1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright IBM Corp. 2001, 2018
4 * Author(s): Robert Burroughs
5 * Eric Rossman (edrossma@us.ibm.com)
6 * Cornelia Huck <cornelia.huck@de.ibm.com>
7 *
8 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com)
9 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com>
10 * Ralph Wuerthner <rwuerthn@de.ibm.com>
11 * MSGTYPE restruct: Holger Dengler <hd@linux.vnet.ibm.com>
12 * Multiple device nodes: Harald Freudenberger <freude@linux.ibm.com>
13 */
14
15 #include <linux/module.h>
16 #include <linux/init.h>
17 #include <linux/interrupt.h>
18 #include <linux/miscdevice.h>
19 #include <linux/fs.h>
20 #include <linux/compat.h>
21 #include <linux/slab.h>
22 #include <linux/atomic.h>
23 #include <linux/uaccess.h>
24 #include <linux/hw_random.h>
25 #include <linux/debugfs.h>
26 #include <linux/cdev.h>
27 #include <linux/ctype.h>
28 #include <linux/capability.h>
29 #include <asm/debug.h>
30
31 #define CREATE_TRACE_POINTS
32 #include <asm/trace/zcrypt.h>
33
34 #include "zcrypt_api.h"
35 #include "zcrypt_debug.h"
36
37 #include "zcrypt_msgtype6.h"
38 #include "zcrypt_msgtype50.h"
39 #include "zcrypt_ccamisc.h"
40 #include "zcrypt_ep11misc.h"
41
42 /*
43 * Module description.
44 */
45 MODULE_AUTHOR("IBM Corporation");
46 MODULE_DESCRIPTION("Cryptographic Coprocessor interface, " \
47 "Copyright IBM Corp. 2001, 2012");
48 MODULE_LICENSE("GPL");
49
50 /*
51 * zcrypt tracepoint functions
52 */
53 EXPORT_TRACEPOINT_SYMBOL(s390_zcrypt_req);
54 EXPORT_TRACEPOINT_SYMBOL(s390_zcrypt_rep);
55
56 static int zcrypt_hwrng_seed = 1;
57 module_param_named(hwrng_seed, zcrypt_hwrng_seed, int, 0440);
58 MODULE_PARM_DESC(hwrng_seed, "Turn on/off hwrng auto seed, default is 1 (on).");
59
60 DEFINE_SPINLOCK(zcrypt_list_lock);
61 LIST_HEAD(zcrypt_card_list);
62
63 static atomic_t zcrypt_open_count = ATOMIC_INIT(0);
64 static atomic_t zcrypt_rescan_count = ATOMIC_INIT(0);
65
66 atomic_t zcrypt_rescan_req = ATOMIC_INIT(0);
67 EXPORT_SYMBOL(zcrypt_rescan_req);
68
69 static LIST_HEAD(zcrypt_ops_list);
70
71 /* Zcrypt related debug feature stuff. */
72 debug_info_t *zcrypt_dbf_info;
73
74 /*
75 * Process a rescan of the transport layer.
76 *
77 * Returns 1, if the rescan has been processed, otherwise 0.
78 */
zcrypt_process_rescan(void)79 static inline int zcrypt_process_rescan(void)
80 {
81 if (atomic_read(&zcrypt_rescan_req)) {
82 atomic_set(&zcrypt_rescan_req, 0);
83 atomic_inc(&zcrypt_rescan_count);
84 ap_bus_force_rescan();
85 ZCRYPT_DBF_INFO("%s rescan count=%07d\n", __func__,
86 atomic_inc_return(&zcrypt_rescan_count));
87 return 1;
88 }
89 return 0;
90 }
91
zcrypt_msgtype_register(struct zcrypt_ops * zops)92 void zcrypt_msgtype_register(struct zcrypt_ops *zops)
93 {
94 list_add_tail(&zops->list, &zcrypt_ops_list);
95 }
96
zcrypt_msgtype_unregister(struct zcrypt_ops * zops)97 void zcrypt_msgtype_unregister(struct zcrypt_ops *zops)
98 {
99 list_del_init(&zops->list);
100 }
101
zcrypt_msgtype(unsigned char * name,int variant)102 struct zcrypt_ops *zcrypt_msgtype(unsigned char *name, int variant)
103 {
104 struct zcrypt_ops *zops;
105
106 list_for_each_entry(zops, &zcrypt_ops_list, list)
107 if ((zops->variant == variant) &&
108 (!strncmp(zops->name, name, sizeof(zops->name))))
109 return zops;
110 return NULL;
111 }
112 EXPORT_SYMBOL(zcrypt_msgtype);
113
114 /*
115 * Multi device nodes extension functions.
116 */
117
118 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES
119
120 struct zcdn_device;
121
122 static struct class *zcrypt_class;
123 static dev_t zcrypt_devt;
124 static struct cdev zcrypt_cdev;
125
126 struct zcdn_device {
127 struct device device;
128 struct ap_perms perms;
129 };
130
131 #define to_zcdn_dev(x) container_of((x), struct zcdn_device, device)
132
133 #define ZCDN_MAX_NAME 32
134
135 static int zcdn_create(const char *name);
136 static int zcdn_destroy(const char *name);
137
138 /*
139 * Find zcdn device by name.
140 * Returns reference to the zcdn device which needs to be released
141 * with put_device() after use.
142 */
find_zcdndev_by_name(const char * name)143 static inline struct zcdn_device *find_zcdndev_by_name(const char *name)
144 {
145 struct device *dev = class_find_device_by_name(zcrypt_class, name);
146
147 return dev ? to_zcdn_dev(dev) : NULL;
148 }
149
150 /*
151 * Find zcdn device by devt value.
152 * Returns reference to the zcdn device which needs to be released
153 * with put_device() after use.
154 */
find_zcdndev_by_devt(dev_t devt)155 static inline struct zcdn_device *find_zcdndev_by_devt(dev_t devt)
156 {
157 struct device *dev = class_find_device_by_devt(zcrypt_class, devt);
158
159 return dev ? to_zcdn_dev(dev) : NULL;
160 }
161
ioctlmask_show(struct device * dev,struct device_attribute * attr,char * buf)162 static ssize_t ioctlmask_show(struct device *dev,
163 struct device_attribute *attr,
164 char *buf)
165 {
166 int i, rc;
167 struct zcdn_device *zcdndev = to_zcdn_dev(dev);
168
169 if (mutex_lock_interruptible(&ap_perms_mutex))
170 return -ERESTARTSYS;
171
172 buf[0] = '0';
173 buf[1] = 'x';
174 for (i = 0; i < sizeof(zcdndev->perms.ioctlm) / sizeof(long); i++)
175 snprintf(buf + 2 + 2 * i * sizeof(long),
176 PAGE_SIZE - 2 - 2 * i * sizeof(long),
177 "%016lx", zcdndev->perms.ioctlm[i]);
178 buf[2 + 2 * i * sizeof(long)] = '\n';
179 buf[2 + 2 * i * sizeof(long) + 1] = '\0';
180 rc = 2 + 2 * i * sizeof(long) + 1;
181
182 mutex_unlock(&ap_perms_mutex);
183
184 return rc;
185 }
186
ioctlmask_store(struct device * dev,struct device_attribute * attr,const char * buf,size_t count)187 static ssize_t ioctlmask_store(struct device *dev,
188 struct device_attribute *attr,
189 const char *buf, size_t count)
190 {
191 int rc;
192 struct zcdn_device *zcdndev = to_zcdn_dev(dev);
193
194 rc = ap_parse_mask_str(buf, zcdndev->perms.ioctlm,
195 AP_IOCTLS, &ap_perms_mutex);
196 if (rc)
197 return rc;
198
199 return count;
200 }
201
202 static DEVICE_ATTR_RW(ioctlmask);
203
apmask_show(struct device * dev,struct device_attribute * attr,char * buf)204 static ssize_t apmask_show(struct device *dev,
205 struct device_attribute *attr,
206 char *buf)
207 {
208 int i, rc;
209 struct zcdn_device *zcdndev = to_zcdn_dev(dev);
210
211 if (mutex_lock_interruptible(&ap_perms_mutex))
212 return -ERESTARTSYS;
213
214 buf[0] = '0';
215 buf[1] = 'x';
216 for (i = 0; i < sizeof(zcdndev->perms.apm) / sizeof(long); i++)
217 snprintf(buf + 2 + 2 * i * sizeof(long),
218 PAGE_SIZE - 2 - 2 * i * sizeof(long),
219 "%016lx", zcdndev->perms.apm[i]);
220 buf[2 + 2 * i * sizeof(long)] = '\n';
221 buf[2 + 2 * i * sizeof(long) + 1] = '\0';
222 rc = 2 + 2 * i * sizeof(long) + 1;
223
224 mutex_unlock(&ap_perms_mutex);
225
226 return rc;
227 }
228
apmask_store(struct device * dev,struct device_attribute * attr,const char * buf,size_t count)229 static ssize_t apmask_store(struct device *dev,
230 struct device_attribute *attr,
231 const char *buf, size_t count)
232 {
233 int rc;
234 struct zcdn_device *zcdndev = to_zcdn_dev(dev);
235
236 rc = ap_parse_mask_str(buf, zcdndev->perms.apm,
237 AP_DEVICES, &ap_perms_mutex);
238 if (rc)
239 return rc;
240
241 return count;
242 }
243
244 static DEVICE_ATTR_RW(apmask);
245
aqmask_show(struct device * dev,struct device_attribute * attr,char * buf)246 static ssize_t aqmask_show(struct device *dev,
247 struct device_attribute *attr,
248 char *buf)
249 {
250 int i, rc;
251 struct zcdn_device *zcdndev = to_zcdn_dev(dev);
252
253 if (mutex_lock_interruptible(&ap_perms_mutex))
254 return -ERESTARTSYS;
255
256 buf[0] = '0';
257 buf[1] = 'x';
258 for (i = 0; i < sizeof(zcdndev->perms.aqm) / sizeof(long); i++)
259 snprintf(buf + 2 + 2 * i * sizeof(long),
260 PAGE_SIZE - 2 - 2 * i * sizeof(long),
261 "%016lx", zcdndev->perms.aqm[i]);
262 buf[2 + 2 * i * sizeof(long)] = '\n';
263 buf[2 + 2 * i * sizeof(long) + 1] = '\0';
264 rc = 2 + 2 * i * sizeof(long) + 1;
265
266 mutex_unlock(&ap_perms_mutex);
267
268 return rc;
269 }
270
aqmask_store(struct device * dev,struct device_attribute * attr,const char * buf,size_t count)271 static ssize_t aqmask_store(struct device *dev,
272 struct device_attribute *attr,
273 const char *buf, size_t count)
274 {
275 int rc;
276 struct zcdn_device *zcdndev = to_zcdn_dev(dev);
277
278 rc = ap_parse_mask_str(buf, zcdndev->perms.aqm,
279 AP_DOMAINS, &ap_perms_mutex);
280 if (rc)
281 return rc;
282
283 return count;
284 }
285
286 static DEVICE_ATTR_RW(aqmask);
287
288 static struct attribute *zcdn_dev_attrs[] = {
289 &dev_attr_ioctlmask.attr,
290 &dev_attr_apmask.attr,
291 &dev_attr_aqmask.attr,
292 NULL
293 };
294
295 static struct attribute_group zcdn_dev_attr_group = {
296 .attrs = zcdn_dev_attrs
297 };
298
299 static const struct attribute_group *zcdn_dev_attr_groups[] = {
300 &zcdn_dev_attr_group,
301 NULL
302 };
303
zcdn_create_store(struct class * class,struct class_attribute * attr,const char * buf,size_t count)304 static ssize_t zcdn_create_store(struct class *class,
305 struct class_attribute *attr,
306 const char *buf, size_t count)
307 {
308 int rc;
309 char name[ZCDN_MAX_NAME];
310
311 strncpy(name, skip_spaces(buf), sizeof(name));
312 name[sizeof(name) - 1] = '\0';
313
314 rc = zcdn_create(strim(name));
315
316 return rc ? rc : count;
317 }
318
319 static const struct class_attribute class_attr_zcdn_create =
320 __ATTR(create, 0600, NULL, zcdn_create_store);
321
zcdn_destroy_store(struct class * class,struct class_attribute * attr,const char * buf,size_t count)322 static ssize_t zcdn_destroy_store(struct class *class,
323 struct class_attribute *attr,
324 const char *buf, size_t count)
325 {
326 int rc;
327 char name[ZCDN_MAX_NAME];
328
329 strncpy(name, skip_spaces(buf), sizeof(name));
330 name[sizeof(name) - 1] = '\0';
331
332 rc = zcdn_destroy(strim(name));
333
334 return rc ? rc : count;
335 }
336
337 static const struct class_attribute class_attr_zcdn_destroy =
338 __ATTR(destroy, 0600, NULL, zcdn_destroy_store);
339
zcdn_device_release(struct device * dev)340 static void zcdn_device_release(struct device *dev)
341 {
342 struct zcdn_device *zcdndev = to_zcdn_dev(dev);
343
344 ZCRYPT_DBF_INFO("%s releasing zcdn device %d:%d\n",
345 __func__, MAJOR(dev->devt), MINOR(dev->devt));
346
347 kfree(zcdndev);
348 }
349
zcdn_create(const char * name)350 static int zcdn_create(const char *name)
351 {
352 dev_t devt;
353 int i, rc = 0;
354 char nodename[ZCDN_MAX_NAME];
355 struct zcdn_device *zcdndev;
356
357 if (mutex_lock_interruptible(&ap_perms_mutex))
358 return -ERESTARTSYS;
359
360 /* check if device node with this name already exists */
361 if (name[0]) {
362 zcdndev = find_zcdndev_by_name(name);
363 if (zcdndev) {
364 put_device(&zcdndev->device);
365 rc = -EEXIST;
366 goto unlockout;
367 }
368 }
369
370 /* find an unused minor number */
371 for (i = 0; i < ZCRYPT_MAX_MINOR_NODES; i++) {
372 devt = MKDEV(MAJOR(zcrypt_devt), MINOR(zcrypt_devt) + i);
373 zcdndev = find_zcdndev_by_devt(devt);
374 if (zcdndev)
375 put_device(&zcdndev->device);
376 else
377 break;
378 }
379 if (i == ZCRYPT_MAX_MINOR_NODES) {
380 rc = -ENOSPC;
381 goto unlockout;
382 }
383
384 /* alloc and prepare a new zcdn device */
385 zcdndev = kzalloc(sizeof(*zcdndev), GFP_KERNEL);
386 if (!zcdndev) {
387 rc = -ENOMEM;
388 goto unlockout;
389 }
390 zcdndev->device.release = zcdn_device_release;
391 zcdndev->device.class = zcrypt_class;
392 zcdndev->device.devt = devt;
393 zcdndev->device.groups = zcdn_dev_attr_groups;
394 if (name[0])
395 strncpy(nodename, name, sizeof(nodename));
396 else
397 snprintf(nodename, sizeof(nodename),
398 ZCRYPT_NAME "_%d", (int) MINOR(devt));
399 nodename[sizeof(nodename)-1] = '\0';
400 if (dev_set_name(&zcdndev->device, nodename)) {
401 rc = -EINVAL;
402 goto unlockout;
403 }
404 rc = device_register(&zcdndev->device);
405 if (rc) {
406 put_device(&zcdndev->device);
407 goto unlockout;
408 }
409
410 ZCRYPT_DBF_INFO("%s created zcdn device %d:%d\n",
411 __func__, MAJOR(devt), MINOR(devt));
412
413 unlockout:
414 mutex_unlock(&ap_perms_mutex);
415 return rc;
416 }
417
zcdn_destroy(const char * name)418 static int zcdn_destroy(const char *name)
419 {
420 int rc = 0;
421 struct zcdn_device *zcdndev;
422
423 if (mutex_lock_interruptible(&ap_perms_mutex))
424 return -ERESTARTSYS;
425
426 /* try to find this zcdn device */
427 zcdndev = find_zcdndev_by_name(name);
428 if (!zcdndev) {
429 rc = -ENOENT;
430 goto unlockout;
431 }
432
433 /*
434 * The zcdn device is not hard destroyed. It is subject to
435 * reference counting and thus just needs to be unregistered.
436 */
437 put_device(&zcdndev->device);
438 device_unregister(&zcdndev->device);
439
440 unlockout:
441 mutex_unlock(&ap_perms_mutex);
442 return rc;
443 }
444
zcdn_destroy_all(void)445 static void zcdn_destroy_all(void)
446 {
447 int i;
448 dev_t devt;
449 struct zcdn_device *zcdndev;
450
451 mutex_lock(&ap_perms_mutex);
452 for (i = 0; i < ZCRYPT_MAX_MINOR_NODES; i++) {
453 devt = MKDEV(MAJOR(zcrypt_devt), MINOR(zcrypt_devt) + i);
454 zcdndev = find_zcdndev_by_devt(devt);
455 if (zcdndev) {
456 put_device(&zcdndev->device);
457 device_unregister(&zcdndev->device);
458 }
459 }
460 mutex_unlock(&ap_perms_mutex);
461 }
462
463 #endif
464
465 /*
466 * zcrypt_read (): Not supported beyond zcrypt 1.3.1.
467 *
468 * This function is not supported beyond zcrypt 1.3.1.
469 */
zcrypt_read(struct file * filp,char __user * buf,size_t count,loff_t * f_pos)470 static ssize_t zcrypt_read(struct file *filp, char __user *buf,
471 size_t count, loff_t *f_pos)
472 {
473 return -EPERM;
474 }
475
476 /*
477 * zcrypt_write(): Not allowed.
478 *
479 * Write is is not allowed
480 */
zcrypt_write(struct file * filp,const char __user * buf,size_t count,loff_t * f_pos)481 static ssize_t zcrypt_write(struct file *filp, const char __user *buf,
482 size_t count, loff_t *f_pos)
483 {
484 return -EPERM;
485 }
486
487 /*
488 * zcrypt_open(): Count number of users.
489 *
490 * Device open function to count number of users.
491 */
zcrypt_open(struct inode * inode,struct file * filp)492 static int zcrypt_open(struct inode *inode, struct file *filp)
493 {
494 struct ap_perms *perms = &ap_perms;
495
496 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES
497 if (filp->f_inode->i_cdev == &zcrypt_cdev) {
498 struct zcdn_device *zcdndev;
499
500 if (mutex_lock_interruptible(&ap_perms_mutex))
501 return -ERESTARTSYS;
502 zcdndev = find_zcdndev_by_devt(filp->f_inode->i_rdev);
503 /* find returns a reference, no get_device() needed */
504 mutex_unlock(&ap_perms_mutex);
505 if (zcdndev)
506 perms = &zcdndev->perms;
507 }
508 #endif
509 filp->private_data = (void *) perms;
510
511 atomic_inc(&zcrypt_open_count);
512 return stream_open(inode, filp);
513 }
514
515 /*
516 * zcrypt_release(): Count number of users.
517 *
518 * Device close function to count number of users.
519 */
zcrypt_release(struct inode * inode,struct file * filp)520 static int zcrypt_release(struct inode *inode, struct file *filp)
521 {
522 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES
523 if (filp->f_inode->i_cdev == &zcrypt_cdev) {
524 struct zcdn_device *zcdndev;
525
526 mutex_lock(&ap_perms_mutex);
527 zcdndev = find_zcdndev_by_devt(filp->f_inode->i_rdev);
528 mutex_unlock(&ap_perms_mutex);
529 if (zcdndev) {
530 /* 2 puts here: one for find, one for open */
531 put_device(&zcdndev->device);
532 put_device(&zcdndev->device);
533 }
534 }
535 #endif
536
537 atomic_dec(&zcrypt_open_count);
538 return 0;
539 }
540
zcrypt_check_ioctl(struct ap_perms * perms,unsigned int cmd)541 static inline int zcrypt_check_ioctl(struct ap_perms *perms,
542 unsigned int cmd)
543 {
544 int rc = -EPERM;
545 int ioctlnr = (cmd & _IOC_NRMASK) >> _IOC_NRSHIFT;
546
547 if (ioctlnr > 0 && ioctlnr < AP_IOCTLS) {
548 if (test_bit_inv(ioctlnr, perms->ioctlm))
549 rc = 0;
550 }
551
552 if (rc)
553 ZCRYPT_DBF_WARN("%s ioctl check failed: ioctlnr=0x%04x rc=%d\n",
554 __func__, ioctlnr, rc);
555
556 return rc;
557 }
558
zcrypt_check_card(struct ap_perms * perms,int card)559 static inline bool zcrypt_check_card(struct ap_perms *perms, int card)
560 {
561 return test_bit_inv(card, perms->apm) ? true : false;
562 }
563
zcrypt_check_queue(struct ap_perms * perms,int queue)564 static inline bool zcrypt_check_queue(struct ap_perms *perms, int queue)
565 {
566 return test_bit_inv(queue, perms->aqm) ? true : false;
567 }
568
zcrypt_pick_queue(struct zcrypt_card * zc,struct zcrypt_queue * zq,struct module ** pmod,unsigned int weight)569 static inline struct zcrypt_queue *zcrypt_pick_queue(struct zcrypt_card *zc,
570 struct zcrypt_queue *zq,
571 struct module **pmod,
572 unsigned int weight)
573 {
574 if (!zq || !try_module_get(zq->queue->ap_dev.device.driver->owner))
575 return NULL;
576 zcrypt_queue_get(zq);
577 get_device(&zq->queue->ap_dev.device);
578 atomic_add(weight, &zc->load);
579 atomic_add(weight, &zq->load);
580 zq->request_count++;
581 *pmod = zq->queue->ap_dev.device.driver->owner;
582 return zq;
583 }
584
zcrypt_drop_queue(struct zcrypt_card * zc,struct zcrypt_queue * zq,struct module * mod,unsigned int weight)585 static inline void zcrypt_drop_queue(struct zcrypt_card *zc,
586 struct zcrypt_queue *zq,
587 struct module *mod,
588 unsigned int weight)
589 {
590 zq->request_count--;
591 atomic_sub(weight, &zc->load);
592 atomic_sub(weight, &zq->load);
593 put_device(&zq->queue->ap_dev.device);
594 zcrypt_queue_put(zq);
595 module_put(mod);
596 }
597
zcrypt_card_compare(struct zcrypt_card * zc,struct zcrypt_card * pref_zc,unsigned int weight,unsigned int pref_weight)598 static inline bool zcrypt_card_compare(struct zcrypt_card *zc,
599 struct zcrypt_card *pref_zc,
600 unsigned int weight,
601 unsigned int pref_weight)
602 {
603 if (!pref_zc)
604 return true;
605 weight += atomic_read(&zc->load);
606 pref_weight += atomic_read(&pref_zc->load);
607 if (weight == pref_weight)
608 return atomic64_read(&zc->card->total_request_count) <
609 atomic64_read(&pref_zc->card->total_request_count);
610 return weight < pref_weight;
611 }
612
zcrypt_queue_compare(struct zcrypt_queue * zq,struct zcrypt_queue * pref_zq,unsigned int weight,unsigned int pref_weight)613 static inline bool zcrypt_queue_compare(struct zcrypt_queue *zq,
614 struct zcrypt_queue *pref_zq,
615 unsigned int weight,
616 unsigned int pref_weight)
617 {
618 if (!pref_zq)
619 return true;
620 weight += atomic_read(&zq->load);
621 pref_weight += atomic_read(&pref_zq->load);
622 if (weight == pref_weight)
623 return zq->queue->total_request_count <
624 pref_zq->queue->total_request_count;
625 return weight < pref_weight;
626 }
627
628 /*
629 * zcrypt ioctls.
630 */
zcrypt_rsa_modexpo(struct ap_perms * perms,struct zcrypt_track * tr,struct ica_rsa_modexpo * mex)631 static long zcrypt_rsa_modexpo(struct ap_perms *perms,
632 struct zcrypt_track *tr,
633 struct ica_rsa_modexpo *mex)
634 {
635 struct zcrypt_card *zc, *pref_zc;
636 struct zcrypt_queue *zq, *pref_zq;
637 struct ap_message ap_msg;
638 unsigned int wgt = 0, pref_wgt = 0;
639 unsigned int func_code;
640 int cpen, qpen, qid = 0, rc = -ENODEV;
641 struct module *mod;
642
643 trace_s390_zcrypt_req(mex, TP_ICARSAMODEXPO);
644
645 ap_init_message(&ap_msg);
646
647 #ifdef CONFIG_ZCRYPT_DEBUG
648 if (tr && tr->fi.cmd)
649 ap_msg.fi.cmd = tr->fi.cmd;
650 #endif
651
652 if (mex->outputdatalength < mex->inputdatalength) {
653 func_code = 0;
654 rc = -EINVAL;
655 goto out;
656 }
657
658 /*
659 * As long as outputdatalength is big enough, we can set the
660 * outputdatalength equal to the inputdatalength, since that is the
661 * number of bytes we will copy in any case
662 */
663 mex->outputdatalength = mex->inputdatalength;
664
665 rc = get_rsa_modex_fc(mex, &func_code);
666 if (rc)
667 goto out;
668
669 pref_zc = NULL;
670 pref_zq = NULL;
671 spin_lock(&zcrypt_list_lock);
672 for_each_zcrypt_card(zc) {
673 /* Check for useable accelarator or CCA card */
674 if (!zc->online || !zc->card->config ||
675 !(zc->card->functions & 0x18000000))
676 continue;
677 /* Check for size limits */
678 if (zc->min_mod_size > mex->inputdatalength ||
679 zc->max_mod_size < mex->inputdatalength)
680 continue;
681 /* check if device node has admission for this card */
682 if (!zcrypt_check_card(perms, zc->card->id))
683 continue;
684 /* get weight index of the card device */
685 wgt = zc->speed_rating[func_code];
686 /* penalty if this msg was previously sent via this card */
687 cpen = (tr && tr->again_counter && tr->last_qid &&
688 AP_QID_CARD(tr->last_qid) == zc->card->id) ?
689 TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0;
690 if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt))
691 continue;
692 for_each_zcrypt_queue(zq, zc) {
693 /* check if device is useable and eligible */
694 if (!zq->online || !zq->ops->rsa_modexpo ||
695 !zq->queue->config)
696 continue;
697 /* check if device node has admission for this queue */
698 if (!zcrypt_check_queue(perms,
699 AP_QID_QUEUE(zq->queue->qid)))
700 continue;
701 /* penalty if the msg was previously sent at this qid */
702 qpen = (tr && tr->again_counter && tr->last_qid &&
703 tr->last_qid == zq->queue->qid) ?
704 TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0;
705 if (!zcrypt_queue_compare(zq, pref_zq,
706 wgt + cpen + qpen, pref_wgt))
707 continue;
708 pref_zc = zc;
709 pref_zq = zq;
710 pref_wgt = wgt + cpen + qpen;
711 }
712 }
713 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
714 spin_unlock(&zcrypt_list_lock);
715
716 if (!pref_zq) {
717 rc = -ENODEV;
718 goto out;
719 }
720
721 qid = pref_zq->queue->qid;
722 rc = pref_zq->ops->rsa_modexpo(pref_zq, mex, &ap_msg);
723
724 spin_lock(&zcrypt_list_lock);
725 zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
726 spin_unlock(&zcrypt_list_lock);
727
728 out:
729 ap_release_message(&ap_msg);
730 if (tr) {
731 tr->last_rc = rc;
732 tr->last_qid = qid;
733 }
734 trace_s390_zcrypt_rep(mex, func_code, rc,
735 AP_QID_CARD(qid), AP_QID_QUEUE(qid));
736 return rc;
737 }
738
zcrypt_rsa_crt(struct ap_perms * perms,struct zcrypt_track * tr,struct ica_rsa_modexpo_crt * crt)739 static long zcrypt_rsa_crt(struct ap_perms *perms,
740 struct zcrypt_track *tr,
741 struct ica_rsa_modexpo_crt *crt)
742 {
743 struct zcrypt_card *zc, *pref_zc;
744 struct zcrypt_queue *zq, *pref_zq;
745 struct ap_message ap_msg;
746 unsigned int wgt = 0, pref_wgt = 0;
747 unsigned int func_code;
748 int cpen, qpen, qid = 0, rc = -ENODEV;
749 struct module *mod;
750
751 trace_s390_zcrypt_req(crt, TP_ICARSACRT);
752
753 ap_init_message(&ap_msg);
754
755 #ifdef CONFIG_ZCRYPT_DEBUG
756 if (tr && tr->fi.cmd)
757 ap_msg.fi.cmd = tr->fi.cmd;
758 #endif
759
760 if (crt->outputdatalength < crt->inputdatalength) {
761 func_code = 0;
762 rc = -EINVAL;
763 goto out;
764 }
765
766 /*
767 * As long as outputdatalength is big enough, we can set the
768 * outputdatalength equal to the inputdatalength, since that is the
769 * number of bytes we will copy in any case
770 */
771 crt->outputdatalength = crt->inputdatalength;
772
773 rc = get_rsa_crt_fc(crt, &func_code);
774 if (rc)
775 goto out;
776
777 pref_zc = NULL;
778 pref_zq = NULL;
779 spin_lock(&zcrypt_list_lock);
780 for_each_zcrypt_card(zc) {
781 /* Check for useable accelarator or CCA card */
782 if (!zc->online || !zc->card->config ||
783 !(zc->card->functions & 0x18000000))
784 continue;
785 /* Check for size limits */
786 if (zc->min_mod_size > crt->inputdatalength ||
787 zc->max_mod_size < crt->inputdatalength)
788 continue;
789 /* check if device node has admission for this card */
790 if (!zcrypt_check_card(perms, zc->card->id))
791 continue;
792 /* get weight index of the card device */
793 wgt = zc->speed_rating[func_code];
794 /* penalty if this msg was previously sent via this card */
795 cpen = (tr && tr->again_counter && tr->last_qid &&
796 AP_QID_CARD(tr->last_qid) == zc->card->id) ?
797 TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0;
798 if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt))
799 continue;
800 for_each_zcrypt_queue(zq, zc) {
801 /* check if device is useable and eligible */
802 if (!zq->online || !zq->ops->rsa_modexpo_crt ||
803 !zq->queue->config)
804 continue;
805 /* check if device node has admission for this queue */
806 if (!zcrypt_check_queue(perms,
807 AP_QID_QUEUE(zq->queue->qid)))
808 continue;
809 /* penalty if the msg was previously sent at this qid */
810 qpen = (tr && tr->again_counter && tr->last_qid &&
811 tr->last_qid == zq->queue->qid) ?
812 TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0;
813 if (!zcrypt_queue_compare(zq, pref_zq,
814 wgt + cpen + qpen, pref_wgt))
815 continue;
816 pref_zc = zc;
817 pref_zq = zq;
818 pref_wgt = wgt + cpen + qpen;
819 }
820 }
821 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
822 spin_unlock(&zcrypt_list_lock);
823
824 if (!pref_zq) {
825 rc = -ENODEV;
826 goto out;
827 }
828
829 qid = pref_zq->queue->qid;
830 rc = pref_zq->ops->rsa_modexpo_crt(pref_zq, crt, &ap_msg);
831
832 spin_lock(&zcrypt_list_lock);
833 zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
834 spin_unlock(&zcrypt_list_lock);
835
836 out:
837 ap_release_message(&ap_msg);
838 if (tr) {
839 tr->last_rc = rc;
840 tr->last_qid = qid;
841 }
842 trace_s390_zcrypt_rep(crt, func_code, rc,
843 AP_QID_CARD(qid), AP_QID_QUEUE(qid));
844 return rc;
845 }
846
_zcrypt_send_cprb(bool userspace,struct ap_perms * perms,struct zcrypt_track * tr,struct ica_xcRB * xcRB)847 static long _zcrypt_send_cprb(bool userspace, struct ap_perms *perms,
848 struct zcrypt_track *tr,
849 struct ica_xcRB *xcRB)
850 {
851 struct zcrypt_card *zc, *pref_zc;
852 struct zcrypt_queue *zq, *pref_zq;
853 struct ap_message ap_msg;
854 unsigned int wgt = 0, pref_wgt = 0;
855 unsigned int func_code;
856 unsigned short *domain, tdom;
857 int cpen, qpen, qid = 0, rc = -ENODEV;
858 struct module *mod;
859
860 trace_s390_zcrypt_req(xcRB, TB_ZSECSENDCPRB);
861
862 xcRB->status = 0;
863 ap_init_message(&ap_msg);
864
865 #ifdef CONFIG_ZCRYPT_DEBUG
866 if (tr && tr->fi.cmd)
867 ap_msg.fi.cmd = tr->fi.cmd;
868 if (tr && tr->fi.action == AP_FI_ACTION_CCA_AGENT_FF) {
869 ZCRYPT_DBF_WARN("%s fi cmd 0x%04x: forcing invalid agent_ID 'FF'\n",
870 __func__, tr->fi.cmd);
871 xcRB->agent_ID = 0x4646;
872 }
873 #endif
874
875 rc = get_cprb_fc(userspace, xcRB, &ap_msg, &func_code, &domain);
876 if (rc)
877 goto out;
878
879 /*
880 * If a valid target domain is set and this domain is NOT a usage
881 * domain but a control only domain, use the default domain as target.
882 */
883 tdom = *domain;
884 if (tdom < AP_DOMAINS &&
885 !ap_test_config_usage_domain(tdom) &&
886 ap_test_config_ctrl_domain(tdom) &&
887 ap_domain_index >= 0)
888 tdom = ap_domain_index;
889
890 pref_zc = NULL;
891 pref_zq = NULL;
892 spin_lock(&zcrypt_list_lock);
893 for_each_zcrypt_card(zc) {
894 /* Check for useable CCA card */
895 if (!zc->online || !zc->card->config ||
896 !(zc->card->functions & 0x10000000))
897 continue;
898 /* Check for user selected CCA card */
899 if (xcRB->user_defined != AUTOSELECT &&
900 xcRB->user_defined != zc->card->id)
901 continue;
902 /* check if request size exceeds card max msg size */
903 if (ap_msg.len > zc->card->maxmsgsize)
904 continue;
905 /* check if device node has admission for this card */
906 if (!zcrypt_check_card(perms, zc->card->id))
907 continue;
908 /* get weight index of the card device */
909 wgt = speed_idx_cca(func_code) * zc->speed_rating[SECKEY];
910 /* penalty if this msg was previously sent via this card */
911 cpen = (tr && tr->again_counter && tr->last_qid &&
912 AP_QID_CARD(tr->last_qid) == zc->card->id) ?
913 TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0;
914 if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt))
915 continue;
916 for_each_zcrypt_queue(zq, zc) {
917 /* check for device useable and eligible */
918 if (!zq->online ||
919 !zq->ops->send_cprb ||
920 !zq->queue->config ||
921 (tdom != AUTOSEL_DOM &&
922 tdom != AP_QID_QUEUE(zq->queue->qid)))
923 continue;
924 /* check if device node has admission for this queue */
925 if (!zcrypt_check_queue(perms,
926 AP_QID_QUEUE(zq->queue->qid)))
927 continue;
928 /* penalty if the msg was previously sent at this qid */
929 qpen = (tr && tr->again_counter && tr->last_qid &&
930 tr->last_qid == zq->queue->qid) ?
931 TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0;
932 if (!zcrypt_queue_compare(zq, pref_zq,
933 wgt + cpen + qpen, pref_wgt))
934 continue;
935 pref_zc = zc;
936 pref_zq = zq;
937 pref_wgt = wgt + cpen + qpen;
938 }
939 }
940 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
941 spin_unlock(&zcrypt_list_lock);
942
943 if (!pref_zq) {
944 rc = -ENODEV;
945 goto out;
946 }
947
948 /* in case of auto select, provide the correct domain */
949 qid = pref_zq->queue->qid;
950 if (*domain == AUTOSEL_DOM)
951 *domain = AP_QID_QUEUE(qid);
952
953 #ifdef CONFIG_ZCRYPT_DEBUG
954 if (tr && tr->fi.action == AP_FI_ACTION_CCA_DOM_INVAL) {
955 ZCRYPT_DBF_WARN("%s fi cmd 0x%04x: forcing invalid domain\n",
956 __func__, tr->fi.cmd);
957 *domain = 99;
958 }
959 #endif
960
961 rc = pref_zq->ops->send_cprb(userspace, pref_zq, xcRB, &ap_msg);
962
963 spin_lock(&zcrypt_list_lock);
964 zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
965 spin_unlock(&zcrypt_list_lock);
966
967 out:
968 ap_release_message(&ap_msg);
969 if (tr) {
970 tr->last_rc = rc;
971 tr->last_qid = qid;
972 }
973 trace_s390_zcrypt_rep(xcRB, func_code, rc,
974 AP_QID_CARD(qid), AP_QID_QUEUE(qid));
975 return rc;
976 }
977
zcrypt_send_cprb(struct ica_xcRB * xcRB)978 long zcrypt_send_cprb(struct ica_xcRB *xcRB)
979 {
980 return _zcrypt_send_cprb(false, &ap_perms, NULL, xcRB);
981 }
982 EXPORT_SYMBOL(zcrypt_send_cprb);
983
is_desired_ep11_card(unsigned int dev_id,unsigned short target_num,struct ep11_target_dev * targets)984 static bool is_desired_ep11_card(unsigned int dev_id,
985 unsigned short target_num,
986 struct ep11_target_dev *targets)
987 {
988 while (target_num-- > 0) {
989 if (targets->ap_id == dev_id || targets->ap_id == AUTOSEL_AP)
990 return true;
991 targets++;
992 }
993 return false;
994 }
995
is_desired_ep11_queue(unsigned int dev_qid,unsigned short target_num,struct ep11_target_dev * targets)996 static bool is_desired_ep11_queue(unsigned int dev_qid,
997 unsigned short target_num,
998 struct ep11_target_dev *targets)
999 {
1000 int card = AP_QID_CARD(dev_qid), dom = AP_QID_QUEUE(dev_qid);
1001
1002 while (target_num-- > 0) {
1003 if ((targets->ap_id == card || targets->ap_id == AUTOSEL_AP) &&
1004 (targets->dom_id == dom || targets->dom_id == AUTOSEL_DOM))
1005 return true;
1006 targets++;
1007 }
1008 return false;
1009 }
1010
_zcrypt_send_ep11_cprb(bool userspace,struct ap_perms * perms,struct zcrypt_track * tr,struct ep11_urb * xcrb)1011 static long _zcrypt_send_ep11_cprb(bool userspace, struct ap_perms *perms,
1012 struct zcrypt_track *tr,
1013 struct ep11_urb *xcrb)
1014 {
1015 struct zcrypt_card *zc, *pref_zc;
1016 struct zcrypt_queue *zq, *pref_zq;
1017 struct ep11_target_dev *targets;
1018 unsigned short target_num;
1019 unsigned int wgt = 0, pref_wgt = 0;
1020 unsigned int func_code;
1021 struct ap_message ap_msg;
1022 int cpen, qpen, qid = 0, rc = -ENODEV;
1023 struct module *mod;
1024
1025 trace_s390_zcrypt_req(xcrb, TP_ZSENDEP11CPRB);
1026
1027 ap_init_message(&ap_msg);
1028
1029 #ifdef CONFIG_ZCRYPT_DEBUG
1030 if (tr && tr->fi.cmd)
1031 ap_msg.fi.cmd = tr->fi.cmd;
1032 #endif
1033
1034 target_num = (unsigned short) xcrb->targets_num;
1035
1036 /* empty list indicates autoselect (all available targets) */
1037 targets = NULL;
1038 if (target_num != 0) {
1039 struct ep11_target_dev __user *uptr;
1040
1041 targets = kcalloc(target_num, sizeof(*targets), GFP_KERNEL);
1042 if (!targets) {
1043 func_code = 0;
1044 rc = -ENOMEM;
1045 goto out;
1046 }
1047
1048 uptr = (struct ep11_target_dev __force __user *) xcrb->targets;
1049 if (z_copy_from_user(userspace, targets, uptr,
1050 target_num * sizeof(*targets))) {
1051 func_code = 0;
1052 rc = -EFAULT;
1053 goto out_free;
1054 }
1055 }
1056
1057 rc = get_ep11cprb_fc(userspace, xcrb, &ap_msg, &func_code);
1058 if (rc)
1059 goto out_free;
1060
1061 pref_zc = NULL;
1062 pref_zq = NULL;
1063 spin_lock(&zcrypt_list_lock);
1064 for_each_zcrypt_card(zc) {
1065 /* Check for useable EP11 card */
1066 if (!zc->online || !zc->card->config ||
1067 !(zc->card->functions & 0x04000000))
1068 continue;
1069 /* Check for user selected EP11 card */
1070 if (targets &&
1071 !is_desired_ep11_card(zc->card->id, target_num, targets))
1072 continue;
1073 /* check if request size exceeds card max msg size */
1074 if (ap_msg.len > zc->card->maxmsgsize)
1075 continue;
1076 /* check if device node has admission for this card */
1077 if (!zcrypt_check_card(perms, zc->card->id))
1078 continue;
1079 /* get weight index of the card device */
1080 wgt = speed_idx_ep11(func_code) * zc->speed_rating[SECKEY];
1081 /* penalty if this msg was previously sent via this card */
1082 cpen = (tr && tr->again_counter && tr->last_qid &&
1083 AP_QID_CARD(tr->last_qid) == zc->card->id) ?
1084 TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0;
1085 if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt))
1086 continue;
1087 for_each_zcrypt_queue(zq, zc) {
1088 /* check if device is useable and eligible */
1089 if (!zq->online ||
1090 !zq->ops->send_ep11_cprb ||
1091 !zq->queue->config ||
1092 (targets &&
1093 !is_desired_ep11_queue(zq->queue->qid,
1094 target_num, targets)))
1095 continue;
1096 /* check if device node has admission for this queue */
1097 if (!zcrypt_check_queue(perms,
1098 AP_QID_QUEUE(zq->queue->qid)))
1099 continue;
1100 /* penalty if the msg was previously sent at this qid */
1101 qpen = (tr && tr->again_counter && tr->last_qid &&
1102 tr->last_qid == zq->queue->qid) ?
1103 TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0;
1104 if (!zcrypt_queue_compare(zq, pref_zq,
1105 wgt + cpen + qpen, pref_wgt))
1106 continue;
1107 pref_zc = zc;
1108 pref_zq = zq;
1109 pref_wgt = wgt + cpen + qpen;
1110 }
1111 }
1112 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
1113 spin_unlock(&zcrypt_list_lock);
1114
1115 if (!pref_zq) {
1116 rc = -ENODEV;
1117 goto out_free;
1118 }
1119
1120 qid = pref_zq->queue->qid;
1121 rc = pref_zq->ops->send_ep11_cprb(userspace, pref_zq, xcrb, &ap_msg);
1122
1123 spin_lock(&zcrypt_list_lock);
1124 zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
1125 spin_unlock(&zcrypt_list_lock);
1126
1127 out_free:
1128 kfree(targets);
1129 out:
1130 ap_release_message(&ap_msg);
1131 if (tr) {
1132 tr->last_rc = rc;
1133 tr->last_qid = qid;
1134 }
1135 trace_s390_zcrypt_rep(xcrb, func_code, rc,
1136 AP_QID_CARD(qid), AP_QID_QUEUE(qid));
1137 return rc;
1138 }
1139
zcrypt_send_ep11_cprb(struct ep11_urb * xcrb)1140 long zcrypt_send_ep11_cprb(struct ep11_urb *xcrb)
1141 {
1142 return _zcrypt_send_ep11_cprb(false, &ap_perms, NULL, xcrb);
1143 }
1144 EXPORT_SYMBOL(zcrypt_send_ep11_cprb);
1145
zcrypt_rng(char * buffer)1146 static long zcrypt_rng(char *buffer)
1147 {
1148 struct zcrypt_card *zc, *pref_zc;
1149 struct zcrypt_queue *zq, *pref_zq;
1150 unsigned int wgt = 0, pref_wgt = 0;
1151 unsigned int func_code;
1152 struct ap_message ap_msg;
1153 unsigned int domain;
1154 int qid = 0, rc = -ENODEV;
1155 struct module *mod;
1156
1157 trace_s390_zcrypt_req(buffer, TP_HWRNGCPRB);
1158
1159 ap_init_message(&ap_msg);
1160 rc = get_rng_fc(&ap_msg, &func_code, &domain);
1161 if (rc)
1162 goto out;
1163
1164 pref_zc = NULL;
1165 pref_zq = NULL;
1166 spin_lock(&zcrypt_list_lock);
1167 for_each_zcrypt_card(zc) {
1168 /* Check for useable CCA card */
1169 if (!zc->online || !zc->card->config ||
1170 !(zc->card->functions & 0x10000000))
1171 continue;
1172 /* get weight index of the card device */
1173 wgt = zc->speed_rating[func_code];
1174 if (!zcrypt_card_compare(zc, pref_zc, wgt, pref_wgt))
1175 continue;
1176 for_each_zcrypt_queue(zq, zc) {
1177 /* check if device is useable and eligible */
1178 if (!zq->online || !zq->ops->rng ||
1179 !zq->queue->config)
1180 continue;
1181 if (!zcrypt_queue_compare(zq, pref_zq, wgt, pref_wgt))
1182 continue;
1183 pref_zc = zc;
1184 pref_zq = zq;
1185 pref_wgt = wgt;
1186 }
1187 }
1188 pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
1189 spin_unlock(&zcrypt_list_lock);
1190
1191 if (!pref_zq) {
1192 rc = -ENODEV;
1193 goto out;
1194 }
1195
1196 qid = pref_zq->queue->qid;
1197 rc = pref_zq->ops->rng(pref_zq, buffer, &ap_msg);
1198
1199 spin_lock(&zcrypt_list_lock);
1200 zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
1201 spin_unlock(&zcrypt_list_lock);
1202
1203 out:
1204 ap_release_message(&ap_msg);
1205 trace_s390_zcrypt_rep(buffer, func_code, rc,
1206 AP_QID_CARD(qid), AP_QID_QUEUE(qid));
1207 return rc;
1208 }
1209
zcrypt_device_status_mask(struct zcrypt_device_status * devstatus)1210 static void zcrypt_device_status_mask(struct zcrypt_device_status *devstatus)
1211 {
1212 struct zcrypt_card *zc;
1213 struct zcrypt_queue *zq;
1214 struct zcrypt_device_status *stat;
1215 int card, queue;
1216
1217 memset(devstatus, 0, MAX_ZDEV_ENTRIES
1218 * sizeof(struct zcrypt_device_status));
1219
1220 spin_lock(&zcrypt_list_lock);
1221 for_each_zcrypt_card(zc) {
1222 for_each_zcrypt_queue(zq, zc) {
1223 card = AP_QID_CARD(zq->queue->qid);
1224 if (card >= MAX_ZDEV_CARDIDS)
1225 continue;
1226 queue = AP_QID_QUEUE(zq->queue->qid);
1227 stat = &devstatus[card * AP_DOMAINS + queue];
1228 stat->hwtype = zc->card->ap_dev.device_type;
1229 stat->functions = zc->card->functions >> 26;
1230 stat->qid = zq->queue->qid;
1231 stat->online = zq->online ? 0x01 : 0x00;
1232 }
1233 }
1234 spin_unlock(&zcrypt_list_lock);
1235 }
1236
zcrypt_device_status_mask_ext(struct zcrypt_device_status_ext * devstatus)1237 void zcrypt_device_status_mask_ext(struct zcrypt_device_status_ext *devstatus)
1238 {
1239 struct zcrypt_card *zc;
1240 struct zcrypt_queue *zq;
1241 struct zcrypt_device_status_ext *stat;
1242 int card, queue;
1243
1244 memset(devstatus, 0, MAX_ZDEV_ENTRIES_EXT
1245 * sizeof(struct zcrypt_device_status_ext));
1246
1247 spin_lock(&zcrypt_list_lock);
1248 for_each_zcrypt_card(zc) {
1249 for_each_zcrypt_queue(zq, zc) {
1250 card = AP_QID_CARD(zq->queue->qid);
1251 queue = AP_QID_QUEUE(zq->queue->qid);
1252 stat = &devstatus[card * AP_DOMAINS + queue];
1253 stat->hwtype = zc->card->ap_dev.device_type;
1254 stat->functions = zc->card->functions >> 26;
1255 stat->qid = zq->queue->qid;
1256 stat->online = zq->online ? 0x01 : 0x00;
1257 }
1258 }
1259 spin_unlock(&zcrypt_list_lock);
1260 }
1261 EXPORT_SYMBOL(zcrypt_device_status_mask_ext);
1262
zcrypt_device_status_ext(int card,int queue,struct zcrypt_device_status_ext * devstat)1263 int zcrypt_device_status_ext(int card, int queue,
1264 struct zcrypt_device_status_ext *devstat)
1265 {
1266 struct zcrypt_card *zc;
1267 struct zcrypt_queue *zq;
1268
1269 memset(devstat, 0, sizeof(*devstat));
1270
1271 spin_lock(&zcrypt_list_lock);
1272 for_each_zcrypt_card(zc) {
1273 for_each_zcrypt_queue(zq, zc) {
1274 if (card == AP_QID_CARD(zq->queue->qid) &&
1275 queue == AP_QID_QUEUE(zq->queue->qid)) {
1276 devstat->hwtype = zc->card->ap_dev.device_type;
1277 devstat->functions = zc->card->functions >> 26;
1278 devstat->qid = zq->queue->qid;
1279 devstat->online = zq->online ? 0x01 : 0x00;
1280 spin_unlock(&zcrypt_list_lock);
1281 return 0;
1282 }
1283 }
1284 }
1285 spin_unlock(&zcrypt_list_lock);
1286
1287 return -ENODEV;
1288 }
1289 EXPORT_SYMBOL(zcrypt_device_status_ext);
1290
zcrypt_status_mask(char status[],size_t max_adapters)1291 static void zcrypt_status_mask(char status[], size_t max_adapters)
1292 {
1293 struct zcrypt_card *zc;
1294 struct zcrypt_queue *zq;
1295 int card;
1296
1297 memset(status, 0, max_adapters);
1298 spin_lock(&zcrypt_list_lock);
1299 for_each_zcrypt_card(zc) {
1300 for_each_zcrypt_queue(zq, zc) {
1301 card = AP_QID_CARD(zq->queue->qid);
1302 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index
1303 || card >= max_adapters)
1304 continue;
1305 status[card] = zc->online ? zc->user_space_type : 0x0d;
1306 }
1307 }
1308 spin_unlock(&zcrypt_list_lock);
1309 }
1310
zcrypt_qdepth_mask(char qdepth[],size_t max_adapters)1311 static void zcrypt_qdepth_mask(char qdepth[], size_t max_adapters)
1312 {
1313 struct zcrypt_card *zc;
1314 struct zcrypt_queue *zq;
1315 int card;
1316
1317 memset(qdepth, 0, max_adapters);
1318 spin_lock(&zcrypt_list_lock);
1319 local_bh_disable();
1320 for_each_zcrypt_card(zc) {
1321 for_each_zcrypt_queue(zq, zc) {
1322 card = AP_QID_CARD(zq->queue->qid);
1323 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index
1324 || card >= max_adapters)
1325 continue;
1326 spin_lock(&zq->queue->lock);
1327 qdepth[card] =
1328 zq->queue->pendingq_count +
1329 zq->queue->requestq_count;
1330 spin_unlock(&zq->queue->lock);
1331 }
1332 }
1333 local_bh_enable();
1334 spin_unlock(&zcrypt_list_lock);
1335 }
1336
zcrypt_perdev_reqcnt(u32 reqcnt[],size_t max_adapters)1337 static void zcrypt_perdev_reqcnt(u32 reqcnt[], size_t max_adapters)
1338 {
1339 struct zcrypt_card *zc;
1340 struct zcrypt_queue *zq;
1341 int card;
1342 u64 cnt;
1343
1344 memset(reqcnt, 0, sizeof(int) * max_adapters);
1345 spin_lock(&zcrypt_list_lock);
1346 local_bh_disable();
1347 for_each_zcrypt_card(zc) {
1348 for_each_zcrypt_queue(zq, zc) {
1349 card = AP_QID_CARD(zq->queue->qid);
1350 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index
1351 || card >= max_adapters)
1352 continue;
1353 spin_lock(&zq->queue->lock);
1354 cnt = zq->queue->total_request_count;
1355 spin_unlock(&zq->queue->lock);
1356 reqcnt[card] = (cnt < UINT_MAX) ? (u32) cnt : UINT_MAX;
1357 }
1358 }
1359 local_bh_enable();
1360 spin_unlock(&zcrypt_list_lock);
1361 }
1362
zcrypt_pendingq_count(void)1363 static int zcrypt_pendingq_count(void)
1364 {
1365 struct zcrypt_card *zc;
1366 struct zcrypt_queue *zq;
1367 int pendingq_count;
1368
1369 pendingq_count = 0;
1370 spin_lock(&zcrypt_list_lock);
1371 local_bh_disable();
1372 for_each_zcrypt_card(zc) {
1373 for_each_zcrypt_queue(zq, zc) {
1374 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index)
1375 continue;
1376 spin_lock(&zq->queue->lock);
1377 pendingq_count += zq->queue->pendingq_count;
1378 spin_unlock(&zq->queue->lock);
1379 }
1380 }
1381 local_bh_enable();
1382 spin_unlock(&zcrypt_list_lock);
1383 return pendingq_count;
1384 }
1385
zcrypt_requestq_count(void)1386 static int zcrypt_requestq_count(void)
1387 {
1388 struct zcrypt_card *zc;
1389 struct zcrypt_queue *zq;
1390 int requestq_count;
1391
1392 requestq_count = 0;
1393 spin_lock(&zcrypt_list_lock);
1394 local_bh_disable();
1395 for_each_zcrypt_card(zc) {
1396 for_each_zcrypt_queue(zq, zc) {
1397 if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index)
1398 continue;
1399 spin_lock(&zq->queue->lock);
1400 requestq_count += zq->queue->requestq_count;
1401 spin_unlock(&zq->queue->lock);
1402 }
1403 }
1404 local_bh_enable();
1405 spin_unlock(&zcrypt_list_lock);
1406 return requestq_count;
1407 }
1408
icarsamodexpo_ioctl(struct ap_perms * perms,unsigned long arg)1409 static int icarsamodexpo_ioctl(struct ap_perms *perms, unsigned long arg)
1410 {
1411 int rc;
1412 struct zcrypt_track tr;
1413 struct ica_rsa_modexpo mex;
1414 struct ica_rsa_modexpo __user *umex = (void __user *) arg;
1415
1416 memset(&tr, 0, sizeof(tr));
1417 if (copy_from_user(&mex, umex, sizeof(mex)))
1418 return -EFAULT;
1419
1420 #ifdef CONFIG_ZCRYPT_DEBUG
1421 if (mex.inputdatalength & (1U << 31)) {
1422 if (!capable(CAP_SYS_ADMIN))
1423 return -EPERM;
1424 tr.fi.cmd = (u16)(mex.inputdatalength >> 16);
1425 }
1426 mex.inputdatalength &= 0x0000FFFF;
1427 #endif
1428
1429 do {
1430 rc = zcrypt_rsa_modexpo(perms, &tr, &mex);
1431 if (rc == -EAGAIN)
1432 tr.again_counter++;
1433 #ifdef CONFIG_ZCRYPT_DEBUG
1434 if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY))
1435 break;
1436 #endif
1437 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1438 /* on failure: retry once again after a requested rescan */
1439 if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1440 do {
1441 rc = zcrypt_rsa_modexpo(perms, &tr, &mex);
1442 if (rc == -EAGAIN)
1443 tr.again_counter++;
1444 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1445 if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1446 rc = -EIO;
1447 if (rc) {
1448 ZCRYPT_DBF_DBG("ioctl ICARSAMODEXPO rc=%d\n", rc);
1449 return rc;
1450 }
1451 return put_user(mex.outputdatalength, &umex->outputdatalength);
1452 }
1453
icarsacrt_ioctl(struct ap_perms * perms,unsigned long arg)1454 static int icarsacrt_ioctl(struct ap_perms *perms, unsigned long arg)
1455 {
1456 int rc;
1457 struct zcrypt_track tr;
1458 struct ica_rsa_modexpo_crt crt;
1459 struct ica_rsa_modexpo_crt __user *ucrt = (void __user *) arg;
1460
1461 memset(&tr, 0, sizeof(tr));
1462 if (copy_from_user(&crt, ucrt, sizeof(crt)))
1463 return -EFAULT;
1464
1465 #ifdef CONFIG_ZCRYPT_DEBUG
1466 if (crt.inputdatalength & (1U << 31)) {
1467 if (!capable(CAP_SYS_ADMIN))
1468 return -EPERM;
1469 tr.fi.cmd = (u16)(crt.inputdatalength >> 16);
1470 }
1471 crt.inputdatalength &= 0x0000FFFF;
1472 #endif
1473
1474 do {
1475 rc = zcrypt_rsa_crt(perms, &tr, &crt);
1476 if (rc == -EAGAIN)
1477 tr.again_counter++;
1478 #ifdef CONFIG_ZCRYPT_DEBUG
1479 if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY))
1480 break;
1481 #endif
1482 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1483 /* on failure: retry once again after a requested rescan */
1484 if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1485 do {
1486 rc = zcrypt_rsa_crt(perms, &tr, &crt);
1487 if (rc == -EAGAIN)
1488 tr.again_counter++;
1489 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1490 if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1491 rc = -EIO;
1492 if (rc) {
1493 ZCRYPT_DBF_DBG("ioctl ICARSACRT rc=%d\n", rc);
1494 return rc;
1495 }
1496 return put_user(crt.outputdatalength, &ucrt->outputdatalength);
1497 }
1498
zsecsendcprb_ioctl(struct ap_perms * perms,unsigned long arg)1499 static int zsecsendcprb_ioctl(struct ap_perms *perms, unsigned long arg)
1500 {
1501 int rc;
1502 struct ica_xcRB xcRB;
1503 struct zcrypt_track tr;
1504 struct ica_xcRB __user *uxcRB = (void __user *) arg;
1505
1506 memset(&tr, 0, sizeof(tr));
1507 if (copy_from_user(&xcRB, uxcRB, sizeof(xcRB)))
1508 return -EFAULT;
1509
1510 #ifdef CONFIG_ZCRYPT_DEBUG
1511 if ((xcRB.status & 0x8000FFFF) == 0x80004649 /* 'FI' */) {
1512 if (!capable(CAP_SYS_ADMIN))
1513 return -EPERM;
1514 tr.fi.cmd = (u16)(xcRB.status >> 16);
1515 }
1516 xcRB.status = 0;
1517 #endif
1518
1519 do {
1520 rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB);
1521 if (rc == -EAGAIN)
1522 tr.again_counter++;
1523 #ifdef CONFIG_ZCRYPT_DEBUG
1524 if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY))
1525 break;
1526 #endif
1527 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1528 /* on failure: retry once again after a requested rescan */
1529 if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1530 do {
1531 rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB);
1532 if (rc == -EAGAIN)
1533 tr.again_counter++;
1534 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1535 if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1536 rc = -EIO;
1537 if (rc)
1538 ZCRYPT_DBF_DBG("ioctl ZSENDCPRB rc=%d status=0x%x\n",
1539 rc, xcRB.status);
1540 if (copy_to_user(uxcRB, &xcRB, sizeof(xcRB)))
1541 return -EFAULT;
1542 return rc;
1543 }
1544
zsendep11cprb_ioctl(struct ap_perms * perms,unsigned long arg)1545 static int zsendep11cprb_ioctl(struct ap_perms *perms, unsigned long arg)
1546 {
1547 int rc;
1548 struct ep11_urb xcrb;
1549 struct zcrypt_track tr;
1550 struct ep11_urb __user *uxcrb = (void __user *)arg;
1551
1552 memset(&tr, 0, sizeof(tr));
1553 if (copy_from_user(&xcrb, uxcrb, sizeof(xcrb)))
1554 return -EFAULT;
1555
1556 #ifdef CONFIG_ZCRYPT_DEBUG
1557 if (xcrb.req_len & (1ULL << 63)) {
1558 if (!capable(CAP_SYS_ADMIN))
1559 return -EPERM;
1560 tr.fi.cmd = (u16)(xcrb.req_len >> 48);
1561 }
1562 xcrb.req_len &= 0x0000FFFFFFFFFFFFULL;
1563 #endif
1564
1565 do {
1566 rc = _zcrypt_send_ep11_cprb(true, perms, &tr, &xcrb);
1567 if (rc == -EAGAIN)
1568 tr.again_counter++;
1569 #ifdef CONFIG_ZCRYPT_DEBUG
1570 if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY))
1571 break;
1572 #endif
1573 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1574 /* on failure: retry once again after a requested rescan */
1575 if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1576 do {
1577 rc = _zcrypt_send_ep11_cprb(true, perms, &tr, &xcrb);
1578 if (rc == -EAGAIN)
1579 tr.again_counter++;
1580 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1581 if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1582 rc = -EIO;
1583 if (rc)
1584 ZCRYPT_DBF_DBG("ioctl ZSENDEP11CPRB rc=%d\n", rc);
1585 if (copy_to_user(uxcrb, &xcrb, sizeof(xcrb)))
1586 return -EFAULT;
1587 return rc;
1588 }
1589
zcrypt_unlocked_ioctl(struct file * filp,unsigned int cmd,unsigned long arg)1590 static long zcrypt_unlocked_ioctl(struct file *filp, unsigned int cmd,
1591 unsigned long arg)
1592 {
1593 int rc;
1594 struct ap_perms *perms =
1595 (struct ap_perms *) filp->private_data;
1596
1597 rc = zcrypt_check_ioctl(perms, cmd);
1598 if (rc)
1599 return rc;
1600
1601 switch (cmd) {
1602 case ICARSAMODEXPO:
1603 return icarsamodexpo_ioctl(perms, arg);
1604 case ICARSACRT:
1605 return icarsacrt_ioctl(perms, arg);
1606 case ZSECSENDCPRB:
1607 return zsecsendcprb_ioctl(perms, arg);
1608 case ZSENDEP11CPRB:
1609 return zsendep11cprb_ioctl(perms, arg);
1610 case ZCRYPT_DEVICE_STATUS: {
1611 struct zcrypt_device_status_ext *device_status;
1612 size_t total_size = MAX_ZDEV_ENTRIES_EXT
1613 * sizeof(struct zcrypt_device_status_ext);
1614
1615 device_status = kzalloc(total_size, GFP_KERNEL);
1616 if (!device_status)
1617 return -ENOMEM;
1618 zcrypt_device_status_mask_ext(device_status);
1619 if (copy_to_user((char __user *) arg, device_status,
1620 total_size))
1621 rc = -EFAULT;
1622 kfree(device_status);
1623 return rc;
1624 }
1625 case ZCRYPT_STATUS_MASK: {
1626 char status[AP_DEVICES];
1627
1628 zcrypt_status_mask(status, AP_DEVICES);
1629 if (copy_to_user((char __user *) arg, status, sizeof(status)))
1630 return -EFAULT;
1631 return 0;
1632 }
1633 case ZCRYPT_QDEPTH_MASK: {
1634 char qdepth[AP_DEVICES];
1635
1636 zcrypt_qdepth_mask(qdepth, AP_DEVICES);
1637 if (copy_to_user((char __user *) arg, qdepth, sizeof(qdepth)))
1638 return -EFAULT;
1639 return 0;
1640 }
1641 case ZCRYPT_PERDEV_REQCNT: {
1642 u32 *reqcnt;
1643
1644 reqcnt = kcalloc(AP_DEVICES, sizeof(u32), GFP_KERNEL);
1645 if (!reqcnt)
1646 return -ENOMEM;
1647 zcrypt_perdev_reqcnt(reqcnt, AP_DEVICES);
1648 if (copy_to_user((int __user *) arg, reqcnt,
1649 sizeof(u32) * AP_DEVICES))
1650 rc = -EFAULT;
1651 kfree(reqcnt);
1652 return rc;
1653 }
1654 case Z90STAT_REQUESTQ_COUNT:
1655 return put_user(zcrypt_requestq_count(), (int __user *) arg);
1656 case Z90STAT_PENDINGQ_COUNT:
1657 return put_user(zcrypt_pendingq_count(), (int __user *) arg);
1658 case Z90STAT_TOTALOPEN_COUNT:
1659 return put_user(atomic_read(&zcrypt_open_count),
1660 (int __user *) arg);
1661 case Z90STAT_DOMAIN_INDEX:
1662 return put_user(ap_domain_index, (int __user *) arg);
1663 /*
1664 * Deprecated ioctls
1665 */
1666 case ZDEVICESTATUS: {
1667 /* the old ioctl supports only 64 adapters */
1668 struct zcrypt_device_status *device_status;
1669 size_t total_size = MAX_ZDEV_ENTRIES
1670 * sizeof(struct zcrypt_device_status);
1671
1672 device_status = kzalloc(total_size, GFP_KERNEL);
1673 if (!device_status)
1674 return -ENOMEM;
1675 zcrypt_device_status_mask(device_status);
1676 if (copy_to_user((char __user *) arg, device_status,
1677 total_size))
1678 rc = -EFAULT;
1679 kfree(device_status);
1680 return rc;
1681 }
1682 case Z90STAT_STATUS_MASK: {
1683 /* the old ioctl supports only 64 adapters */
1684 char status[MAX_ZDEV_CARDIDS];
1685
1686 zcrypt_status_mask(status, MAX_ZDEV_CARDIDS);
1687 if (copy_to_user((char __user *) arg, status, sizeof(status)))
1688 return -EFAULT;
1689 return 0;
1690 }
1691 case Z90STAT_QDEPTH_MASK: {
1692 /* the old ioctl supports only 64 adapters */
1693 char qdepth[MAX_ZDEV_CARDIDS];
1694
1695 zcrypt_qdepth_mask(qdepth, MAX_ZDEV_CARDIDS);
1696 if (copy_to_user((char __user *) arg, qdepth, sizeof(qdepth)))
1697 return -EFAULT;
1698 return 0;
1699 }
1700 case Z90STAT_PERDEV_REQCNT: {
1701 /* the old ioctl supports only 64 adapters */
1702 u32 reqcnt[MAX_ZDEV_CARDIDS];
1703
1704 zcrypt_perdev_reqcnt(reqcnt, MAX_ZDEV_CARDIDS);
1705 if (copy_to_user((int __user *) arg, reqcnt, sizeof(reqcnt)))
1706 return -EFAULT;
1707 return 0;
1708 }
1709 /* unknown ioctl number */
1710 default:
1711 ZCRYPT_DBF_DBG("unknown ioctl 0x%08x\n", cmd);
1712 return -ENOIOCTLCMD;
1713 }
1714 }
1715
1716 #ifdef CONFIG_COMPAT
1717 /*
1718 * ioctl32 conversion routines
1719 */
1720 struct compat_ica_rsa_modexpo {
1721 compat_uptr_t inputdata;
1722 unsigned int inputdatalength;
1723 compat_uptr_t outputdata;
1724 unsigned int outputdatalength;
1725 compat_uptr_t b_key;
1726 compat_uptr_t n_modulus;
1727 };
1728
trans_modexpo32(struct ap_perms * perms,struct file * filp,unsigned int cmd,unsigned long arg)1729 static long trans_modexpo32(struct ap_perms *perms, struct file *filp,
1730 unsigned int cmd, unsigned long arg)
1731 {
1732 struct compat_ica_rsa_modexpo __user *umex32 = compat_ptr(arg);
1733 struct compat_ica_rsa_modexpo mex32;
1734 struct ica_rsa_modexpo mex64;
1735 struct zcrypt_track tr;
1736 long rc;
1737
1738 memset(&tr, 0, sizeof(tr));
1739 if (copy_from_user(&mex32, umex32, sizeof(mex32)))
1740 return -EFAULT;
1741 mex64.inputdata = compat_ptr(mex32.inputdata);
1742 mex64.inputdatalength = mex32.inputdatalength;
1743 mex64.outputdata = compat_ptr(mex32.outputdata);
1744 mex64.outputdatalength = mex32.outputdatalength;
1745 mex64.b_key = compat_ptr(mex32.b_key);
1746 mex64.n_modulus = compat_ptr(mex32.n_modulus);
1747 do {
1748 rc = zcrypt_rsa_modexpo(perms, &tr, &mex64);
1749 if (rc == -EAGAIN)
1750 tr.again_counter++;
1751 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1752 /* on failure: retry once again after a requested rescan */
1753 if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1754 do {
1755 rc = zcrypt_rsa_modexpo(perms, &tr, &mex64);
1756 if (rc == -EAGAIN)
1757 tr.again_counter++;
1758 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1759 if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1760 rc = -EIO;
1761 if (rc)
1762 return rc;
1763 return put_user(mex64.outputdatalength,
1764 &umex32->outputdatalength);
1765 }
1766
1767 struct compat_ica_rsa_modexpo_crt {
1768 compat_uptr_t inputdata;
1769 unsigned int inputdatalength;
1770 compat_uptr_t outputdata;
1771 unsigned int outputdatalength;
1772 compat_uptr_t bp_key;
1773 compat_uptr_t bq_key;
1774 compat_uptr_t np_prime;
1775 compat_uptr_t nq_prime;
1776 compat_uptr_t u_mult_inv;
1777 };
1778
trans_modexpo_crt32(struct ap_perms * perms,struct file * filp,unsigned int cmd,unsigned long arg)1779 static long trans_modexpo_crt32(struct ap_perms *perms, struct file *filp,
1780 unsigned int cmd, unsigned long arg)
1781 {
1782 struct compat_ica_rsa_modexpo_crt __user *ucrt32 = compat_ptr(arg);
1783 struct compat_ica_rsa_modexpo_crt crt32;
1784 struct ica_rsa_modexpo_crt crt64;
1785 struct zcrypt_track tr;
1786 long rc;
1787
1788 memset(&tr, 0, sizeof(tr));
1789 if (copy_from_user(&crt32, ucrt32, sizeof(crt32)))
1790 return -EFAULT;
1791 crt64.inputdata = compat_ptr(crt32.inputdata);
1792 crt64.inputdatalength = crt32.inputdatalength;
1793 crt64.outputdata = compat_ptr(crt32.outputdata);
1794 crt64.outputdatalength = crt32.outputdatalength;
1795 crt64.bp_key = compat_ptr(crt32.bp_key);
1796 crt64.bq_key = compat_ptr(crt32.bq_key);
1797 crt64.np_prime = compat_ptr(crt32.np_prime);
1798 crt64.nq_prime = compat_ptr(crt32.nq_prime);
1799 crt64.u_mult_inv = compat_ptr(crt32.u_mult_inv);
1800 do {
1801 rc = zcrypt_rsa_crt(perms, &tr, &crt64);
1802 if (rc == -EAGAIN)
1803 tr.again_counter++;
1804 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1805 /* on failure: retry once again after a requested rescan */
1806 if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1807 do {
1808 rc = zcrypt_rsa_crt(perms, &tr, &crt64);
1809 if (rc == -EAGAIN)
1810 tr.again_counter++;
1811 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1812 if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1813 rc = -EIO;
1814 if (rc)
1815 return rc;
1816 return put_user(crt64.outputdatalength,
1817 &ucrt32->outputdatalength);
1818 }
1819
1820 struct compat_ica_xcRB {
1821 unsigned short agent_ID;
1822 unsigned int user_defined;
1823 unsigned short request_ID;
1824 unsigned int request_control_blk_length;
1825 unsigned char padding1[16 - sizeof(compat_uptr_t)];
1826 compat_uptr_t request_control_blk_addr;
1827 unsigned int request_data_length;
1828 char padding2[16 - sizeof(compat_uptr_t)];
1829 compat_uptr_t request_data_address;
1830 unsigned int reply_control_blk_length;
1831 char padding3[16 - sizeof(compat_uptr_t)];
1832 compat_uptr_t reply_control_blk_addr;
1833 unsigned int reply_data_length;
1834 char padding4[16 - sizeof(compat_uptr_t)];
1835 compat_uptr_t reply_data_addr;
1836 unsigned short priority_window;
1837 unsigned int status;
1838 } __packed;
1839
trans_xcRB32(struct ap_perms * perms,struct file * filp,unsigned int cmd,unsigned long arg)1840 static long trans_xcRB32(struct ap_perms *perms, struct file *filp,
1841 unsigned int cmd, unsigned long arg)
1842 {
1843 struct compat_ica_xcRB __user *uxcRB32 = compat_ptr(arg);
1844 struct compat_ica_xcRB xcRB32;
1845 struct zcrypt_track tr;
1846 struct ica_xcRB xcRB64;
1847 long rc;
1848
1849 memset(&tr, 0, sizeof(tr));
1850 if (copy_from_user(&xcRB32, uxcRB32, sizeof(xcRB32)))
1851 return -EFAULT;
1852 xcRB64.agent_ID = xcRB32.agent_ID;
1853 xcRB64.user_defined = xcRB32.user_defined;
1854 xcRB64.request_ID = xcRB32.request_ID;
1855 xcRB64.request_control_blk_length =
1856 xcRB32.request_control_blk_length;
1857 xcRB64.request_control_blk_addr =
1858 compat_ptr(xcRB32.request_control_blk_addr);
1859 xcRB64.request_data_length =
1860 xcRB32.request_data_length;
1861 xcRB64.request_data_address =
1862 compat_ptr(xcRB32.request_data_address);
1863 xcRB64.reply_control_blk_length =
1864 xcRB32.reply_control_blk_length;
1865 xcRB64.reply_control_blk_addr =
1866 compat_ptr(xcRB32.reply_control_blk_addr);
1867 xcRB64.reply_data_length = xcRB32.reply_data_length;
1868 xcRB64.reply_data_addr =
1869 compat_ptr(xcRB32.reply_data_addr);
1870 xcRB64.priority_window = xcRB32.priority_window;
1871 xcRB64.status = xcRB32.status;
1872 do {
1873 rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB64);
1874 if (rc == -EAGAIN)
1875 tr.again_counter++;
1876 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1877 /* on failure: retry once again after a requested rescan */
1878 if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1879 do {
1880 rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB64);
1881 if (rc == -EAGAIN)
1882 tr.again_counter++;
1883 } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1884 if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1885 rc = -EIO;
1886 xcRB32.reply_control_blk_length = xcRB64.reply_control_blk_length;
1887 xcRB32.reply_data_length = xcRB64.reply_data_length;
1888 xcRB32.status = xcRB64.status;
1889 if (copy_to_user(uxcRB32, &xcRB32, sizeof(xcRB32)))
1890 return -EFAULT;
1891 return rc;
1892 }
1893
zcrypt_compat_ioctl(struct file * filp,unsigned int cmd,unsigned long arg)1894 static long zcrypt_compat_ioctl(struct file *filp, unsigned int cmd,
1895 unsigned long arg)
1896 {
1897 int rc;
1898 struct ap_perms *perms =
1899 (struct ap_perms *) filp->private_data;
1900
1901 rc = zcrypt_check_ioctl(perms, cmd);
1902 if (rc)
1903 return rc;
1904
1905 if (cmd == ICARSAMODEXPO)
1906 return trans_modexpo32(perms, filp, cmd, arg);
1907 if (cmd == ICARSACRT)
1908 return trans_modexpo_crt32(perms, filp, cmd, arg);
1909 if (cmd == ZSECSENDCPRB)
1910 return trans_xcRB32(perms, filp, cmd, arg);
1911 return zcrypt_unlocked_ioctl(filp, cmd, arg);
1912 }
1913 #endif
1914
1915 /*
1916 * Misc device file operations.
1917 */
1918 static const struct file_operations zcrypt_fops = {
1919 .owner = THIS_MODULE,
1920 .read = zcrypt_read,
1921 .write = zcrypt_write,
1922 .unlocked_ioctl = zcrypt_unlocked_ioctl,
1923 #ifdef CONFIG_COMPAT
1924 .compat_ioctl = zcrypt_compat_ioctl,
1925 #endif
1926 .open = zcrypt_open,
1927 .release = zcrypt_release,
1928 .llseek = no_llseek,
1929 };
1930
1931 /*
1932 * Misc device.
1933 */
1934 static struct miscdevice zcrypt_misc_device = {
1935 .minor = MISC_DYNAMIC_MINOR,
1936 .name = "z90crypt",
1937 .fops = &zcrypt_fops,
1938 };
1939
1940 static int zcrypt_rng_device_count;
1941 static u32 *zcrypt_rng_buffer;
1942 static int zcrypt_rng_buffer_index;
1943 static DEFINE_MUTEX(zcrypt_rng_mutex);
1944
zcrypt_rng_data_read(struct hwrng * rng,u32 * data)1945 static int zcrypt_rng_data_read(struct hwrng *rng, u32 *data)
1946 {
1947 int rc;
1948
1949 /*
1950 * We don't need locking here because the RNG API guarantees serialized
1951 * read method calls.
1952 */
1953 if (zcrypt_rng_buffer_index == 0) {
1954 rc = zcrypt_rng((char *) zcrypt_rng_buffer);
1955 /* on failure: retry once again after a requested rescan */
1956 if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1957 rc = zcrypt_rng((char *) zcrypt_rng_buffer);
1958 if (rc < 0)
1959 return -EIO;
1960 zcrypt_rng_buffer_index = rc / sizeof(*data);
1961 }
1962 *data = zcrypt_rng_buffer[--zcrypt_rng_buffer_index];
1963 return sizeof(*data);
1964 }
1965
1966 static struct hwrng zcrypt_rng_dev = {
1967 .name = "zcrypt",
1968 .data_read = zcrypt_rng_data_read,
1969 .quality = 990,
1970 };
1971
zcrypt_rng_device_add(void)1972 int zcrypt_rng_device_add(void)
1973 {
1974 int rc = 0;
1975
1976 mutex_lock(&zcrypt_rng_mutex);
1977 if (zcrypt_rng_device_count == 0) {
1978 zcrypt_rng_buffer = (u32 *) get_zeroed_page(GFP_KERNEL);
1979 if (!zcrypt_rng_buffer) {
1980 rc = -ENOMEM;
1981 goto out;
1982 }
1983 zcrypt_rng_buffer_index = 0;
1984 if (!zcrypt_hwrng_seed)
1985 zcrypt_rng_dev.quality = 0;
1986 rc = hwrng_register(&zcrypt_rng_dev);
1987 if (rc)
1988 goto out_free;
1989 zcrypt_rng_device_count = 1;
1990 } else
1991 zcrypt_rng_device_count++;
1992 mutex_unlock(&zcrypt_rng_mutex);
1993 return 0;
1994
1995 out_free:
1996 free_page((unsigned long) zcrypt_rng_buffer);
1997 out:
1998 mutex_unlock(&zcrypt_rng_mutex);
1999 return rc;
2000 }
2001
zcrypt_rng_device_remove(void)2002 void zcrypt_rng_device_remove(void)
2003 {
2004 mutex_lock(&zcrypt_rng_mutex);
2005 zcrypt_rng_device_count--;
2006 if (zcrypt_rng_device_count == 0) {
2007 hwrng_unregister(&zcrypt_rng_dev);
2008 free_page((unsigned long) zcrypt_rng_buffer);
2009 }
2010 mutex_unlock(&zcrypt_rng_mutex);
2011 }
2012
2013 /*
2014 * Wait until the zcrypt api is operational.
2015 * The AP bus scan and the binding of ap devices to device drivers is
2016 * an asynchronous job. This function waits until these initial jobs
2017 * are done and so the zcrypt api should be ready to serve crypto
2018 * requests - if there are resources available. The function uses an
2019 * internal timeout of 60s. The very first caller will either wait for
2020 * ap bus bindings complete or the timeout happens. This state will be
2021 * remembered for further callers which will only be blocked until a
2022 * decision is made (timeout or bindings complete).
2023 * On timeout -ETIME is returned, on success the return value is 0.
2024 */
zcrypt_wait_api_operational(void)2025 int zcrypt_wait_api_operational(void)
2026 {
2027 static DEFINE_MUTEX(zcrypt_wait_api_lock);
2028 static int zcrypt_wait_api_state;
2029 int rc;
2030
2031 rc = mutex_lock_interruptible(&zcrypt_wait_api_lock);
2032 if (rc)
2033 return rc;
2034
2035 switch (zcrypt_wait_api_state) {
2036 case 0:
2037 /* initial state, invoke wait for the ap bus complete */
2038 rc = ap_wait_init_apqn_bindings_complete(
2039 msecs_to_jiffies(60 * 1000));
2040 switch (rc) {
2041 case 0:
2042 /* ap bus bindings are complete */
2043 zcrypt_wait_api_state = 1;
2044 break;
2045 case -EINTR:
2046 /* interrupted, go back to caller */
2047 break;
2048 case -ETIME:
2049 /* timeout */
2050 ZCRYPT_DBF_WARN("%s ap_wait_init_apqn_bindings_complete()=ETIME\n",
2051 __func__);
2052 zcrypt_wait_api_state = -ETIME;
2053 break;
2054 default:
2055 /* other failure */
2056 ZCRYPT_DBF_DBG("%s ap_wait_init_apqn_bindings_complete()=%d\n",
2057 __func__, rc);
2058 break;
2059 }
2060 break;
2061 case 1:
2062 /* a previous caller already found ap bus bindings complete */
2063 rc = 0;
2064 break;
2065 default:
2066 /* a previous caller had timeout or other failure */
2067 rc = zcrypt_wait_api_state;
2068 break;
2069 }
2070
2071 mutex_unlock(&zcrypt_wait_api_lock);
2072
2073 return rc;
2074 }
2075 EXPORT_SYMBOL(zcrypt_wait_api_operational);
2076
zcrypt_debug_init(void)2077 int __init zcrypt_debug_init(void)
2078 {
2079 zcrypt_dbf_info = debug_register("zcrypt", 2, 1,
2080 DBF_MAX_SPRINTF_ARGS * sizeof(long));
2081 debug_register_view(zcrypt_dbf_info, &debug_sprintf_view);
2082 debug_set_level(zcrypt_dbf_info, DBF_ERR);
2083
2084 return 0;
2085 }
2086
zcrypt_debug_exit(void)2087 void zcrypt_debug_exit(void)
2088 {
2089 debug_unregister(zcrypt_dbf_info);
2090 }
2091
2092 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES
2093
zcdn_init(void)2094 static int __init zcdn_init(void)
2095 {
2096 int rc;
2097
2098 /* create a new class 'zcrypt' */
2099 zcrypt_class = class_create(THIS_MODULE, ZCRYPT_NAME);
2100 if (IS_ERR(zcrypt_class)) {
2101 rc = PTR_ERR(zcrypt_class);
2102 goto out_class_create_failed;
2103 }
2104 zcrypt_class->dev_release = zcdn_device_release;
2105
2106 /* alloc device minor range */
2107 rc = alloc_chrdev_region(&zcrypt_devt,
2108 0, ZCRYPT_MAX_MINOR_NODES,
2109 ZCRYPT_NAME);
2110 if (rc)
2111 goto out_alloc_chrdev_failed;
2112
2113 cdev_init(&zcrypt_cdev, &zcrypt_fops);
2114 zcrypt_cdev.owner = THIS_MODULE;
2115 rc = cdev_add(&zcrypt_cdev, zcrypt_devt, ZCRYPT_MAX_MINOR_NODES);
2116 if (rc)
2117 goto out_cdev_add_failed;
2118
2119 /* need some class specific sysfs attributes */
2120 rc = class_create_file(zcrypt_class, &class_attr_zcdn_create);
2121 if (rc)
2122 goto out_class_create_file_1_failed;
2123 rc = class_create_file(zcrypt_class, &class_attr_zcdn_destroy);
2124 if (rc)
2125 goto out_class_create_file_2_failed;
2126
2127 return 0;
2128
2129 out_class_create_file_2_failed:
2130 class_remove_file(zcrypt_class, &class_attr_zcdn_create);
2131 out_class_create_file_1_failed:
2132 cdev_del(&zcrypt_cdev);
2133 out_cdev_add_failed:
2134 unregister_chrdev_region(zcrypt_devt, ZCRYPT_MAX_MINOR_NODES);
2135 out_alloc_chrdev_failed:
2136 class_destroy(zcrypt_class);
2137 out_class_create_failed:
2138 return rc;
2139 }
2140
zcdn_exit(void)2141 static void zcdn_exit(void)
2142 {
2143 class_remove_file(zcrypt_class, &class_attr_zcdn_create);
2144 class_remove_file(zcrypt_class, &class_attr_zcdn_destroy);
2145 zcdn_destroy_all();
2146 cdev_del(&zcrypt_cdev);
2147 unregister_chrdev_region(zcrypt_devt, ZCRYPT_MAX_MINOR_NODES);
2148 class_destroy(zcrypt_class);
2149 }
2150
2151 #endif
2152
2153 /*
2154 * zcrypt_api_init(): Module initialization.
2155 *
2156 * The module initialization code.
2157 */
zcrypt_api_init(void)2158 int __init zcrypt_api_init(void)
2159 {
2160 int rc;
2161
2162 rc = zcrypt_debug_init();
2163 if (rc)
2164 goto out;
2165
2166 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES
2167 rc = zcdn_init();
2168 if (rc)
2169 goto out;
2170 #endif
2171
2172 /* Register the request sprayer. */
2173 rc = misc_register(&zcrypt_misc_device);
2174 if (rc < 0)
2175 goto out_misc_register_failed;
2176
2177 zcrypt_msgtype6_init();
2178 zcrypt_msgtype50_init();
2179
2180 return 0;
2181
2182 out_misc_register_failed:
2183 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES
2184 zcdn_exit();
2185 #endif
2186 zcrypt_debug_exit();
2187 out:
2188 return rc;
2189 }
2190
2191 /*
2192 * zcrypt_api_exit(): Module termination.
2193 *
2194 * The module termination code.
2195 */
zcrypt_api_exit(void)2196 void __exit zcrypt_api_exit(void)
2197 {
2198 #ifdef CONFIG_ZCRYPT_MULTIDEVNODES
2199 zcdn_exit();
2200 #endif
2201 misc_deregister(&zcrypt_misc_device);
2202 zcrypt_msgtype6_exit();
2203 zcrypt_msgtype50_exit();
2204 zcrypt_ccamisc_exit();
2205 zcrypt_ep11misc_exit();
2206 zcrypt_debug_exit();
2207 }
2208
2209 module_init(zcrypt_api_init);
2210 module_exit(zcrypt_api_exit);
2211