890 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 891 return rc; 892} 893 894static long _zcrypt_send_cprb(bool userspace, struct ap_perms *perms, 895 struct zcrypt_track *tr, 896 struct ica_xcRB *xcrb) 897{ 898 struct zcrypt_card *zc, *pref_zc; 899 struct zcrypt_queue *zq, *pref_zq; 900 struct ap_message ap_msg; 901 unsigned int wgt = 0, pref_wgt = 0; 902 unsigned int func_code; 903 unsigned short *domain, tdom; 904 int cpen, qpen, qid = 0, rc = -ENODEV; 905 struct module *mod; 906 907 trace_s390_zcrypt_req(xcrb, TB_ZSECSENDCPRB); 908 909 xcrb->status = 0; 910 ap_init_message(&ap_msg); 911 912#ifdef CONFIG_ZCRYPT_DEBUG 913 if (tr && tr->fi.cmd) 914 ap_msg.fi.cmd = tr->fi.cmd; 915 if (tr && tr->fi.action == AP_FI_ACTION_CCA_AGENT_FF) { 916 ZCRYPT_DBF_WARN("%s fi cmd 0x%04x: forcing invalid agent_ID 'FF'\n", 917 __func__, tr->fi.cmd); 918 xcrb->agent_ID = 0x4646; 919 } 920#endif 921 922 rc = prep_cca_ap_msg(userspace, xcrb, &ap_msg, &func_code, &domain); 923 if (rc) 924 goto out; 925 926 tdom = *domain; 927 if (perms != &ap_perms && tdom < AP_DOMAINS) { 928 if (ap_msg.flags & AP_MSG_FLAG_ADMIN) { 929 if (!test_bit_inv(tdom, perms->adm)) { 930 rc = -ENODEV; 931 goto out; 932 } 933 } else if ((ap_msg.flags & AP_MSG_FLAG_USAGE) == 0) { 934 rc = -EOPNOTSUPP; 935 goto out; 936 } 937 } 938 /* 939 * If a valid target domain is set and this domain is NOT a usage 940 * domain but a control only domain, autoselect target domain. 941 */ 942 if (tdom < AP_DOMAINS && 943 !ap_test_config_usage_domain(tdom) && 944 ap_test_config_ctrl_domain(tdom)) 945 tdom = AUTOSEL_DOM; 946 947 pref_zc = NULL; 948 pref_zq = NULL; 949 spin_lock(&zcrypt_list_lock); 950 for_each_zcrypt_card(zc) { 951 /* Check for usable CCA card */ 952 if (!zc->online || !zc->card->config || zc->card->chkstop || 953 !(zc->card->functions & 0x10000000)) 954 continue; 955 /* Check for user selected CCA card */ 956 if (xcrb->user_defined != AUTOSELECT && 957 xcrb->user_defined != zc->card->id) 958 continue; 959 /* check if request size exceeds card max msg size */ 960 if (ap_msg.len > zc->card->maxmsgsize) 961 continue; 962 /* check if device node has admission for this card */ 963 if (!zcrypt_check_card(perms, zc->card->id)) 964 continue; 965 /* get weight index of the card device */ 966 wgt = speed_idx_cca(func_code) * zc->speed_rating[SECKEY]; 967 /* penalty if this msg was previously sent via this card */ 968 cpen = (tr && tr->again_counter && tr->last_qid && 969 AP_QID_CARD(tr->last_qid) == zc->card->id) ? 970 TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0; 971 if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt)) 972 continue; 973 for_each_zcrypt_queue(zq, zc) { 974 /* check for device usable and eligible */ 975 if (!zq->online || !zq->ops->send_cprb || 976 !zq->queue->config || zq->queue->chkstop || 977 (tdom != AUTOSEL_DOM && 978 tdom != AP_QID_QUEUE(zq->queue->qid))) 979 continue; 980 /* check if device node has admission for this queue */ 981 if (!zcrypt_check_queue(perms, 982 AP_QID_QUEUE(zq->queue->qid))) 983 continue; 984 /* penalty if the msg was previously sent at this qid */ 985 qpen = (tr && tr->again_counter && tr->last_qid && 986 tr->last_qid == zq->queue->qid) ? 987 TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0; 988 if (!zcrypt_queue_compare(zq, pref_zq, 989 wgt + cpen + qpen, pref_wgt)) 990 continue; 991 pref_zc = zc; 992 pref_zq = zq; 993 pref_wgt = wgt + cpen + qpen; 994 } 995 } 996 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt); 997 spin_unlock(&zcrypt_list_lock); 998 999 if (!pref_zq) { 1000 ZCRYPT_DBF_DBG("%s no match for address %02x.%04x => ENODEV\n", 1001 __func__, xcrb->user_defined, *domain); 1002 rc = -ENODEV; 1003 goto out; 1004 } 1005 1006 /* in case of auto select, provide the correct domain */ 1007 qid = pref_zq->queue->qid; 1008 if (*domain == AUTOSEL_DOM) 1009 *domain = AP_QID_QUEUE(qid); 1010 1011#ifdef CONFIG_ZCRYPT_DEBUG 1012 if (tr && tr->fi.action == AP_FI_ACTION_CCA_DOM_INVAL) { 1013 ZCRYPT_DBF_WARN("%s fi cmd 0x%04x: forcing invalid domain\n", 1014 __func__, tr->fi.cmd); 1015 *domain = 99; 1016 } 1017#endif 1018 1019 rc = pref_zq->ops->send_cprb(userspace, pref_zq, xcrb, &ap_msg); 1020 1021 spin_lock(&zcrypt_list_lock); 1022 zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt); 1023 spin_unlock(&zcrypt_list_lock); 1024 1025out: 1026 ap_release_message(&ap_msg); 1027 if (tr) { 1028 tr->last_rc = rc; 1029 tr->last_qid = qid; 1030 } 1031 trace_s390_zcrypt_rep(xcrb, func_code, rc, 1032 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 1033 return rc; 1034} 1035 1036long zcrypt_send_cprb(struct ica_xcRB *xcrb) 1037{ 1038 return _zcrypt_send_cprb(false, &ap_perms, NULL, xcrb); 1039} 1040EXPORT_SYMBOL(zcrypt_send_cprb); 1041 1042static bool is_desired_ep11_card(unsigned int dev_id, 1043 unsigned short target_num, 1044 struct ep11_target_dev *targets) 1045{ 1046 while (target_num-- > 0) { 1047 if (targets->ap_id == dev_id || targets->ap_id == AUTOSEL_AP) 1048 return true; 1049 targets++; 1050 } 1051 return false; 1052} 1053 1054static bool is_desired_ep11_queue(unsigned int dev_qid, 1055 unsigned short target_num, 1056 struct ep11_target_dev *targets) 1057{ 1058 int card = AP_QID_CARD(dev_qid), dom = AP_QID_QUEUE(dev_qid); 1059 1060 while (target_num-- > 0) { 1061 if ((targets->ap_id == card || targets->ap_id == AUTOSEL_AP) && 1062 (targets->dom_id == dom || targets->dom_id == AUTOSEL_DOM)) 1063 return true; 1064 targets++; 1065 } 1066 return false; 1067} 1068 1069static long _zcrypt_send_ep11_cprb(bool userspace, struct ap_perms *perms, 1070 struct zcrypt_track *tr, 1071 struct ep11_urb *xcrb) 1072{ 1073 struct zcrypt_card *zc, *pref_zc; 1074 struct zcrypt_queue *zq, *pref_zq; 1075 struct ep11_target_dev *targets; 1076 unsigned short target_num; 1077 unsigned int wgt = 0, pref_wgt = 0; 1078 unsigned int func_code, domain; 1079 struct ap_message ap_msg; 1080 int cpen, qpen, qid = 0, rc = -ENODEV; 1081 struct module *mod; 1082 1083 trace_s390_zcrypt_req(xcrb, TP_ZSENDEP11CPRB); 1084 1085 ap_init_message(&ap_msg); 1086 1087#ifdef CONFIG_ZCRYPT_DEBUG 1088 if (tr && tr->fi.cmd) 1089 ap_msg.fi.cmd = tr->fi.cmd; 1090#endif 1091 1092 target_num = (unsigned short)xcrb->targets_num; 1093 1094 /* empty list indicates autoselect (all available targets) */ 1095 targets = NULL; 1096 if (target_num != 0) { 1097 struct ep11_target_dev __user *uptr; 1098 1099 targets = kcalloc(target_num, sizeof(*targets), GFP_KERNEL); 1100 if (!targets) { 1101 func_code = 0; 1102 rc = -ENOMEM; 1103 goto out; 1104 } 1105 1106 uptr = (struct ep11_target_dev __force __user *)xcrb->targets; 1107 if (z_copy_from_user(userspace, targets, uptr, 1108 target_num * sizeof(*targets))) { 1109 func_code = 0; 1110 rc = -EFAULT; 1111 goto out_free; 1112 } 1113 } 1114 1115 rc = prep_ep11_ap_msg(userspace, xcrb, &ap_msg, &func_code, &domain); 1116 if (rc) 1117 goto out_free; 1118 1119 if (perms != &ap_perms && domain < AUTOSEL_DOM) { 1120 if (ap_msg.flags & AP_MSG_FLAG_ADMIN) { 1121 if (!test_bit_inv(domain, perms->adm)) { 1122 rc = -ENODEV; 1123 goto out_free; 1124 } 1125 } else if ((ap_msg.flags & AP_MSG_FLAG_USAGE) == 0) { 1126 rc = -EOPNOTSUPP; 1127 goto out_free; 1128 } 1129 } 1130 1131 pref_zc = NULL; 1132 pref_zq = NULL; 1133 spin_lock(&zcrypt_list_lock); 1134 for_each_zcrypt_card(zc) { 1135 /* Check for usable EP11 card */ 1136 if (!zc->online || !zc->card->config || zc->card->chkstop || 1137 !(zc->card->functions & 0x04000000)) 1138 continue; 1139 /* Check for user selected EP11 card */ 1140 if (targets && 1141 !is_desired_ep11_card(zc->card->id, target_num, targets)) 1142 continue; 1143 /* check if request size exceeds card max msg size */ 1144 if (ap_msg.len > zc->card->maxmsgsize) 1145 continue; 1146 /* check if device node has admission for this card */ 1147 if (!zcrypt_check_card(perms, zc->card->id)) 1148 continue; 1149 /* get weight index of the card device */ 1150 wgt = speed_idx_ep11(func_code) * zc->speed_rating[SECKEY]; 1151 /* penalty if this msg was previously sent via this card */ 1152 cpen = (tr && tr->again_counter && tr->last_qid && 1153 AP_QID_CARD(tr->last_qid) == zc->card->id) ? 1154 TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0; 1155 if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt)) 1156 continue; 1157 for_each_zcrypt_queue(zq, zc) { 1158 /* check if device is usable and eligible */ 1159 if (!zq->online || !zq->ops->send_ep11_cprb || 1160 !zq->queue->config || zq->queue->chkstop || 1161 (targets && 1162 !is_desired_ep11_queue(zq->queue->qid, 1163 target_num, targets))) 1164 continue; 1165 /* check if device node has admission for this queue */ 1166 if (!zcrypt_check_queue(perms, 1167 AP_QID_QUEUE(zq->queue->qid))) 1168 continue; 1169 /* penalty if the msg was previously sent at this qid */ 1170 qpen = (tr && tr->again_counter && tr->last_qid && 1171 tr->last_qid == zq->queue->qid) ? 1172 TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0; 1173 if (!zcrypt_queue_compare(zq, pref_zq, 1174 wgt + cpen + qpen, pref_wgt)) 1175 continue; 1176 pref_zc = zc; 1177 pref_zq = zq; 1178 pref_wgt = wgt + cpen + qpen; 1179 } 1180 } 1181 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt); 1182 spin_unlock(&zcrypt_list_lock); 1183 1184 if (!pref_zq) { 1185 if (targets && target_num == 1) { 1186 ZCRYPT_DBF_DBG("%s no match for address %02x.%04x => ENODEV\n", 1187 __func__, (int)targets->ap_id, 1188 (int)targets->dom_id); 1189 } else if (targets) { 1190 ZCRYPT_DBF_DBG("%s no match for %d target addrs => ENODEV\n", 1191 __func__, (int)target_num); 1192 } else { 1193 ZCRYPT_DBF_DBG("%s no match for address ff.ffff => ENODEV\n", 1194 __func__); 1195 } 1196 rc = -ENODEV; 1197 goto out_free; 1198 } 1199 1200 qid = pref_zq->queue->qid; 1201 rc = pref_zq->ops->send_ep11_cprb(userspace, pref_zq, xcrb, &ap_msg); 1202 1203 spin_lock(&zcrypt_list_lock); 1204 zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt); 1205 spin_unlock(&zcrypt_list_lock); 1206 1207out_free: 1208 kfree(targets); 1209out: 1210 ap_release_message(&ap_msg); 1211 if (tr) { 1212 tr->last_rc = rc; 1213 tr->last_qid = qid; 1214 } 1215 trace_s390_zcrypt_rep(xcrb, func_code, rc, 1216 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 1217 return rc; 1218} 1219 1220long zcrypt_send_ep11_cprb(struct ep11_urb *xcrb) 1221{ 1222 return _zcrypt_send_ep11_cprb(false, &ap_perms, NULL, xcrb); 1223} 1224EXPORT_SYMBOL(zcrypt_send_ep11_cprb); 1225 1226static long zcrypt_rng(char *buffer) 1227{ 1228 struct zcrypt_card *zc, *pref_zc; 1229 struct zcrypt_queue *zq, *pref_zq; 1230 unsigned int wgt = 0, pref_wgt = 0; 1231 unsigned int func_code; 1232 struct ap_message ap_msg; 1233 unsigned int domain; 1234 int qid = 0, rc = -ENODEV; 1235 struct module *mod; 1236 1237 trace_s390_zcrypt_req(buffer, TP_HWRNGCPRB); 1238 1239 ap_init_message(&ap_msg); 1240 rc = prep_rng_ap_msg(&ap_msg, &func_code, &domain); 1241 if (rc) 1242 goto out; 1243 1244 pref_zc = NULL; 1245 pref_zq = NULL; 1246 spin_lock(&zcrypt_list_lock); 1247 for_each_zcrypt_card(zc) { 1248 /* Check for usable CCA card */ 1249 if (!zc->online || !zc->card->config || zc->card->chkstop || 1250 !(zc->card->functions & 0x10000000)) 1251 continue; 1252 /* get weight index of the card device */ 1253 wgt = zc->speed_rating[func_code]; 1254 if (!zcrypt_card_compare(zc, pref_zc, wgt, pref_wgt)) 1255 continue; 1256 for_each_zcrypt_queue(zq, zc) { 1257 /* check if device is usable and eligible */ 1258 if (!zq->online || !zq->ops->rng || 1259 !zq->queue->config || zq->queue->chkstop) 1260 continue; 1261 if (!zcrypt_queue_compare(zq, pref_zq, wgt, pref_wgt)) 1262 continue; 1263 pref_zc = zc; 1264 pref_zq = zq; 1265 pref_wgt = wgt; 1266 } 1267 } 1268 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt); 1269 spin_unlock(&zcrypt_list_lock); 1270 1271 if (!pref_zq) { 1272 ZCRYPT_DBF_DBG("%s no matching queue found => ENODEV\n", 1273 __func__); 1274 rc = -ENODEV; 1275 goto out; 1276 } 1277 1278 qid = pref_zq->queue->qid; 1279 rc = pref_zq->ops->rng(pref_zq, buffer, &ap_msg); 1280 1281 spin_lock(&zcrypt_list_lock); 1282 zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt); 1283 spin_unlock(&zcrypt_list_lock); 1284 1285out: 1286 ap_release_message(&ap_msg); 1287 trace_s390_zcrypt_rep(buffer, func_code, rc, 1288 AP_QID_CARD(qid), AP_QID_QUEUE(qid)); 1289 return rc; 1290} 1291 1292static void zcrypt_device_status_mask(struct zcrypt_device_status *devstatus) 1293{ 1294 struct zcrypt_card *zc; 1295 struct zcrypt_queue *zq; 1296 struct zcrypt_device_status *stat; 1297 int card, queue; 1298 1299 memset(devstatus, 0, MAX_ZDEV_ENTRIES 1300 * sizeof(struct zcrypt_device_status)); 1301 1302 spin_lock(&zcrypt_list_lock); 1303 for_each_zcrypt_card(zc) { 1304 for_each_zcrypt_queue(zq, zc) { 1305 card = AP_QID_CARD(zq->queue->qid); 1306 if (card >= MAX_ZDEV_CARDIDS) 1307 continue; 1308 queue = AP_QID_QUEUE(zq->queue->qid); 1309 stat = &devstatus[card * AP_DOMAINS + queue]; 1310 stat->hwtype = zc->card->ap_dev.device_type; 1311 stat->functions = zc->card->functions >> 26; 1312 stat->qid = zq->queue->qid; 1313 stat->online = zq->online ? 0x01 : 0x00; 1314 } 1315 } 1316 spin_unlock(&zcrypt_list_lock); 1317} 1318 1319void zcrypt_device_status_mask_ext(struct zcrypt_device_status_ext *devstatus) 1320{ 1321 struct zcrypt_card *zc; 1322 struct zcrypt_queue *zq; 1323 struct zcrypt_device_status_ext *stat; 1324 int card, queue; 1325 1326 memset(devstatus, 0, MAX_ZDEV_ENTRIES_EXT 1327 * sizeof(struct zcrypt_device_status_ext)); 1328 1329 spin_lock(&zcrypt_list_lock); 1330 for_each_zcrypt_card(zc) { 1331 for_each_zcrypt_queue(zq, zc) { 1332 card = AP_QID_CARD(zq->queue->qid); 1333 queue = AP_QID_QUEUE(zq->queue->qid); 1334 stat = &devstatus[card * AP_DOMAINS + queue]; 1335 stat->hwtype = zc->card->ap_dev.device_type; 1336 stat->functions = zc->card->functions >> 26; 1337 stat->qid = zq->queue->qid; 1338 stat->online = zq->online ? 0x01 : 0x00; 1339 } 1340 } 1341 spin_unlock(&zcrypt_list_lock); 1342} 1343EXPORT_SYMBOL(zcrypt_device_status_mask_ext); 1344 1345int zcrypt_device_status_ext(int card, int queue, 1346 struct zcrypt_device_status_ext *devstat) 1347{ 1348 struct zcrypt_card *zc; 1349 struct zcrypt_queue *zq; 1350 1351 memset(devstat, 0, sizeof(*devstat)); 1352 1353 spin_lock(&zcrypt_list_lock); 1354 for_each_zcrypt_card(zc) { 1355 for_each_zcrypt_queue(zq, zc) { 1356 if (card == AP_QID_CARD(zq->queue->qid) && 1357 queue == AP_QID_QUEUE(zq->queue->qid)) { 1358 devstat->hwtype = zc->card->ap_dev.device_type; 1359 devstat->functions = zc->card->functions >> 26; 1360 devstat->qid = zq->queue->qid; 1361 devstat->online = zq->online ? 0x01 : 0x00; 1362 spin_unlock(&zcrypt_list_lock); 1363 return 0; 1364 } 1365 } 1366 } 1367 spin_unlock(&zcrypt_list_lock); 1368 1369 return -ENODEV; 1370} 1371EXPORT_SYMBOL(zcrypt_device_status_ext); 1372 1373static void zcrypt_status_mask(char status[], size_t max_adapters) 1374{ 1375 struct zcrypt_card *zc; 1376 struct zcrypt_queue *zq; 1377 int card; 1378 1379 memset(status, 0, max_adapters); 1380 spin_lock(&zcrypt_list_lock); 1381 for_each_zcrypt_card(zc) { 1382 for_each_zcrypt_queue(zq, zc) { 1383 card = AP_QID_CARD(zq->queue->qid); 1384 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index || 1385 card >= max_adapters) 1386 continue; 1387 status[card] = zc->online ? zc->user_space_type : 0x0d; 1388 } 1389 } 1390 spin_unlock(&zcrypt_list_lock); 1391} 1392 1393static void zcrypt_qdepth_mask(char qdepth[], size_t max_adapters) 1394{ 1395 struct zcrypt_card *zc; 1396 struct zcrypt_queue *zq; 1397 int card; 1398 1399 memset(qdepth, 0, max_adapters); 1400 spin_lock(&zcrypt_list_lock); 1401 local_bh_disable(); 1402 for_each_zcrypt_card(zc) { 1403 for_each_zcrypt_queue(zq, zc) { 1404 card = AP_QID_CARD(zq->queue->qid); 1405 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index || 1406 card >= max_adapters) 1407 continue; 1408 spin_lock(&zq->queue->lock); 1409 qdepth[card] = 1410 zq->queue->pendingq_count + 1411 zq->queue->requestq_count; 1412 spin_unlock(&zq->queue->lock); 1413 } 1414 } 1415 local_bh_enable(); 1416 spin_unlock(&zcrypt_list_lock); 1417} 1418 1419static void zcrypt_perdev_reqcnt(u32 reqcnt[], size_t max_adapters) 1420{ 1421 struct zcrypt_card *zc; 1422 struct zcrypt_queue *zq; 1423 int card; 1424 u64 cnt; 1425 1426 memset(reqcnt, 0, sizeof(int) * max_adapters); 1427 spin_lock(&zcrypt_list_lock); 1428 local_bh_disable(); 1429 for_each_zcrypt_card(zc) { 1430 for_each_zcrypt_queue(zq, zc) { 1431 card = AP_QID_CARD(zq->queue->qid); 1432 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index || 1433 card >= max_adapters) 1434 continue; 1435 spin_lock(&zq->queue->lock); 1436 cnt = zq->queue->total_request_count; 1437 spin_unlock(&zq->queue->lock); 1438 reqcnt[card] = (cnt < UINT_MAX) ? (u32)cnt : UINT_MAX; 1439 } 1440 } 1441 local_bh_enable(); 1442 spin_unlock(&zcrypt_list_lock); 1443} 1444 1445static int zcrypt_pendingq_count(void) 1446{ 1447 struct zcrypt_card *zc; 1448 struct zcrypt_queue *zq; 1449 int pendingq_count; 1450 1451 pendingq_count = 0; 1452 spin_lock(&zcrypt_list_lock); 1453 local_bh_disable(); 1454 for_each_zcrypt_card(zc) { 1455 for_each_zcrypt_queue(zq, zc) { 1456 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index) 1457 continue; 1458 spin_lock(&zq->queue->lock); 1459 pendingq_count += zq->queue->pendingq_count; 1460 spin_unlock(&zq->queue->lock); 1461 } 1462 } 1463 local_bh_enable(); 1464 spin_unlock(&zcrypt_list_lock); 1465 return pendingq_count; 1466} 1467 1468static int zcrypt_requestq_count(void) 1469{ 1470 struct zcrypt_card *zc; 1471 struct zcrypt_queue *zq; 1472 int requestq_count; 1473 1474 requestq_count = 0; 1475 spin_lock(&zcrypt_list_lock); 1476 local_bh_disable(); 1477 for_each_zcrypt_card(zc) { 1478 for_each_zcrypt_queue(zq, zc) { 1479 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index) 1480 continue; 1481 spin_lock(&zq->queue->lock); 1482 requestq_count += zq->queue->requestq_count; 1483 spin_unlock(&zq->queue->lock); 1484 } 1485 } 1486 local_bh_enable(); 1487 spin_unlock(&zcrypt_list_lock); 1488 return requestq_count; 1489} 1490 1491static int icarsamodexpo_ioctl(struct ap_perms *perms, unsigned long arg) 1492{ 1493 int rc; 1494 struct zcrypt_track tr; 1495 struct ica_rsa_modexpo mex; 1496 struct ica_rsa_modexpo __user *umex = (void __user *)arg; 1497 1498 memset(&tr, 0, sizeof(tr)); 1499 if (copy_from_user(&mex, umex, sizeof(mex))) 1500 return -EFAULT; 1501 1502#ifdef CONFIG_ZCRYPT_DEBUG 1503 if (mex.inputdatalength & (1U << 31)) { 1504 if (!capable(CAP_SYS_ADMIN)) 1505 return -EPERM; 1506 tr.fi.cmd = (u16)(mex.inputdatalength >> 16); 1507 } 1508 mex.inputdatalength &= 0x0000FFFF; 1509#endif 1510 1511 do { 1512 rc = zcrypt_rsa_modexpo(perms, &tr, &mex); 1513 if (rc == -EAGAIN) 1514 tr.again_counter++; 1515#ifdef CONFIG_ZCRYPT_DEBUG 1516 if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY)) 1517 break; 1518#endif 1519 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1520 /* on failure: retry once again after a requested rescan */ 1521 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1522 do { 1523 rc = zcrypt_rsa_modexpo(perms, &tr, &mex); 1524 if (rc == -EAGAIN) 1525 tr.again_counter++; 1526 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1527 if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX) 1528 rc = -EIO; 1529 if (rc) { 1530 ZCRYPT_DBF_DBG("ioctl ICARSAMODEXPO rc=%d\n", rc); 1531 return rc; 1532 } 1533 return put_user(mex.outputdatalength, &umex->outputdatalength); 1534} 1535 1536static int icarsacrt_ioctl(struct ap_perms *perms, unsigned long arg) 1537{ 1538 int rc; 1539 struct zcrypt_track tr; 1540 struct ica_rsa_modexpo_crt crt; 1541 struct ica_rsa_modexpo_crt __user *ucrt = (void __user *)arg; 1542 1543 memset(&tr, 0, sizeof(tr)); 1544 if (copy_from_user(&crt, ucrt, sizeof(crt))) 1545 return -EFAULT; 1546 1547#ifdef CONFIG_ZCRYPT_DEBUG 1548 if (crt.inputdatalength & (1U << 31)) { 1549 if (!capable(CAP_SYS_ADMIN)) 1550 return -EPERM; 1551 tr.fi.cmd = (u16)(crt.inputdatalength >> 16); 1552 } 1553 crt.inputdatalength &= 0x0000FFFF; 1554#endif 1555 1556 do { 1557 rc = zcrypt_rsa_crt(perms, &tr, &crt); 1558 if (rc == -EAGAIN) 1559 tr.again_counter++; 1560#ifdef CONFIG_ZCRYPT_DEBUG 1561 if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY)) 1562 break; 1563#endif 1564 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1565 /* on failure: retry once again after a requested rescan */ 1566 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1567 do { 1568 rc = zcrypt_rsa_crt(perms, &tr, &crt); 1569 if (rc == -EAGAIN) 1570 tr.again_counter++; 1571 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1572 if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX) 1573 rc = -EIO; 1574 if (rc) { 1575 ZCRYPT_DBF_DBG("ioctl ICARSACRT rc=%d\n", rc); 1576 return rc; 1577 } 1578 return put_user(crt.outputdatalength, &ucrt->outputdatalength); 1579} 1580 1581static int zsecsendcprb_ioctl(struct ap_perms *perms, unsigned long arg) 1582{ 1583 int rc; 1584 struct ica_xcRB xcrb; 1585 struct zcrypt_track tr; 1586 struct ica_xcRB __user *uxcrb = (void __user *)arg; 1587 1588 memset(&tr, 0, sizeof(tr)); 1589 if (copy_from_user(&xcrb, uxcrb, sizeof(xcrb))) 1590 return -EFAULT; 1591 1592#ifdef CONFIG_ZCRYPT_DEBUG 1593 if ((xcrb.status & 0x8000FFFF) == 0x80004649 /* 'FI' */) { 1594 if (!capable(CAP_SYS_ADMIN)) 1595 return -EPERM; 1596 tr.fi.cmd = (u16)(xcrb.status >> 16); 1597 } 1598 xcrb.status = 0; 1599#endif 1600 1601 do { 1602 rc = _zcrypt_send_cprb(true, perms, &tr, &xcrb); 1603 if (rc == -EAGAIN) 1604 tr.again_counter++; 1605#ifdef CONFIG_ZCRYPT_DEBUG 1606 if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY)) 1607 break; 1608#endif 1609 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1610 /* on failure: retry once again after a requested rescan */ 1611 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1612 do { 1613 rc = _zcrypt_send_cprb(true, perms, &tr, &xcrb); 1614 if (rc == -EAGAIN) 1615 tr.again_counter++; 1616 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1617 if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX) 1618 rc = -EIO; 1619 if (rc) 1620 ZCRYPT_DBF_DBG("ioctl ZSENDCPRB rc=%d status=0x%x\n", 1621 rc, xcrb.status); 1622 if (copy_to_user(uxcrb, &xcrb, sizeof(xcrb))) 1623 return -EFAULT; 1624 return rc; 1625} 1626 1627static int zsendep11cprb_ioctl(struct ap_perms *perms, unsigned long arg) 1628{ 1629 int rc; 1630 struct ep11_urb xcrb; 1631 struct zcrypt_track tr; 1632 struct ep11_urb __user *uxcrb = (void __user *)arg; 1633 1634 memset(&tr, 0, sizeof(tr)); 1635 if (copy_from_user(&xcrb, uxcrb, sizeof(xcrb))) 1636 return -EFAULT; 1637 1638#ifdef CONFIG_ZCRYPT_DEBUG 1639 if (xcrb.req_len & (1ULL << 63)) { 1640 if (!capable(CAP_SYS_ADMIN)) 1641 return -EPERM; 1642 tr.fi.cmd = (u16)(xcrb.req_len >> 48); 1643 } 1644 xcrb.req_len &= 0x0000FFFFFFFFFFFFULL; 1645#endif 1646 1647 do { 1648 rc = _zcrypt_send_ep11_cprb(true, perms, &tr, &xcrb); 1649 if (rc == -EAGAIN) 1650 tr.again_counter++; 1651#ifdef CONFIG_ZCRYPT_DEBUG 1652 if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY)) 1653 break; 1654#endif 1655 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1656 /* on failure: retry once again after a requested rescan */ 1657 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1658 do { 1659 rc = _zcrypt_send_ep11_cprb(true, perms, &tr, &xcrb); 1660 if (rc == -EAGAIN) 1661 tr.again_counter++; 1662 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1663 if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX) 1664 rc = -EIO; 1665 if (rc) 1666 ZCRYPT_DBF_DBG("ioctl ZSENDEP11CPRB rc=%d\n", rc); 1667 if (copy_to_user(uxcrb, &xcrb, sizeof(xcrb))) 1668 return -EFAULT; 1669 return rc; 1670} 1671 1672static long zcrypt_unlocked_ioctl(struct file *filp, unsigned int cmd, 1673 unsigned long arg) 1674{ 1675 int rc; 1676 struct ap_perms *perms = 1677 (struct ap_perms *)filp->private_data; 1678 1679 rc = zcrypt_check_ioctl(perms, cmd); 1680 if (rc) 1681 return rc; 1682 1683 switch (cmd) { 1684 case ICARSAMODEXPO: 1685 return icarsamodexpo_ioctl(perms, arg); 1686 case ICARSACRT: 1687 return icarsacrt_ioctl(perms, arg); 1688 case ZSECSENDCPRB: 1689 return zsecsendcprb_ioctl(perms, arg); 1690 case ZSENDEP11CPRB: 1691 return zsendep11cprb_ioctl(perms, arg); 1692 case ZCRYPT_DEVICE_STATUS: { 1693 struct zcrypt_device_status_ext *device_status; 1694 size_t total_size = MAX_ZDEV_ENTRIES_EXT 1695 * sizeof(struct zcrypt_device_status_ext); 1696 1697 device_status = kzalloc(total_size, GFP_KERNEL); 1698 if (!device_status) 1699 return -ENOMEM; 1700 zcrypt_device_status_mask_ext(device_status); 1701 if (copy_to_user((char __user *)arg, device_status, 1702 total_size)) 1703 rc = -EFAULT; 1704 kfree(device_status); 1705 return rc; 1706 } 1707 case ZCRYPT_STATUS_MASK: { 1708 char status[AP_DEVICES]; 1709 1710 zcrypt_status_mask(status, AP_DEVICES); 1711 if (copy_to_user((char __user *)arg, status, sizeof(status))) 1712 return -EFAULT; 1713 return 0; 1714 } 1715 case ZCRYPT_QDEPTH_MASK: { 1716 char qdepth[AP_DEVICES]; 1717 1718 zcrypt_qdepth_mask(qdepth, AP_DEVICES); 1719 if (copy_to_user((char __user *)arg, qdepth, sizeof(qdepth))) 1720 return -EFAULT; 1721 return 0; 1722 } 1723 case ZCRYPT_PERDEV_REQCNT: { 1724 u32 *reqcnt; 1725 1726 reqcnt = kcalloc(AP_DEVICES, sizeof(u32), GFP_KERNEL); 1727 if (!reqcnt) 1728 return -ENOMEM; 1729 zcrypt_perdev_reqcnt(reqcnt, AP_DEVICES); 1730 if (copy_to_user((int __user *)arg, reqcnt, 1731 sizeof(u32) * AP_DEVICES)) 1732 rc = -EFAULT; 1733 kfree(reqcnt); 1734 return rc; 1735 } 1736 case Z90STAT_REQUESTQ_COUNT: 1737 return put_user(zcrypt_requestq_count(), (int __user *)arg); 1738 case Z90STAT_PENDINGQ_COUNT: 1739 return put_user(zcrypt_pendingq_count(), (int __user *)arg); 1740 case Z90STAT_TOTALOPEN_COUNT: 1741 return put_user(atomic_read(&zcrypt_open_count), 1742 (int __user *)arg); 1743 case Z90STAT_DOMAIN_INDEX: 1744 return put_user(ap_domain_index, (int __user *)arg); 1745 /* 1746 * Deprecated ioctls 1747 */ 1748 case ZDEVICESTATUS: { 1749 /* the old ioctl supports only 64 adapters */ 1750 struct zcrypt_device_status *device_status; 1751 size_t total_size = MAX_ZDEV_ENTRIES 1752 * sizeof(struct zcrypt_device_status); 1753 1754 device_status = kzalloc(total_size, GFP_KERNEL); 1755 if (!device_status) 1756 return -ENOMEM; 1757 zcrypt_device_status_mask(device_status); 1758 if (copy_to_user((char __user *)arg, device_status, 1759 total_size)) 1760 rc = -EFAULT; 1761 kfree(device_status); 1762 return rc; 1763 } 1764 case Z90STAT_STATUS_MASK: { 1765 /* the old ioctl supports only 64 adapters */ 1766 char status[MAX_ZDEV_CARDIDS]; 1767 1768 zcrypt_status_mask(status, MAX_ZDEV_CARDIDS); 1769 if (copy_to_user((char __user *)arg, status, sizeof(status))) 1770 return -EFAULT; 1771 return 0; 1772 } 1773 case Z90STAT_QDEPTH_MASK: { 1774 /* the old ioctl supports only 64 adapters */ 1775 char qdepth[MAX_ZDEV_CARDIDS]; 1776 1777 zcrypt_qdepth_mask(qdepth, MAX_ZDEV_CARDIDS); 1778 if (copy_to_user((char __user *)arg, qdepth, sizeof(qdepth))) 1779 return -EFAULT; 1780 return 0; 1781 } 1782 case Z90STAT_PERDEV_REQCNT: { 1783 /* the old ioctl supports only 64 adapters */ 1784 u32 reqcnt[MAX_ZDEV_CARDIDS]; 1785 1786 zcrypt_perdev_reqcnt(reqcnt, MAX_ZDEV_CARDIDS); 1787 if (copy_to_user((int __user *)arg, reqcnt, sizeof(reqcnt))) 1788 return -EFAULT; 1789 return 0; 1790 } 1791 /* unknown ioctl number */ 1792 default: 1793 ZCRYPT_DBF_DBG("unknown ioctl 0x%08x\n", cmd); 1794 return -ENOIOCTLCMD; 1795 } 1796} 1797 1798#ifdef CONFIG_COMPAT 1799/* 1800 * ioctl32 conversion routines 1801 */ 1802struct compat_ica_rsa_modexpo { 1803 compat_uptr_t inputdata; 1804 unsigned int inputdatalength; 1805 compat_uptr_t outputdata; 1806 unsigned int outputdatalength; 1807 compat_uptr_t b_key; 1808 compat_uptr_t n_modulus; 1809}; 1810 1811static long trans_modexpo32(struct ap_perms *perms, struct file *filp, 1812 unsigned int cmd, unsigned long arg) 1813{ 1814 struct compat_ica_rsa_modexpo __user *umex32 = compat_ptr(arg); 1815 struct compat_ica_rsa_modexpo mex32; 1816 struct ica_rsa_modexpo mex64; 1817 struct zcrypt_track tr; 1818 long rc; 1819 1820 memset(&tr, 0, sizeof(tr)); 1821 if (copy_from_user(&mex32, umex32, sizeof(mex32))) 1822 return -EFAULT; 1823 mex64.inputdata = compat_ptr(mex32.inputdata); 1824 mex64.inputdatalength = mex32.inputdatalength; 1825 mex64.outputdata = compat_ptr(mex32.outputdata); 1826 mex64.outputdatalength = mex32.outputdatalength; 1827 mex64.b_key = compat_ptr(mex32.b_key); 1828 mex64.n_modulus = compat_ptr(mex32.n_modulus); 1829 do { 1830 rc = zcrypt_rsa_modexpo(perms, &tr, &mex64); 1831 if (rc == -EAGAIN) 1832 tr.again_counter++; 1833 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1834 /* on failure: retry once again after a requested rescan */ 1835 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1836 do { 1837 rc = zcrypt_rsa_modexpo(perms, &tr, &mex64); 1838 if (rc == -EAGAIN) 1839 tr.again_counter++; 1840 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1841 if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX) 1842 rc = -EIO; 1843 if (rc) 1844 return rc; 1845 return put_user(mex64.outputdatalength, 1846 &umex32->outputdatalength); 1847} 1848 1849struct compat_ica_rsa_modexpo_crt { 1850 compat_uptr_t inputdata; 1851 unsigned int inputdatalength; 1852 compat_uptr_t outputdata; 1853 unsigned int outputdatalength; 1854 compat_uptr_t bp_key; 1855 compat_uptr_t bq_key; 1856 compat_uptr_t np_prime; 1857 compat_uptr_t nq_prime; 1858 compat_uptr_t u_mult_inv; 1859}; 1860 1861static long trans_modexpo_crt32(struct ap_perms *perms, struct file *filp, 1862 unsigned int cmd, unsigned long arg) 1863{ 1864 struct compat_ica_rsa_modexpo_crt __user *ucrt32 = compat_ptr(arg); 1865 struct compat_ica_rsa_modexpo_crt crt32; 1866 struct ica_rsa_modexpo_crt crt64; 1867 struct zcrypt_track tr; 1868 long rc; 1869 1870 memset(&tr, 0, sizeof(tr)); 1871 if (copy_from_user(&crt32, ucrt32, sizeof(crt32))) 1872 return -EFAULT; 1873 crt64.inputdata = compat_ptr(crt32.inputdata); 1874 crt64.inputdatalength = crt32.inputdatalength; 1875 crt64.outputdata = compat_ptr(crt32.outputdata); 1876 crt64.outputdatalength = crt32.outputdatalength; 1877 crt64.bp_key = compat_ptr(crt32.bp_key); 1878 crt64.bq_key = compat_ptr(crt32.bq_key); 1879 crt64.np_prime = compat_ptr(crt32.np_prime); 1880 crt64.nq_prime = compat_ptr(crt32.nq_prime); 1881 crt64.u_mult_inv = compat_ptr(crt32.u_mult_inv); 1882 do { 1883 rc = zcrypt_rsa_crt(perms, &tr, &crt64); 1884 if (rc == -EAGAIN) 1885 tr.again_counter++; 1886 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1887 /* on failure: retry once again after a requested rescan */ 1888 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1889 do { 1890 rc = zcrypt_rsa_crt(perms, &tr, &crt64); 1891 if (rc == -EAGAIN) 1892 tr.again_counter++; 1893 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1894 if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX) 1895 rc = -EIO; 1896 if (rc) 1897 return rc; 1898 return put_user(crt64.outputdatalength, 1899 &ucrt32->outputdatalength); 1900} 1901 1902struct compat_ica_xcrb { 1903 unsigned short agent_ID; 1904 unsigned int user_defined; 1905 unsigned short request_ID; 1906 unsigned int request_control_blk_length; 1907 unsigned char padding1[16 - sizeof(compat_uptr_t)]; 1908 compat_uptr_t request_control_blk_addr; 1909 unsigned int request_data_length; 1910 char padding2[16 - sizeof(compat_uptr_t)]; 1911 compat_uptr_t request_data_address; 1912 unsigned int reply_control_blk_length; 1913 char padding3[16 - sizeof(compat_uptr_t)]; 1914 compat_uptr_t reply_control_blk_addr; 1915 unsigned int reply_data_length; 1916 char padding4[16 - sizeof(compat_uptr_t)]; 1917 compat_uptr_t reply_data_addr; 1918 unsigned short priority_window; 1919 unsigned int status; 1920} __packed; 1921 1922static long trans_xcrb32(struct ap_perms *perms, struct file *filp, 1923 unsigned int cmd, unsigned long arg) 1924{ 1925 struct compat_ica_xcrb __user *uxcrb32 = compat_ptr(arg); 1926 struct compat_ica_xcrb xcrb32; 1927 struct zcrypt_track tr; 1928 struct ica_xcRB xcrb64; 1929 long rc; 1930 1931 memset(&tr, 0, sizeof(tr)); 1932 if (copy_from_user(&xcrb32, uxcrb32, sizeof(xcrb32))) 1933 return -EFAULT; 1934 xcrb64.agent_ID = xcrb32.agent_ID; 1935 xcrb64.user_defined = xcrb32.user_defined; 1936 xcrb64.request_ID = xcrb32.request_ID; 1937 xcrb64.request_control_blk_length = 1938 xcrb32.request_control_blk_length; 1939 xcrb64.request_control_blk_addr = 1940 compat_ptr(xcrb32.request_control_blk_addr); 1941 xcrb64.request_data_length = 1942 xcrb32.request_data_length; 1943 xcrb64.request_data_address = 1944 compat_ptr(xcrb32.request_data_address); 1945 xcrb64.reply_control_blk_length = 1946 xcrb32.reply_control_blk_length; 1947 xcrb64.reply_control_blk_addr = 1948 compat_ptr(xcrb32.reply_control_blk_addr); 1949 xcrb64.reply_data_length = xcrb32.reply_data_length; 1950 xcrb64.reply_data_addr = 1951 compat_ptr(xcrb32.reply_data_addr); 1952 xcrb64.priority_window = xcrb32.priority_window; 1953 xcrb64.status = xcrb32.status; 1954 do { 1955 rc = _zcrypt_send_cprb(true, perms, &tr, &xcrb64); 1956 if (rc == -EAGAIN) 1957 tr.again_counter++; 1958 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1959 /* on failure: retry once again after a requested rescan */ 1960 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 1961 do { 1962 rc = _zcrypt_send_cprb(true, perms, &tr, &xcrb64); 1963 if (rc == -EAGAIN) 1964 tr.again_counter++; 1965 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); 1966 if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX) 1967 rc = -EIO; 1968 xcrb32.reply_control_blk_length = xcrb64.reply_control_blk_length; 1969 xcrb32.reply_data_length = xcrb64.reply_data_length; 1970 xcrb32.status = xcrb64.status; 1971 if (copy_to_user(uxcrb32, &xcrb32, sizeof(xcrb32))) 1972 return -EFAULT; 1973 return rc; 1974} 1975 1976static long zcrypt_compat_ioctl(struct file *filp, unsigned int cmd, 1977 unsigned long arg) 1978{ 1979 int rc; 1980 struct ap_perms *perms = 1981 (struct ap_perms *)filp->private_data; 1982 1983 rc = zcrypt_check_ioctl(perms, cmd); 1984 if (rc) 1985 return rc; 1986 1987 if (cmd == ICARSAMODEXPO) 1988 return trans_modexpo32(perms, filp, cmd, arg); 1989 if (cmd == ICARSACRT) 1990 return trans_modexpo_crt32(perms, filp, cmd, arg); 1991 if (cmd == ZSECSENDCPRB) 1992 return trans_xcrb32(perms, filp, cmd, arg); 1993 return zcrypt_unlocked_ioctl(filp, cmd, arg); 1994} 1995#endif 1996 1997/* 1998 * Misc device file operations. 1999 */ 2000static const struct file_operations zcrypt_fops = { 2001 .owner = THIS_MODULE, 2002 .read = zcrypt_read, 2003 .write = zcrypt_write, 2004 .unlocked_ioctl = zcrypt_unlocked_ioctl, 2005#ifdef CONFIG_COMPAT 2006 .compat_ioctl = zcrypt_compat_ioctl, 2007#endif 2008 .open = zcrypt_open, 2009 .release = zcrypt_release, 2010 .llseek = no_llseek, 2011}; 2012 2013/* 2014 * Misc device. 2015 */ 2016static struct miscdevice zcrypt_misc_device = { 2017 .minor = MISC_DYNAMIC_MINOR, 2018 .name = "z90crypt", 2019 .fops = &zcrypt_fops, 2020}; 2021 2022static int zcrypt_rng_device_count; 2023static u32 *zcrypt_rng_buffer; 2024static int zcrypt_rng_buffer_index; 2025static DEFINE_MUTEX(zcrypt_rng_mutex); 2026 2027static int zcrypt_rng_data_read(struct hwrng *rng, u32 *data) 2028{ 2029 int rc; 2030 2031 /* 2032 * We don't need locking here because the RNG API guarantees serialized 2033 * read method calls. 2034 */ 2035 if (zcrypt_rng_buffer_index == 0) { 2036 rc = zcrypt_rng((char *)zcrypt_rng_buffer); 2037 /* on failure: retry once again after a requested rescan */ 2038 if ((rc == -ENODEV) && (zcrypt_process_rescan())) 2039 rc = zcrypt_rng((char *)zcrypt_rng_buffer); 2040 if (rc < 0) 2041 return -EIO; 2042 zcrypt_rng_buffer_index = rc / sizeof(*data); 2043 } 2044 *data = zcrypt_rng_buffer[--zcrypt_rng_buffer_index]; 2045 return sizeof(*data); 2046} 2047 2048static struct hwrng zcrypt_rng_dev = { 2049 .name = "zcrypt", 2050 .data_read = zcrypt_rng_data_read, 2051 .quality = 990, 2052}; 2053 2054int zcrypt_rng_device_add(void) 2055{ 2056 int rc = 0; 2057 2058 mutex_lock(&zcrypt_rng_mutex); 2059 if (zcrypt_rng_device_count == 0) { 2060 zcrypt_rng_buffer = (u32 *)get_zeroed_page(GFP_KERNEL); 2061 if (!zcrypt_rng_buffer) { 2062 rc = -ENOMEM; 2063 goto out; 2064 } 2065 zcrypt_rng_buffer_index = 0; 2066 if (!zcrypt_hwrng_seed) 2067 zcrypt_rng_dev.quality = 0; 2068 rc = hwrng_register(&zcrypt_rng_dev); 2069 if (rc) 2070 goto out_free; 2071 zcrypt_rng_device_count = 1; 2072 } else { 2073 zcrypt_rng_device_count++; 2074 } 2075 mutex_unlock(&zcrypt_rng_mutex); 2076 return 0; 2077 2078out_free: 2079 free_page((unsigned long)zcrypt_rng_buffer); 2080out: 2081 mutex_unlock(&zcrypt_rng_mutex); 2082 return rc; 2083} 2084 2085void zcrypt_rng_device_remove(void) 2086{ 2087 mutex_lock(&zcrypt_rng_mutex); 2088 zcrypt_rng_device_count--; 2089 if (zcrypt_rng_device_count == 0) { 2090 hwrng_unregister(&zcrypt_rng_dev); 2091 free_page((unsigned long)zcrypt_rng_buffer); 2092 } 2093 mutex_unlock(&zcrypt_rng_mutex); 2094} 2095 2096/* 2097 * Wait until the zcrypt api is operational. 2098 * The AP bus scan and the binding of ap devices to device drivers is 2099 * an asynchronous job. This function waits until these initial jobs 2100 * are done and so the zcrypt api should be ready to serve crypto 2101 * requests - if there are resources available. The function uses an 2102 * internal timeout of 60s. The very first caller will either wait for 2103 * ap bus bindings complete or the timeout happens. This state will be 2104 * remembered for further callers which will only be blocked until a 2105 * decision is made (timeout or bindings complete). 2106 * On timeout -ETIME is returned, on success the return value is 0. 2107 */ 2108int zcrypt_wait_api_operational(void) 2109{ 2110 static DEFINE_MUTEX(zcrypt_wait_api_lock); 2111 static int zcrypt_wait_api_state; 2112 int rc; 2113 2114 rc = mutex_lock_interruptible(&zcrypt_wait_api_lock); 2115 if (rc) 2116 return rc; 2117 2118 switch (zcrypt_wait_api_state) { 2119 case 0: 2120 /* initial state, invoke wait for the ap bus complete */ 2121 rc = ap_wait_init_apqn_bindings_complete( 2122 msecs_to_jiffies(60 * 1000)); 2123 switch (rc) { 2124 case 0: 2125 /* ap bus bindings are complete */ 2126 zcrypt_wait_api_state = 1; 2127 break; 2128 case -EINTR: 2129 /* interrupted, go back to caller */ 2130 break; 2131 case -ETIME: 2132 /* timeout */ 2133 ZCRYPT_DBF_WARN("%s ap_wait_init_apqn_bindings_complete()=ETIME\n", 2134 __func__); 2135 zcrypt_wait_api_state = -ETIME; 2136 break; 2137 default: 2138 /* other failure */ 2139 ZCRYPT_DBF_DBG("%s ap_wait_init_apqn_bindings_complete()=%d\n", 2140 __func__, rc); 2141 break; 2142 } 2143 break; 2144 case 1: 2145 /* a previous caller already found ap bus bindings complete */ 2146 rc = 0; 2147 break; 2148 default: 2149 /* a previous caller had timeout or other failure */ 2150 rc = zcrypt_wait_api_state; 2151 break; 2152 } 2153 2154 mutex_unlock(&zcrypt_wait_api_lock); 2155 2156 return rc; 2157} 2158EXPORT_SYMBOL(zcrypt_wait_api_operational); 2159 2160int __init zcrypt_debug_init(void) 2161{ 2162 zcrypt_dbf_info = debug_register("zcrypt", 2, 1, 2163 DBF_MAX_SPRINTF_ARGS * sizeof(long)); 2164 debug_register_view(zcrypt_dbf_info, &debug_sprintf_view); 2165 debug_set_level(zcrypt_dbf_info, DBF_ERR); 2166 2167 return 0; 2168} 2169 2170void zcrypt_debug_exit(void) 2171{ 2172 debug_unregister(zcrypt_dbf_info); 2173} 2174 2175#ifdef CONFIG_ZCRYPT_MULTIDEVNODES 2176 2177static int __init zcdn_init(void) 2178{ 2179 int rc; 2180 2181 /* create a new class 'zcrypt' */ 2182 zcrypt_class = class_create(THIS_MODULE, ZCRYPT_NAME); 2183 if (IS_ERR(zcrypt_class)) { 2184 rc = PTR_ERR(zcrypt_class); 2185 goto out_class_create_failed; 2186 } 2187 zcrypt_class->dev_release = zcdn_device_release; 2188 2189 /* alloc device minor range */ 2190 rc = alloc_chrdev_region(&zcrypt_devt, 2191 0, ZCRYPT_MAX_MINOR_NODES, 2192 ZCRYPT_NAME); 2193 if (rc) 2194 goto out_alloc_chrdev_failed; 2195 2196 cdev_init(&zcrypt_cdev, &zcrypt_fops); 2197 zcrypt_cdev.owner = THIS_MODULE; 2198 rc = cdev_add(&zcrypt_cdev, zcrypt_devt, ZCRYPT_MAX_MINOR_NODES); 2199 if (rc) 2200 goto out_cdev_add_failed; 2201 2202 /* need some class specific sysfs attributes */ 2203 rc = class_create_file(zcrypt_class, &class_attr_zcdn_create); 2204 if (rc) 2205 goto out_class_create_file_1_failed; 2206 rc = class_create_file(zcrypt_class, &class_attr_zcdn_destroy); 2207 if (rc) 2208 goto out_class_create_file_2_failed; 2209 2210 return 0; 2211 2212out_class_create_file_2_failed: 2213 class_remove_file(zcrypt_class, &class_attr_zcdn_create); 2214out_class_create_file_1_failed: 2215 cdev_del(&zcrypt_cdev); 2216out_cdev_add_failed: 2217 unregister_chrdev_region(zcrypt_devt, ZCRYPT_MAX_MINOR_NODES); 2218out_alloc_chrdev_failed: 2219 class_destroy(zcrypt_class); 2220out_class_create_failed: 2221 return rc; 2222} 2223 2224static void zcdn_exit(void) 2225{ 2226 class_remove_file(zcrypt_class, &class_attr_zcdn_create); 2227 class_remove_file(zcrypt_class, &class_attr_zcdn_destroy); 2228 zcdn_destroy_all(); 2229 cdev_del(&zcrypt_cdev); 2230 unregister_chrdev_region(zcrypt_devt, ZCRYPT_MAX_MINOR_NODES); 2231 class_destroy(zcrypt_class); 2232} 2233 2234#endif 2235 2236/* 2237 * zcrypt_api_init(): Module initialization. 2238 * 2239 * The module initialization code. 2240 */ 2241int __init zcrypt_api_init(void) 2242{ 2243 int rc; 2244 2245 rc = zcrypt_debug_init(); 2246 if (rc) 2247 goto out; 2248 2249#ifdef CONFIG_ZCRYPT_MULTIDEVNODES 2250 rc = zcdn_init(); 2251 if (rc) 2252 goto out; 2253#endif 2254 2255 /* Register the request sprayer. */ 2256 rc = misc_register(&zcrypt_misc_device); 2257 if (rc < 0) 2258 goto out_misc_register_failed; 2259 2260 zcrypt_msgtype6_init(); 2261 zcrypt_msgtype50_init(); 2262 2263 return 0; 2264 2265out_misc_register_failed: 2266#ifdef CONFIG_ZCRYPT_MULTIDEVNODES 2267 zcdn_exit(); 2268#endif 2269 zcrypt_debug_exit(); 2270out: 2271 return rc; 2272} 2273 2274/* 2275 * zcrypt_api_exit(): Module termination. 2276 * 2277 * The module termination code. 2278 */ 2279void __exit zcrypt_api_exit(void) 2280{ 2281#ifdef CONFIG_ZCRYPT_MULTIDEVNODES 2282 zcdn_exit(); 2283#endif 2284 misc_deregister(&zcrypt_misc_device); 2285 zcrypt_msgtype6_exit(); 2286 zcrypt_msgtype50_exit(); 2287 zcrypt_ccamisc_exit(); 2288 zcrypt_ep11misc_exit(); 2289 zcrypt_debug_exit(); 2290} 2291 2292module_init(zcrypt_api_init); 2293module_exit(zcrypt_api_exit);