cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

chaoskey.c (13676B)


      1// SPDX-License-Identifier: GPL-2.0
      2/*
      3 * chaoskey - driver for ChaosKey device from Altus Metrum.
      4 *
      5 * This device provides true random numbers using a noise source based
      6 * on a reverse-biased p-n junction in avalanche breakdown. More
      7 * details can be found at http://chaoskey.org
      8 *
      9 * The driver connects to the kernel hardware RNG interface to provide
     10 * entropy for /dev/random and other kernel activities. It also offers
     11 * a separate /dev/ entry to allow for direct access to the random
     12 * bit stream.
     13 *
     14 * Copyright © 2015 Keith Packard <keithp@keithp.com>
     15 */
     16
     17#include <linux/module.h>
     18#include <linux/slab.h>
     19#include <linux/usb.h>
     20#include <linux/wait.h>
     21#include <linux/hw_random.h>
     22#include <linux/mutex.h>
     23#include <linux/uaccess.h>
     24
     25static struct usb_driver chaoskey_driver;
     26static struct usb_class_driver chaoskey_class;
     27static int chaoskey_rng_read(struct hwrng *rng, void *data,
     28			     size_t max, bool wait);
     29
     30#define usb_dbg(usb_if, format, arg...) \
     31	dev_dbg(&(usb_if)->dev, format, ## arg)
     32
     33#define usb_err(usb_if, format, arg...) \
     34	dev_err(&(usb_if)->dev, format, ## arg)
     35
     36/* Version Information */
     37#define DRIVER_AUTHOR	"Keith Packard, keithp@keithp.com"
     38#define DRIVER_DESC	"Altus Metrum ChaosKey driver"
     39#define DRIVER_SHORT	"chaoskey"
     40
     41MODULE_AUTHOR(DRIVER_AUTHOR);
     42MODULE_DESCRIPTION(DRIVER_DESC);
     43MODULE_LICENSE("GPL");
     44
     45#define CHAOSKEY_VENDOR_ID	0x1d50	/* OpenMoko */
     46#define CHAOSKEY_PRODUCT_ID	0x60c6	/* ChaosKey */
     47
     48#define ALEA_VENDOR_ID		0x12d8	/* Araneus */
     49#define ALEA_PRODUCT_ID		0x0001	/* Alea I */
     50
     51#define CHAOSKEY_BUF_LEN	64	/* max size of USB full speed packet */
     52
     53#define NAK_TIMEOUT (HZ)		/* normal stall/wait timeout */
     54#define ALEA_FIRST_TIMEOUT (HZ*3)	/* first stall/wait timeout for Alea */
     55
     56#ifdef CONFIG_USB_DYNAMIC_MINORS
     57#define USB_CHAOSKEY_MINOR_BASE 0
     58#else
     59
     60/* IOWARRIOR_MINOR_BASE + 16, not official yet */
     61#define USB_CHAOSKEY_MINOR_BASE 224
     62#endif
     63
     64static const struct usb_device_id chaoskey_table[] = {
     65	{ USB_DEVICE(CHAOSKEY_VENDOR_ID, CHAOSKEY_PRODUCT_ID) },
     66	{ USB_DEVICE(ALEA_VENDOR_ID, ALEA_PRODUCT_ID) },
     67	{ },
     68};
     69MODULE_DEVICE_TABLE(usb, chaoskey_table);
     70
     71static void chaos_read_callback(struct urb *urb);
     72
     73/* Driver-local specific stuff */
     74struct chaoskey {
     75	struct usb_interface *interface;
     76	char in_ep;
     77	struct mutex lock;
     78	struct mutex rng_lock;
     79	int open;			/* open count */
     80	bool present;			/* device not disconnected */
     81	bool reading;			/* ongoing IO */
     82	bool reads_started;		/* track first read for Alea */
     83	int size;			/* size of buf */
     84	int valid;			/* bytes of buf read */
     85	int used;			/* bytes of buf consumed */
     86	char *name;			/* product + serial */
     87	struct hwrng hwrng;		/* Embedded struct for hwrng */
     88	int hwrng_registered;		/* registered with hwrng API */
     89	wait_queue_head_t wait_q;	/* for timeouts */
     90	struct urb *urb;		/* for performing IO */
     91	char *buf;
     92};
     93
     94static void chaoskey_free(struct chaoskey *dev)
     95{
     96	if (dev) {
     97		usb_dbg(dev->interface, "free");
     98		usb_free_urb(dev->urb);
     99		kfree(dev->name);
    100		kfree(dev->buf);
    101		usb_put_intf(dev->interface);
    102		kfree(dev);
    103	}
    104}
    105
    106static int chaoskey_probe(struct usb_interface *interface,
    107			  const struct usb_device_id *id)
    108{
    109	struct usb_device *udev = interface_to_usbdev(interface);
    110	struct usb_host_interface *altsetting = interface->cur_altsetting;
    111	struct usb_endpoint_descriptor *epd;
    112	int in_ep;
    113	struct chaoskey *dev;
    114	int result = -ENOMEM;
    115	int size;
    116	int res;
    117
    118	usb_dbg(interface, "probe %s-%s", udev->product, udev->serial);
    119
    120	/* Find the first bulk IN endpoint and its packet size */
    121	res = usb_find_bulk_in_endpoint(altsetting, &epd);
    122	if (res) {
    123		usb_dbg(interface, "no IN endpoint found");
    124		return res;
    125	}
    126
    127	in_ep = usb_endpoint_num(epd);
    128	size = usb_endpoint_maxp(epd);
    129
    130	/* Validate endpoint and size */
    131	if (size <= 0) {
    132		usb_dbg(interface, "invalid size (%d)", size);
    133		return -ENODEV;
    134	}
    135
    136	if (size > CHAOSKEY_BUF_LEN) {
    137		usb_dbg(interface, "size reduced from %d to %d\n",
    138			size, CHAOSKEY_BUF_LEN);
    139		size = CHAOSKEY_BUF_LEN;
    140	}
    141
    142	/* Looks good, allocate and initialize */
    143
    144	dev = kzalloc(sizeof(struct chaoskey), GFP_KERNEL);
    145
    146	if (dev == NULL)
    147		goto out;
    148
    149	dev->interface = usb_get_intf(interface);
    150
    151	dev->buf = kmalloc(size, GFP_KERNEL);
    152
    153	if (dev->buf == NULL)
    154		goto out;
    155
    156	dev->urb = usb_alloc_urb(0, GFP_KERNEL);
    157
    158	if (!dev->urb)
    159		goto out;
    160
    161	usb_fill_bulk_urb(dev->urb,
    162		udev,
    163		usb_rcvbulkpipe(udev, in_ep),
    164		dev->buf,
    165		size,
    166		chaos_read_callback,
    167		dev);
    168
    169	/* Construct a name using the product and serial values. Each
    170	 * device needs a unique name for the hwrng code
    171	 */
    172
    173	if (udev->product && udev->serial) {
    174		dev->name = kasprintf(GFP_KERNEL, "%s-%s", udev->product,
    175				      udev->serial);
    176		if (dev->name == NULL)
    177			goto out;
    178	}
    179
    180	dev->in_ep = in_ep;
    181
    182	if (le16_to_cpu(udev->descriptor.idVendor) != ALEA_VENDOR_ID)
    183		dev->reads_started = true;
    184
    185	dev->size = size;
    186	dev->present = true;
    187
    188	init_waitqueue_head(&dev->wait_q);
    189
    190	mutex_init(&dev->lock);
    191	mutex_init(&dev->rng_lock);
    192
    193	usb_set_intfdata(interface, dev);
    194
    195	result = usb_register_dev(interface, &chaoskey_class);
    196	if (result) {
    197		usb_err(interface, "Unable to allocate minor number.");
    198		goto out;
    199	}
    200
    201	dev->hwrng.name = dev->name ? dev->name : chaoskey_driver.name;
    202	dev->hwrng.read = chaoskey_rng_read;
    203	dev->hwrng.quality = 1024;
    204
    205	dev->hwrng_registered = (hwrng_register(&dev->hwrng) == 0);
    206	if (!dev->hwrng_registered)
    207		usb_err(interface, "Unable to register with hwrng");
    208
    209	usb_enable_autosuspend(udev);
    210
    211	usb_dbg(interface, "chaoskey probe success, size %d", dev->size);
    212	return 0;
    213
    214out:
    215	usb_set_intfdata(interface, NULL);
    216	chaoskey_free(dev);
    217	return result;
    218}
    219
    220static void chaoskey_disconnect(struct usb_interface *interface)
    221{
    222	struct chaoskey	*dev;
    223
    224	usb_dbg(interface, "disconnect");
    225	dev = usb_get_intfdata(interface);
    226	if (!dev) {
    227		usb_dbg(interface, "disconnect failed - no dev");
    228		return;
    229	}
    230
    231	if (dev->hwrng_registered)
    232		hwrng_unregister(&dev->hwrng);
    233
    234	usb_deregister_dev(interface, &chaoskey_class);
    235
    236	usb_set_intfdata(interface, NULL);
    237	mutex_lock(&dev->lock);
    238
    239	dev->present = false;
    240	usb_poison_urb(dev->urb);
    241
    242	if (!dev->open) {
    243		mutex_unlock(&dev->lock);
    244		chaoskey_free(dev);
    245	} else
    246		mutex_unlock(&dev->lock);
    247
    248	usb_dbg(interface, "disconnect done");
    249}
    250
    251static int chaoskey_open(struct inode *inode, struct file *file)
    252{
    253	struct chaoskey *dev;
    254	struct usb_interface *interface;
    255
    256	/* get the interface from minor number and driver information */
    257	interface = usb_find_interface(&chaoskey_driver, iminor(inode));
    258	if (!interface)
    259		return -ENODEV;
    260
    261	usb_dbg(interface, "open");
    262
    263	dev = usb_get_intfdata(interface);
    264	if (!dev) {
    265		usb_dbg(interface, "open (dev)");
    266		return -ENODEV;
    267	}
    268
    269	file->private_data = dev;
    270	mutex_lock(&dev->lock);
    271	++dev->open;
    272	mutex_unlock(&dev->lock);
    273
    274	usb_dbg(interface, "open success");
    275	return 0;
    276}
    277
    278static int chaoskey_release(struct inode *inode, struct file *file)
    279{
    280	struct chaoskey *dev = file->private_data;
    281	struct usb_interface *interface;
    282
    283	if (dev == NULL)
    284		return -ENODEV;
    285
    286	interface = dev->interface;
    287
    288	usb_dbg(interface, "release");
    289
    290	mutex_lock(&dev->lock);
    291
    292	usb_dbg(interface, "open count at release is %d", dev->open);
    293
    294	if (dev->open <= 0) {
    295		usb_dbg(interface, "invalid open count (%d)", dev->open);
    296		mutex_unlock(&dev->lock);
    297		return -ENODEV;
    298	}
    299
    300	--dev->open;
    301
    302	if (!dev->present) {
    303		if (dev->open == 0) {
    304			mutex_unlock(&dev->lock);
    305			chaoskey_free(dev);
    306		} else
    307			mutex_unlock(&dev->lock);
    308	} else
    309		mutex_unlock(&dev->lock);
    310
    311	usb_dbg(interface, "release success");
    312	return 0;
    313}
    314
    315static void chaos_read_callback(struct urb *urb)
    316{
    317	struct chaoskey *dev = urb->context;
    318	int status = urb->status;
    319
    320	usb_dbg(dev->interface, "callback status (%d)", status);
    321
    322	if (status == 0)
    323		dev->valid = urb->actual_length;
    324	else
    325		dev->valid = 0;
    326
    327	dev->used = 0;
    328
    329	/* must be seen first before validity is announced */
    330	smp_wmb();
    331
    332	dev->reading = false;
    333	wake_up(&dev->wait_q);
    334}
    335
    336/* Fill the buffer. Called with dev->lock held
    337 */
    338static int _chaoskey_fill(struct chaoskey *dev)
    339{
    340	DEFINE_WAIT(wait);
    341	int result;
    342	bool started;
    343
    344	usb_dbg(dev->interface, "fill");
    345
    346	/* Return immediately if someone called before the buffer was
    347	 * empty */
    348	if (dev->valid != dev->used) {
    349		usb_dbg(dev->interface, "not empty yet (valid %d used %d)",
    350			dev->valid, dev->used);
    351		return 0;
    352	}
    353
    354	/* Bail if the device has been removed */
    355	if (!dev->present) {
    356		usb_dbg(dev->interface, "device not present");
    357		return -ENODEV;
    358	}
    359
    360	/* Make sure the device is awake */
    361	result = usb_autopm_get_interface(dev->interface);
    362	if (result) {
    363		usb_dbg(dev->interface, "wakeup failed (result %d)", result);
    364		return result;
    365	}
    366
    367	dev->reading = true;
    368	result = usb_submit_urb(dev->urb, GFP_KERNEL);
    369	if (result < 0) {
    370		result = usb_translate_errors(result);
    371		dev->reading = false;
    372		goto out;
    373	}
    374
    375	/* The first read on the Alea takes a little under 2 seconds.
    376	 * Reads after the first read take only a few microseconds
    377	 * though.  Presumably the entropy-generating circuit needs
    378	 * time to ramp up.  So, we wait longer on the first read.
    379	 */
    380	started = dev->reads_started;
    381	dev->reads_started = true;
    382	result = wait_event_interruptible_timeout(
    383		dev->wait_q,
    384		!dev->reading,
    385		(started ? NAK_TIMEOUT : ALEA_FIRST_TIMEOUT) );
    386
    387	if (result < 0) {
    388		usb_kill_urb(dev->urb);
    389		goto out;
    390	}
    391
    392	if (result == 0) {
    393		result = -ETIMEDOUT;
    394		usb_kill_urb(dev->urb);
    395	} else {
    396		result = dev->valid;
    397	}
    398out:
    399	/* Let the device go back to sleep eventually */
    400	usb_autopm_put_interface(dev->interface);
    401
    402	usb_dbg(dev->interface, "read %d bytes", dev->valid);
    403
    404	return result;
    405}
    406
    407static ssize_t chaoskey_read(struct file *file,
    408			     char __user *buffer,
    409			     size_t count,
    410			     loff_t *ppos)
    411{
    412	struct chaoskey *dev;
    413	ssize_t read_count = 0;
    414	int this_time;
    415	int result = 0;
    416	unsigned long remain;
    417
    418	dev = file->private_data;
    419
    420	if (dev == NULL || !dev->present)
    421		return -ENODEV;
    422
    423	usb_dbg(dev->interface, "read %zu", count);
    424
    425	while (count > 0) {
    426
    427		/* Grab the rng_lock briefly to ensure that the hwrng interface
    428		 * gets priority over other user access
    429		 */
    430		result = mutex_lock_interruptible(&dev->rng_lock);
    431		if (result)
    432			goto bail;
    433		mutex_unlock(&dev->rng_lock);
    434
    435		result = mutex_lock_interruptible(&dev->lock);
    436		if (result)
    437			goto bail;
    438		if (dev->valid == dev->used) {
    439			result = _chaoskey_fill(dev);
    440			if (result < 0) {
    441				mutex_unlock(&dev->lock);
    442				goto bail;
    443			}
    444		}
    445
    446		this_time = dev->valid - dev->used;
    447		if (this_time > count)
    448			this_time = count;
    449
    450		remain = copy_to_user(buffer, dev->buf + dev->used, this_time);
    451		if (remain) {
    452			result = -EFAULT;
    453
    454			/* Consume the bytes that were copied so we don't leak
    455			 * data to user space
    456			 */
    457			dev->used += this_time - remain;
    458			mutex_unlock(&dev->lock);
    459			goto bail;
    460		}
    461
    462		count -= this_time;
    463		read_count += this_time;
    464		buffer += this_time;
    465		dev->used += this_time;
    466		mutex_unlock(&dev->lock);
    467	}
    468bail:
    469	if (read_count) {
    470		usb_dbg(dev->interface, "read %zu bytes", read_count);
    471		return read_count;
    472	}
    473	usb_dbg(dev->interface, "empty read, result %d", result);
    474	if (result == -ETIMEDOUT)
    475		result = -EAGAIN;
    476	return result;
    477}
    478
    479static int chaoskey_rng_read(struct hwrng *rng, void *data,
    480			     size_t max, bool wait)
    481{
    482	struct chaoskey *dev = container_of(rng, struct chaoskey, hwrng);
    483	int this_time;
    484
    485	usb_dbg(dev->interface, "rng_read max %zu wait %d", max, wait);
    486
    487	if (!dev->present) {
    488		usb_dbg(dev->interface, "device not present");
    489		return 0;
    490	}
    491
    492	/* Hold the rng_lock until we acquire the device lock so that
    493	 * this operation gets priority over other user access to the
    494	 * device
    495	 */
    496	mutex_lock(&dev->rng_lock);
    497
    498	mutex_lock(&dev->lock);
    499
    500	mutex_unlock(&dev->rng_lock);
    501
    502	/* Try to fill the buffer if empty. It doesn't actually matter
    503	 * if _chaoskey_fill works; we'll just return zero bytes as
    504	 * the buffer will still be empty
    505	 */
    506	if (dev->valid == dev->used)
    507		(void) _chaoskey_fill(dev);
    508
    509	this_time = dev->valid - dev->used;
    510	if (this_time > max)
    511		this_time = max;
    512
    513	memcpy(data, dev->buf + dev->used, this_time);
    514
    515	dev->used += this_time;
    516
    517	mutex_unlock(&dev->lock);
    518
    519	usb_dbg(dev->interface, "rng_read this_time %d\n", this_time);
    520	return this_time;
    521}
    522
    523#ifdef CONFIG_PM
    524static int chaoskey_suspend(struct usb_interface *interface,
    525			    pm_message_t message)
    526{
    527	usb_dbg(interface, "suspend");
    528	return 0;
    529}
    530
    531static int chaoskey_resume(struct usb_interface *interface)
    532{
    533	struct chaoskey *dev;
    534	struct usb_device *udev = interface_to_usbdev(interface);
    535
    536	usb_dbg(interface, "resume");
    537	dev = usb_get_intfdata(interface);
    538
    539	/*
    540	 * We may have lost power.
    541	 * In that case the device that needs a long time
    542	 * for the first requests needs an extended timeout
    543	 * again
    544	 */
    545	if (le16_to_cpu(udev->descriptor.idVendor) == ALEA_VENDOR_ID)
    546		dev->reads_started = false;
    547
    548	return 0;
    549}
    550#else
    551#define chaoskey_suspend NULL
    552#define chaoskey_resume NULL
    553#endif
    554
    555/* file operation pointers */
    556static const struct file_operations chaoskey_fops = {
    557	.owner = THIS_MODULE,
    558	.read = chaoskey_read,
    559	.open = chaoskey_open,
    560	.release = chaoskey_release,
    561	.llseek = default_llseek,
    562};
    563
    564/* class driver information */
    565static struct usb_class_driver chaoskey_class = {
    566	.name = "chaoskey%d",
    567	.fops = &chaoskey_fops,
    568	.minor_base = USB_CHAOSKEY_MINOR_BASE,
    569};
    570
    571/* usb specific object needed to register this driver with the usb subsystem */
    572static struct usb_driver chaoskey_driver = {
    573	.name = DRIVER_SHORT,
    574	.probe = chaoskey_probe,
    575	.disconnect = chaoskey_disconnect,
    576	.suspend = chaoskey_suspend,
    577	.resume = chaoskey_resume,
    578	.reset_resume = chaoskey_resume,
    579	.id_table = chaoskey_table,
    580	.supports_autosuspend = 1,
    581};
    582
    583module_usb_driver(chaoskey_driver);
    584