linux/drivers/s390/crypto/zcrypt_api.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0+
   2/*
   3 *  Copyright IBM Corp. 2001, 2018
   4 *  Author(s): Robert Burroughs
   5 *             Eric Rossman (edrossma@us.ibm.com)
   6 *             Cornelia Huck <cornelia.huck@de.ibm.com>
   7 *
   8 *  Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com)
   9 *  Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com>
  10 *                                Ralph Wuerthner <rwuerthn@de.ibm.com>
  11 *  MSGTYPE restruct:             Holger Dengler <hd@linux.vnet.ibm.com>
  12 *  Multiple device nodes: Harald Freudenberger <freude@linux.ibm.com>
  13 */
  14
  15#include <linux/module.h>
  16#include <linux/init.h>
  17#include <linux/interrupt.h>
  18#include <linux/miscdevice.h>
  19#include <linux/fs.h>
  20#include <linux/compat.h>
  21#include <linux/slab.h>
  22#include <linux/atomic.h>
  23#include <linux/uaccess.h>
  24#include <linux/hw_random.h>
  25#include <linux/debugfs.h>
  26#include <linux/cdev.h>
  27#include <linux/ctype.h>
  28#include <linux/capability.h>
  29#include <asm/debug.h>
  30
  31#define CREATE_TRACE_POINTS
  32#include <asm/trace/zcrypt.h>
  33
  34#include "zcrypt_api.h"
  35#include "zcrypt_debug.h"
  36
  37#include "zcrypt_msgtype6.h"
  38#include "zcrypt_msgtype50.h"
  39#include "zcrypt_ccamisc.h"
  40#include "zcrypt_ep11misc.h"
  41
  42/*
  43 * Module description.
  44 */
  45MODULE_AUTHOR("IBM Corporation");
  46MODULE_DESCRIPTION("Cryptographic Coprocessor interface, " \
  47                   "Copyright IBM Corp. 2001, 2012");
  48MODULE_LICENSE("GPL");
  49
  50/*
  51 * zcrypt tracepoint functions
  52 */
  53EXPORT_TRACEPOINT_SYMBOL(s390_zcrypt_req);
  54EXPORT_TRACEPOINT_SYMBOL(s390_zcrypt_rep);
  55
  56static int zcrypt_hwrng_seed = 1;
  57module_param_named(hwrng_seed, zcrypt_hwrng_seed, int, 0440);
  58MODULE_PARM_DESC(hwrng_seed, "Turn on/off hwrng auto seed, default is 1 (on).");
  59
  60DEFINE_SPINLOCK(zcrypt_list_lock);
  61LIST_HEAD(zcrypt_card_list);
  62int zcrypt_device_count;
  63
  64static atomic_t zcrypt_open_count = ATOMIC_INIT(0);
  65static atomic_t zcrypt_rescan_count = ATOMIC_INIT(0);
  66
  67atomic_t zcrypt_rescan_req = ATOMIC_INIT(0);
  68EXPORT_SYMBOL(zcrypt_rescan_req);
  69
  70static LIST_HEAD(zcrypt_ops_list);
  71
  72/* Zcrypt related debug feature stuff. */
  73debug_info_t *zcrypt_dbf_info;
  74
  75/**
  76 * Process a rescan of the transport layer.
  77 *
  78 * Returns 1, if the rescan has been processed, otherwise 0.
  79 */
  80static inline int zcrypt_process_rescan(void)
  81{
  82        if (atomic_read(&zcrypt_rescan_req)) {
  83                atomic_set(&zcrypt_rescan_req, 0);
  84                atomic_inc(&zcrypt_rescan_count);
  85                ap_bus_force_rescan();
  86                ZCRYPT_DBF(DBF_INFO, "rescan count=%07d\n",
  87                           atomic_inc_return(&zcrypt_rescan_count));
  88                return 1;
  89        }
  90        return 0;
  91}
  92
  93void zcrypt_msgtype_register(struct zcrypt_ops *zops)
  94{
  95        list_add_tail(&zops->list, &zcrypt_ops_list);
  96}
  97
  98void zcrypt_msgtype_unregister(struct zcrypt_ops *zops)
  99{
 100        list_del_init(&zops->list);
 101}
 102
 103struct zcrypt_ops *zcrypt_msgtype(unsigned char *name, int variant)
 104{
 105        struct zcrypt_ops *zops;
 106
 107        list_for_each_entry(zops, &zcrypt_ops_list, list)
 108                if ((zops->variant == variant) &&
 109                    (!strncmp(zops->name, name, sizeof(zops->name))))
 110                        return zops;
 111        return NULL;
 112}
 113EXPORT_SYMBOL(zcrypt_msgtype);
 114
 115/*
 116 * Multi device nodes extension functions.
 117 */
 118
 119#ifdef CONFIG_ZCRYPT_MULTIDEVNODES
 120
 121struct zcdn_device;
 122
 123static struct class *zcrypt_class;
 124static dev_t zcrypt_devt;
 125static struct cdev zcrypt_cdev;
 126
 127struct zcdn_device {
 128        struct device device;
 129        struct ap_perms perms;
 130};
 131
 132#define to_zcdn_dev(x) container_of((x), struct zcdn_device, device)
 133
 134#define ZCDN_MAX_NAME 32
 135
 136static int zcdn_create(const char *name);
 137static int zcdn_destroy(const char *name);
 138
 139/*
 140 * Find zcdn device by name.
 141 * Returns reference to the zcdn device which needs to be released
 142 * with put_device() after use.
 143 */
 144static inline struct zcdn_device *find_zcdndev_by_name(const char *name)
 145{
 146        struct device *dev = class_find_device_by_name(zcrypt_class, name);
 147
 148        return dev ? to_zcdn_dev(dev) : NULL;
 149}
 150
 151/*
 152 * Find zcdn device by devt value.
 153 * Returns reference to the zcdn device which needs to be released
 154 * with put_device() after use.
 155 */
 156static inline struct zcdn_device *find_zcdndev_by_devt(dev_t devt)
 157{
 158        struct device *dev = class_find_device_by_devt(zcrypt_class, devt);
 159
 160        return dev ? to_zcdn_dev(dev) : NULL;
 161}
 162
 163static ssize_t ioctlmask_show(struct device *dev,
 164                              struct device_attribute *attr,
 165                              char *buf)
 166{
 167        int i, rc;
 168        struct zcdn_device *zcdndev = to_zcdn_dev(dev);
 169
 170        if (mutex_lock_interruptible(&ap_perms_mutex))
 171                return -ERESTARTSYS;
 172
 173        buf[0] = '0';
 174        buf[1] = 'x';
 175        for (i = 0; i < sizeof(zcdndev->perms.ioctlm) / sizeof(long); i++)
 176                snprintf(buf + 2 + 2 * i * sizeof(long),
 177                         PAGE_SIZE - 2 - 2 * i * sizeof(long),
 178                         "%016lx", zcdndev->perms.ioctlm[i]);
 179        buf[2 + 2 * i * sizeof(long)] = '\n';
 180        buf[2 + 2 * i * sizeof(long) + 1] = '\0';
 181        rc = 2 + 2 * i * sizeof(long) + 1;
 182
 183        mutex_unlock(&ap_perms_mutex);
 184
 185        return rc;
 186}
 187
 188static ssize_t ioctlmask_store(struct device *dev,
 189                               struct device_attribute *attr,
 190                               const char *buf, size_t count)
 191{
 192        int rc;
 193        struct zcdn_device *zcdndev = to_zcdn_dev(dev);
 194
 195        rc = ap_parse_mask_str(buf, zcdndev->perms.ioctlm,
 196                               AP_IOCTLS, &ap_perms_mutex);
 197        if (rc)
 198                return rc;
 199
 200        return count;
 201}
 202
 203static DEVICE_ATTR_RW(ioctlmask);
 204
 205static ssize_t apmask_show(struct device *dev,
 206                           struct device_attribute *attr,
 207                           char *buf)
 208{
 209        int i, rc;
 210        struct zcdn_device *zcdndev = to_zcdn_dev(dev);
 211
 212        if (mutex_lock_interruptible(&ap_perms_mutex))
 213                return -ERESTARTSYS;
 214
 215        buf[0] = '0';
 216        buf[1] = 'x';
 217        for (i = 0; i < sizeof(zcdndev->perms.apm) / sizeof(long); i++)
 218                snprintf(buf + 2 + 2 * i * sizeof(long),
 219                         PAGE_SIZE - 2 - 2 * i * sizeof(long),
 220                         "%016lx", zcdndev->perms.apm[i]);
 221        buf[2 + 2 * i * sizeof(long)] = '\n';
 222        buf[2 + 2 * i * sizeof(long) + 1] = '\0';
 223        rc = 2 + 2 * i * sizeof(long) + 1;
 224
 225        mutex_unlock(&ap_perms_mutex);
 226
 227        return rc;
 228}
 229
 230static ssize_t apmask_store(struct device *dev,
 231                            struct device_attribute *attr,
 232                            const char *buf, size_t count)
 233{
 234        int rc;
 235        struct zcdn_device *zcdndev = to_zcdn_dev(dev);
 236
 237        rc = ap_parse_mask_str(buf, zcdndev->perms.apm,
 238                               AP_DEVICES, &ap_perms_mutex);
 239        if (rc)
 240                return rc;
 241
 242        return count;
 243}
 244
 245static DEVICE_ATTR_RW(apmask);
 246
 247static ssize_t aqmask_show(struct device *dev,
 248                           struct device_attribute *attr,
 249                           char *buf)
 250{
 251        int i, rc;
 252        struct zcdn_device *zcdndev = to_zcdn_dev(dev);
 253
 254        if (mutex_lock_interruptible(&ap_perms_mutex))
 255                return -ERESTARTSYS;
 256
 257        buf[0] = '0';
 258        buf[1] = 'x';
 259        for (i = 0; i < sizeof(zcdndev->perms.aqm) / sizeof(long); i++)
 260                snprintf(buf + 2 + 2 * i * sizeof(long),
 261                         PAGE_SIZE - 2 - 2 * i * sizeof(long),
 262                         "%016lx", zcdndev->perms.aqm[i]);
 263        buf[2 + 2 * i * sizeof(long)] = '\n';
 264        buf[2 + 2 * i * sizeof(long) + 1] = '\0';
 265        rc = 2 + 2 * i * sizeof(long) + 1;
 266
 267        mutex_unlock(&ap_perms_mutex);
 268
 269        return rc;
 270}
 271
 272static ssize_t aqmask_store(struct device *dev,
 273                            struct device_attribute *attr,
 274                            const char *buf, size_t count)
 275{
 276        int rc;
 277        struct zcdn_device *zcdndev = to_zcdn_dev(dev);
 278
 279        rc = ap_parse_mask_str(buf, zcdndev->perms.aqm,
 280                               AP_DOMAINS, &ap_perms_mutex);
 281        if (rc)
 282                return rc;
 283
 284        return count;
 285}
 286
 287static DEVICE_ATTR_RW(aqmask);
 288
 289static struct attribute *zcdn_dev_attrs[] = {
 290        &dev_attr_ioctlmask.attr,
 291        &dev_attr_apmask.attr,
 292        &dev_attr_aqmask.attr,
 293        NULL
 294};
 295
 296static struct attribute_group zcdn_dev_attr_group = {
 297        .attrs = zcdn_dev_attrs
 298};
 299
 300static const struct attribute_group *zcdn_dev_attr_groups[] = {
 301        &zcdn_dev_attr_group,
 302        NULL
 303};
 304
 305static ssize_t zcdn_create_store(struct class *class,
 306                                 struct class_attribute *attr,
 307                                 const char *buf, size_t count)
 308{
 309        int rc;
 310        char name[ZCDN_MAX_NAME];
 311
 312        strncpy(name, skip_spaces(buf), sizeof(name));
 313        name[sizeof(name) - 1] = '\0';
 314
 315        rc = zcdn_create(strim(name));
 316
 317        return rc ? rc : count;
 318}
 319
 320static const struct class_attribute class_attr_zcdn_create =
 321        __ATTR(create, 0600, NULL, zcdn_create_store);
 322
 323static ssize_t zcdn_destroy_store(struct class *class,
 324                                  struct class_attribute *attr,
 325                                  const char *buf, size_t count)
 326{
 327        int rc;
 328        char name[ZCDN_MAX_NAME];
 329
 330        strncpy(name, skip_spaces(buf), sizeof(name));
 331        name[sizeof(name) - 1] = '\0';
 332
 333        rc = zcdn_destroy(strim(name));
 334
 335        return rc ? rc : count;
 336}
 337
 338static const struct class_attribute class_attr_zcdn_destroy =
 339        __ATTR(destroy, 0600, NULL, zcdn_destroy_store);
 340
 341static void zcdn_device_release(struct device *dev)
 342{
 343        struct zcdn_device *zcdndev = to_zcdn_dev(dev);
 344
 345        ZCRYPT_DBF(DBF_INFO, "releasing zcdn device %d:%d\n",
 346                   MAJOR(dev->devt), MINOR(dev->devt));
 347
 348        kfree(zcdndev);
 349}
 350
 351static int zcdn_create(const char *name)
 352{
 353        dev_t devt;
 354        int i, rc = 0;
 355        char nodename[ZCDN_MAX_NAME];
 356        struct zcdn_device *zcdndev;
 357
 358        if (mutex_lock_interruptible(&ap_perms_mutex))
 359                return -ERESTARTSYS;
 360
 361        /* check if device node with this name already exists */
 362        if (name[0]) {
 363                zcdndev = find_zcdndev_by_name(name);
 364                if (zcdndev) {
 365                        put_device(&zcdndev->device);
 366                        rc = -EEXIST;
 367                        goto unlockout;
 368                }
 369        }
 370
 371        /* find an unused minor number */
 372        for (i = 0; i < ZCRYPT_MAX_MINOR_NODES; i++) {
 373                devt = MKDEV(MAJOR(zcrypt_devt), MINOR(zcrypt_devt) + i);
 374                zcdndev = find_zcdndev_by_devt(devt);
 375                if (zcdndev)
 376                        put_device(&zcdndev->device);
 377                else
 378                        break;
 379        }
 380        if (i == ZCRYPT_MAX_MINOR_NODES) {
 381                rc = -ENOSPC;
 382                goto unlockout;
 383        }
 384
 385        /* alloc and prepare a new zcdn device */
 386        zcdndev = kzalloc(sizeof(*zcdndev), GFP_KERNEL);
 387        if (!zcdndev) {
 388                rc = -ENOMEM;
 389                goto unlockout;
 390        }
 391        zcdndev->device.release = zcdn_device_release;
 392        zcdndev->device.class = zcrypt_class;
 393        zcdndev->device.devt = devt;
 394        zcdndev->device.groups = zcdn_dev_attr_groups;
 395        if (name[0])
 396                strncpy(nodename, name, sizeof(nodename));
 397        else
 398                snprintf(nodename, sizeof(nodename),
 399                         ZCRYPT_NAME "_%d", (int) MINOR(devt));
 400        nodename[sizeof(nodename)-1] = '\0';
 401        if (dev_set_name(&zcdndev->device, nodename)) {
 402                rc = -EINVAL;
 403                goto unlockout;
 404        }
 405        rc = device_register(&zcdndev->device);
 406        if (rc) {
 407                put_device(&zcdndev->device);
 408                goto unlockout;
 409        }
 410
 411        ZCRYPT_DBF(DBF_INFO, "created zcdn device %d:%d\n",
 412                   MAJOR(devt), MINOR(devt));
 413
 414unlockout:
 415        mutex_unlock(&ap_perms_mutex);
 416        return rc;
 417}
 418
 419static int zcdn_destroy(const char *name)
 420{
 421        int rc = 0;
 422        struct zcdn_device *zcdndev;
 423
 424        if (mutex_lock_interruptible(&ap_perms_mutex))
 425                return -ERESTARTSYS;
 426
 427        /* try to find this zcdn device */
 428        zcdndev = find_zcdndev_by_name(name);
 429        if (!zcdndev) {
 430                rc = -ENOENT;
 431                goto unlockout;
 432        }
 433
 434        /*
 435         * The zcdn device is not hard destroyed. It is subject to
 436         * reference counting and thus just needs to be unregistered.
 437         */
 438        put_device(&zcdndev->device);
 439        device_unregister(&zcdndev->device);
 440
 441unlockout:
 442        mutex_unlock(&ap_perms_mutex);
 443        return rc;
 444}
 445
 446static void zcdn_destroy_all(void)
 447{
 448        int i;
 449        dev_t devt;
 450        struct zcdn_device *zcdndev;
 451
 452        mutex_lock(&ap_perms_mutex);
 453        for (i = 0; i < ZCRYPT_MAX_MINOR_NODES; i++) {
 454                devt = MKDEV(MAJOR(zcrypt_devt), MINOR(zcrypt_devt) + i);
 455                zcdndev = find_zcdndev_by_devt(devt);
 456                if (zcdndev) {
 457                        put_device(&zcdndev->device);
 458                        device_unregister(&zcdndev->device);
 459                }
 460        }
 461        mutex_unlock(&ap_perms_mutex);
 462}
 463
 464#endif
 465
 466/**
 467 * zcrypt_read (): Not supported beyond zcrypt 1.3.1.
 468 *
 469 * This function is not supported beyond zcrypt 1.3.1.
 470 */
 471static ssize_t zcrypt_read(struct file *filp, char __user *buf,
 472                           size_t count, loff_t *f_pos)
 473{
 474        return -EPERM;
 475}
 476
 477/**
 478 * zcrypt_write(): Not allowed.
 479 *
 480 * Write is is not allowed
 481 */
 482static ssize_t zcrypt_write(struct file *filp, const char __user *buf,
 483                            size_t count, loff_t *f_pos)
 484{
 485        return -EPERM;
 486}
 487
 488/**
 489 * zcrypt_open(): Count number of users.
 490 *
 491 * Device open function to count number of users.
 492 */
 493static int zcrypt_open(struct inode *inode, struct file *filp)
 494{
 495        struct ap_perms *perms = &ap_perms;
 496
 497#ifdef CONFIG_ZCRYPT_MULTIDEVNODES
 498        if (filp->f_inode->i_cdev == &zcrypt_cdev) {
 499                struct zcdn_device *zcdndev;
 500
 501                if (mutex_lock_interruptible(&ap_perms_mutex))
 502                        return -ERESTARTSYS;
 503                zcdndev = find_zcdndev_by_devt(filp->f_inode->i_rdev);
 504                /* find returns a reference, no get_device() needed */
 505                mutex_unlock(&ap_perms_mutex);
 506                if (zcdndev)
 507                        perms = &zcdndev->perms;
 508        }
 509#endif
 510        filp->private_data = (void *) perms;
 511
 512        atomic_inc(&zcrypt_open_count);
 513        return stream_open(inode, filp);
 514}
 515
 516/**
 517 * zcrypt_release(): Count number of users.
 518 *
 519 * Device close function to count number of users.
 520 */
 521static int zcrypt_release(struct inode *inode, struct file *filp)
 522{
 523#ifdef CONFIG_ZCRYPT_MULTIDEVNODES
 524        if (filp->f_inode->i_cdev == &zcrypt_cdev) {
 525                struct zcdn_device *zcdndev;
 526
 527                mutex_lock(&ap_perms_mutex);
 528                zcdndev = find_zcdndev_by_devt(filp->f_inode->i_rdev);
 529                mutex_unlock(&ap_perms_mutex);
 530                if (zcdndev) {
 531                        /* 2 puts here: one for find, one for open */
 532                        put_device(&zcdndev->device);
 533                        put_device(&zcdndev->device);
 534                }
 535        }
 536#endif
 537
 538        atomic_dec(&zcrypt_open_count);
 539        return 0;
 540}
 541
 542static inline int zcrypt_check_ioctl(struct ap_perms *perms,
 543                                     unsigned int cmd)
 544{
 545        int rc = -EPERM;
 546        int ioctlnr = (cmd & _IOC_NRMASK) >> _IOC_NRSHIFT;
 547
 548        if (ioctlnr > 0 && ioctlnr < AP_IOCTLS) {
 549                if (test_bit_inv(ioctlnr, perms->ioctlm))
 550                        rc = 0;
 551        }
 552
 553        if (rc)
 554                ZCRYPT_DBF(DBF_WARN,
 555                           "ioctl check failed: ioctlnr=0x%04x rc=%d\n",
 556                           ioctlnr, rc);
 557
 558        return rc;
 559}
 560
 561static inline bool zcrypt_check_card(struct ap_perms *perms, int card)
 562{
 563        return test_bit_inv(card, perms->apm) ? true : false;
 564}
 565
 566static inline bool zcrypt_check_queue(struct ap_perms *perms, int queue)
 567{
 568        return test_bit_inv(queue, perms->aqm) ? true : false;
 569}
 570
 571static inline struct zcrypt_queue *zcrypt_pick_queue(struct zcrypt_card *zc,
 572                                                     struct zcrypt_queue *zq,
 573                                                     struct module **pmod,
 574                                                     unsigned int weight)
 575{
 576        if (!zq || !try_module_get(zq->queue->ap_dev.drv->driver.owner))
 577                return NULL;
 578        zcrypt_queue_get(zq);
 579        get_device(&zq->queue->ap_dev.device);
 580        atomic_add(weight, &zc->load);
 581        atomic_add(weight, &zq->load);
 582        zq->request_count++;
 583        *pmod = zq->queue->ap_dev.drv->driver.owner;
 584        return zq;
 585}
 586
 587static inline void zcrypt_drop_queue(struct zcrypt_card *zc,
 588                                     struct zcrypt_queue *zq,
 589                                     struct module *mod,
 590                                     unsigned int weight)
 591{
 592        zq->request_count--;
 593        atomic_sub(weight, &zc->load);
 594        atomic_sub(weight, &zq->load);
 595        put_device(&zq->queue->ap_dev.device);
 596        zcrypt_queue_put(zq);
 597        module_put(mod);
 598}
 599
 600static inline bool zcrypt_card_compare(struct zcrypt_card *zc,
 601                                       struct zcrypt_card *pref_zc,
 602                                       unsigned int weight,
 603                                       unsigned int pref_weight)
 604{
 605        if (!pref_zc)
 606                return true;
 607        weight += atomic_read(&zc->load);
 608        pref_weight += atomic_read(&pref_zc->load);
 609        if (weight == pref_weight)
 610                return atomic64_read(&zc->card->total_request_count) <
 611                        atomic64_read(&pref_zc->card->total_request_count);
 612        return weight < pref_weight;
 613}
 614
 615static inline bool zcrypt_queue_compare(struct zcrypt_queue *zq,
 616                                        struct zcrypt_queue *pref_zq,
 617                                        unsigned int weight,
 618                                        unsigned int pref_weight)
 619{
 620        if (!pref_zq)
 621                return true;
 622        weight += atomic_read(&zq->load);
 623        pref_weight += atomic_read(&pref_zq->load);
 624        if (weight == pref_weight)
 625                return zq->queue->total_request_count <
 626                        pref_zq->queue->total_request_count;
 627        return weight < pref_weight;
 628}
 629
 630/*
 631 * zcrypt ioctls.
 632 */
 633static long zcrypt_rsa_modexpo(struct ap_perms *perms,
 634                               struct zcrypt_track *tr,
 635                               struct ica_rsa_modexpo *mex)
 636{
 637        struct zcrypt_card *zc, *pref_zc;
 638        struct zcrypt_queue *zq, *pref_zq;
 639        struct ap_message ap_msg;
 640        unsigned int wgt = 0, pref_wgt = 0;
 641        unsigned int func_code;
 642        int cpen, qpen, qid = 0, rc = -ENODEV;
 643        struct module *mod;
 644
 645        trace_s390_zcrypt_req(mex, TP_ICARSAMODEXPO);
 646
 647        ap_init_message(&ap_msg);
 648
 649#ifdef CONFIG_ZCRYPT_DEBUG
 650        if (tr && tr->fi.cmd)
 651                ap_msg.fi.cmd = tr->fi.cmd;
 652#endif
 653
 654        if (mex->outputdatalength < mex->inputdatalength) {
 655                func_code = 0;
 656                rc = -EINVAL;
 657                goto out;
 658        }
 659
 660        /*
 661         * As long as outputdatalength is big enough, we can set the
 662         * outputdatalength equal to the inputdatalength, since that is the
 663         * number of bytes we will copy in any case
 664         */
 665        mex->outputdatalength = mex->inputdatalength;
 666
 667        rc = get_rsa_modex_fc(mex, &func_code);
 668        if (rc)
 669                goto out;
 670
 671        pref_zc = NULL;
 672        pref_zq = NULL;
 673        spin_lock(&zcrypt_list_lock);
 674        for_each_zcrypt_card(zc) {
 675                /* Check for useable accelarator or CCA card */
 676                if (!zc->online || !zc->card->config ||
 677                    !(zc->card->functions & 0x18000000))
 678                        continue;
 679                /* Check for size limits */
 680                if (zc->min_mod_size > mex->inputdatalength ||
 681                    zc->max_mod_size < mex->inputdatalength)
 682                        continue;
 683                /* check if device node has admission for this card */
 684                if (!zcrypt_check_card(perms, zc->card->id))
 685                        continue;
 686                /* get weight index of the card device  */
 687                wgt = zc->speed_rating[func_code];
 688                /* penalty if this msg was previously sent via this card */
 689                cpen = (tr && tr->again_counter && tr->last_qid &&
 690                        AP_QID_CARD(tr->last_qid) == zc->card->id) ?
 691                        TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0;
 692                if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt))
 693                        continue;
 694                for_each_zcrypt_queue(zq, zc) {
 695                        /* check if device is useable and eligible */
 696                        if (!zq->online || !zq->ops->rsa_modexpo ||
 697                            !zq->queue->config)
 698                                continue;
 699                        /* check if device node has admission for this queue */
 700                        if (!zcrypt_check_queue(perms,
 701                                                AP_QID_QUEUE(zq->queue->qid)))
 702                                continue;
 703                        /* penalty if the msg was previously sent at this qid */
 704                        qpen = (tr && tr->again_counter && tr->last_qid &&
 705                                tr->last_qid == zq->queue->qid) ?
 706                                TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0;
 707                        if (!zcrypt_queue_compare(zq, pref_zq,
 708                                                  wgt + cpen + qpen, pref_wgt))
 709                                continue;
 710                        pref_zc = zc;
 711                        pref_zq = zq;
 712                        pref_wgt = wgt + cpen + qpen;
 713                }
 714        }
 715        pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
 716        spin_unlock(&zcrypt_list_lock);
 717
 718        if (!pref_zq) {
 719                rc = -ENODEV;
 720                goto out;
 721        }
 722
 723        qid = pref_zq->queue->qid;
 724        rc = pref_zq->ops->rsa_modexpo(pref_zq, mex, &ap_msg);
 725
 726        spin_lock(&zcrypt_list_lock);
 727        zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
 728        spin_unlock(&zcrypt_list_lock);
 729
 730out:
 731        ap_release_message(&ap_msg);
 732        if (tr) {
 733                tr->last_rc = rc;
 734                tr->last_qid = qid;
 735        }
 736        trace_s390_zcrypt_rep(mex, func_code, rc,
 737                              AP_QID_CARD(qid), AP_QID_QUEUE(qid));
 738        return rc;
 739}
 740
 741static long zcrypt_rsa_crt(struct ap_perms *perms,
 742                           struct zcrypt_track *tr,
 743                           struct ica_rsa_modexpo_crt *crt)
 744{
 745        struct zcrypt_card *zc, *pref_zc;
 746        struct zcrypt_queue *zq, *pref_zq;
 747        struct ap_message ap_msg;
 748        unsigned int wgt = 0, pref_wgt = 0;
 749        unsigned int func_code;
 750        int cpen, qpen, qid = 0, rc = -ENODEV;
 751        struct module *mod;
 752
 753        trace_s390_zcrypt_req(crt, TP_ICARSACRT);
 754
 755        ap_init_message(&ap_msg);
 756
 757#ifdef CONFIG_ZCRYPT_DEBUG
 758        if (tr && tr->fi.cmd)
 759                ap_msg.fi.cmd = tr->fi.cmd;
 760#endif
 761
 762        if (crt->outputdatalength < crt->inputdatalength) {
 763                func_code = 0;
 764                rc = -EINVAL;
 765                goto out;
 766        }
 767
 768        /*
 769         * As long as outputdatalength is big enough, we can set the
 770         * outputdatalength equal to the inputdatalength, since that is the
 771         * number of bytes we will copy in any case
 772         */
 773        crt->outputdatalength = crt->inputdatalength;
 774
 775        rc = get_rsa_crt_fc(crt, &func_code);
 776        if (rc)
 777                goto out;
 778
 779        pref_zc = NULL;
 780        pref_zq = NULL;
 781        spin_lock(&zcrypt_list_lock);
 782        for_each_zcrypt_card(zc) {
 783                /* Check for useable accelarator or CCA card */
 784                if (!zc->online || !zc->card->config ||
 785                    !(zc->card->functions & 0x18000000))
 786                        continue;
 787                /* Check for size limits */
 788                if (zc->min_mod_size > crt->inputdatalength ||
 789                    zc->max_mod_size < crt->inputdatalength)
 790                        continue;
 791                /* check if device node has admission for this card */
 792                if (!zcrypt_check_card(perms, zc->card->id))
 793                        continue;
 794                /* get weight index of the card device  */
 795                wgt = zc->speed_rating[func_code];
 796                /* penalty if this msg was previously sent via this card */
 797                cpen = (tr && tr->again_counter && tr->last_qid &&
 798                        AP_QID_CARD(tr->last_qid) == zc->card->id) ?
 799                        TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0;
 800                if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt))
 801                        continue;
 802                for_each_zcrypt_queue(zq, zc) {
 803                        /* check if device is useable and eligible */
 804                        if (!zq->online || !zq->ops->rsa_modexpo_crt ||
 805                            !zq->queue->config)
 806                                continue;
 807                        /* check if device node has admission for this queue */
 808                        if (!zcrypt_check_queue(perms,
 809                                                AP_QID_QUEUE(zq->queue->qid)))
 810                                continue;
 811                        /* penalty if the msg was previously sent at this qid */
 812                        qpen = (tr && tr->again_counter && tr->last_qid &&
 813                                tr->last_qid == zq->queue->qid) ?
 814                                TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0;
 815                        if (!zcrypt_queue_compare(zq, pref_zq,
 816                                                  wgt + cpen + qpen, pref_wgt))
 817                                continue;
 818                        pref_zc = zc;
 819                        pref_zq = zq;
 820                        pref_wgt = wgt + cpen + qpen;
 821                }
 822        }
 823        pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
 824        spin_unlock(&zcrypt_list_lock);
 825
 826        if (!pref_zq) {
 827                rc = -ENODEV;
 828                goto out;
 829        }
 830
 831        qid = pref_zq->queue->qid;
 832        rc = pref_zq->ops->rsa_modexpo_crt(pref_zq, crt, &ap_msg);
 833
 834        spin_lock(&zcrypt_list_lock);
 835        zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
 836        spin_unlock(&zcrypt_list_lock);
 837
 838out:
 839        ap_release_message(&ap_msg);
 840        if (tr) {
 841                tr->last_rc = rc;
 842                tr->last_qid = qid;
 843        }
 844        trace_s390_zcrypt_rep(crt, func_code, rc,
 845                              AP_QID_CARD(qid), AP_QID_QUEUE(qid));
 846        return rc;
 847}
 848
 849static long _zcrypt_send_cprb(bool userspace, struct ap_perms *perms,
 850                              struct zcrypt_track *tr,
 851                              struct ica_xcRB *xcRB)
 852{
 853        struct zcrypt_card *zc, *pref_zc;
 854        struct zcrypt_queue *zq, *pref_zq;
 855        struct ap_message ap_msg;
 856        unsigned int wgt = 0, pref_wgt = 0;
 857        unsigned int func_code;
 858        unsigned short *domain, tdom;
 859        int cpen, qpen, qid = 0, rc = -ENODEV;
 860        struct module *mod;
 861
 862        trace_s390_zcrypt_req(xcRB, TB_ZSECSENDCPRB);
 863
 864        xcRB->status = 0;
 865        ap_init_message(&ap_msg);
 866
 867#ifdef CONFIG_ZCRYPT_DEBUG
 868        if (tr && tr->fi.cmd)
 869                ap_msg.fi.cmd = tr->fi.cmd;
 870        if (tr && tr->fi.action == AP_FI_ACTION_CCA_AGENT_FF) {
 871                ZCRYPT_DBF_WARN("%s fi cmd 0x%04x: forcing invalid agent_ID 'FF'\n",
 872                                __func__, tr->fi.cmd);
 873                xcRB->agent_ID = 0x4646;
 874        }
 875#endif
 876
 877        rc = get_cprb_fc(userspace, xcRB, &ap_msg, &func_code, &domain);
 878        if (rc)
 879                goto out;
 880
 881        /*
 882         * If a valid target domain is set and this domain is NOT a usage
 883         * domain but a control only domain, use the default domain as target.
 884         */
 885        tdom = *domain;
 886        if (tdom < AP_DOMAINS &&
 887            !ap_test_config_usage_domain(tdom) &&
 888            ap_test_config_ctrl_domain(tdom) &&
 889            ap_domain_index >= 0)
 890                tdom = ap_domain_index;
 891
 892        pref_zc = NULL;
 893        pref_zq = NULL;
 894        spin_lock(&zcrypt_list_lock);
 895        for_each_zcrypt_card(zc) {
 896                /* Check for useable CCA card */
 897                if (!zc->online || !zc->card->config ||
 898                    !(zc->card->functions & 0x10000000))
 899                        continue;
 900                /* Check for user selected CCA card */
 901                if (xcRB->user_defined != AUTOSELECT &&
 902                    xcRB->user_defined != zc->card->id)
 903                        continue;
 904                /* check if device node has admission for this card */
 905                if (!zcrypt_check_card(perms, zc->card->id))
 906                        continue;
 907                /* get weight index of the card device  */
 908                wgt = speed_idx_cca(func_code) * zc->speed_rating[SECKEY];
 909                /* penalty if this msg was previously sent via this card */
 910                cpen = (tr && tr->again_counter && tr->last_qid &&
 911                        AP_QID_CARD(tr->last_qid) == zc->card->id) ?
 912                        TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0;
 913                if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt))
 914                        continue;
 915                for_each_zcrypt_queue(zq, zc) {
 916                        /* check for device useable and eligible */
 917                        if (!zq->online ||
 918                            !zq->ops->send_cprb ||
 919                            !zq->queue->config ||
 920                            (tdom != AUTOSEL_DOM &&
 921                             tdom != AP_QID_QUEUE(zq->queue->qid)))
 922                                continue;
 923                        /* check if device node has admission for this queue */
 924                        if (!zcrypt_check_queue(perms,
 925                                                AP_QID_QUEUE(zq->queue->qid)))
 926                                continue;
 927                        /* penalty if the msg was previously sent at this qid */
 928                        qpen = (tr && tr->again_counter && tr->last_qid &&
 929                                tr->last_qid == zq->queue->qid) ?
 930                                TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0;
 931                        if (!zcrypt_queue_compare(zq, pref_zq,
 932                                                  wgt + cpen + qpen, pref_wgt))
 933                                continue;
 934                        pref_zc = zc;
 935                        pref_zq = zq;
 936                        pref_wgt = wgt + cpen + qpen;
 937                }
 938        }
 939        pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
 940        spin_unlock(&zcrypt_list_lock);
 941
 942        if (!pref_zq) {
 943                rc = -ENODEV;
 944                goto out;
 945        }
 946
 947        /* in case of auto select, provide the correct domain */
 948        qid = pref_zq->queue->qid;
 949        if (*domain == AUTOSEL_DOM)
 950                *domain = AP_QID_QUEUE(qid);
 951
 952#ifdef CONFIG_ZCRYPT_DEBUG
 953        if (tr && tr->fi.action == AP_FI_ACTION_CCA_DOM_INVAL) {
 954                ZCRYPT_DBF_WARN("%s fi cmd 0x%04x: forcing invalid domain\n",
 955                                __func__, tr->fi.cmd);
 956                *domain = 99;
 957        }
 958#endif
 959
 960        rc = pref_zq->ops->send_cprb(userspace, pref_zq, xcRB, &ap_msg);
 961
 962        spin_lock(&zcrypt_list_lock);
 963        zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
 964        spin_unlock(&zcrypt_list_lock);
 965
 966out:
 967        ap_release_message(&ap_msg);
 968        if (tr) {
 969                tr->last_rc = rc;
 970                tr->last_qid = qid;
 971        }
 972        trace_s390_zcrypt_rep(xcRB, func_code, rc,
 973                              AP_QID_CARD(qid), AP_QID_QUEUE(qid));
 974        return rc;
 975}
 976
 977long zcrypt_send_cprb(struct ica_xcRB *xcRB)
 978{
 979        return _zcrypt_send_cprb(false, &ap_perms, NULL, xcRB);
 980}
 981EXPORT_SYMBOL(zcrypt_send_cprb);
 982
 983static bool is_desired_ep11_card(unsigned int dev_id,
 984                                 unsigned short target_num,
 985                                 struct ep11_target_dev *targets)
 986{
 987        while (target_num-- > 0) {
 988                if (targets->ap_id == dev_id || targets->ap_id == AUTOSEL_AP)
 989                        return true;
 990                targets++;
 991        }
 992        return false;
 993}
 994
 995static bool is_desired_ep11_queue(unsigned int dev_qid,
 996                                  unsigned short target_num,
 997                                  struct ep11_target_dev *targets)
 998{
 999        int card = AP_QID_CARD(dev_qid), dom = AP_QID_QUEUE(dev_qid);
1000
1001        while (target_num-- > 0) {
1002                if ((targets->ap_id == card || targets->ap_id == AUTOSEL_AP) &&
1003                    (targets->dom_id == dom || targets->dom_id == AUTOSEL_DOM))
1004                        return true;
1005                targets++;
1006        }
1007        return false;
1008}
1009
1010static long _zcrypt_send_ep11_cprb(bool userspace, struct ap_perms *perms,
1011                                   struct zcrypt_track *tr,
1012                                   struct ep11_urb *xcrb)
1013{
1014        struct zcrypt_card *zc, *pref_zc;
1015        struct zcrypt_queue *zq, *pref_zq;
1016        struct ep11_target_dev *targets;
1017        unsigned short target_num;
1018        unsigned int wgt = 0, pref_wgt = 0;
1019        unsigned int func_code;
1020        struct ap_message ap_msg;
1021        int cpen, qpen, qid = 0, rc = -ENODEV;
1022        struct module *mod;
1023
1024        trace_s390_zcrypt_req(xcrb, TP_ZSENDEP11CPRB);
1025
1026        ap_init_message(&ap_msg);
1027
1028#ifdef CONFIG_ZCRYPT_DEBUG
1029        if (tr && tr->fi.cmd)
1030                ap_msg.fi.cmd = tr->fi.cmd;
1031#endif
1032
1033        target_num = (unsigned short) xcrb->targets_num;
1034
1035        /* empty list indicates autoselect (all available targets) */
1036        targets = NULL;
1037        if (target_num != 0) {
1038                struct ep11_target_dev __user *uptr;
1039
1040                targets = kcalloc(target_num, sizeof(*targets), GFP_KERNEL);
1041                if (!targets) {
1042                        func_code = 0;
1043                        rc = -ENOMEM;
1044                        goto out;
1045                }
1046
1047                uptr = (struct ep11_target_dev __force __user *) xcrb->targets;
1048                if (z_copy_from_user(userspace, targets, uptr,
1049                                   target_num * sizeof(*targets))) {
1050                        func_code = 0;
1051                        rc = -EFAULT;
1052                        goto out_free;
1053                }
1054        }
1055
1056        rc = get_ep11cprb_fc(userspace, xcrb, &ap_msg, &func_code);
1057        if (rc)
1058                goto out_free;
1059
1060        pref_zc = NULL;
1061        pref_zq = NULL;
1062        spin_lock(&zcrypt_list_lock);
1063        for_each_zcrypt_card(zc) {
1064                /* Check for useable EP11 card */
1065                if (!zc->online || !zc->card->config ||
1066                    !(zc->card->functions & 0x04000000))
1067                        continue;
1068                /* Check for user selected EP11 card */
1069                if (targets &&
1070                    !is_desired_ep11_card(zc->card->id, target_num, targets))
1071                        continue;
1072                /* check if device node has admission for this card */
1073                if (!zcrypt_check_card(perms, zc->card->id))
1074                        continue;
1075                /* get weight index of the card device  */
1076                wgt = speed_idx_ep11(func_code) * zc->speed_rating[SECKEY];
1077                /* penalty if this msg was previously sent via this card */
1078                cpen = (tr && tr->again_counter && tr->last_qid &&
1079                        AP_QID_CARD(tr->last_qid) == zc->card->id) ?
1080                        TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0;
1081                if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt))
1082                        continue;
1083                for_each_zcrypt_queue(zq, zc) {
1084                        /* check if device is useable and eligible */
1085                        if (!zq->online ||
1086                            !zq->ops->send_ep11_cprb ||
1087                            !zq->queue->config ||
1088                            (targets &&
1089                             !is_desired_ep11_queue(zq->queue->qid,
1090                                                    target_num, targets)))
1091                                continue;
1092                        /* check if device node has admission for this queue */
1093                        if (!zcrypt_check_queue(perms,
1094                                                AP_QID_QUEUE(zq->queue->qid)))
1095                                continue;
1096                        /* penalty if the msg was previously sent at this qid */
1097                        qpen = (tr && tr->again_counter && tr->last_qid &&
1098                                tr->last_qid == zq->queue->qid) ?
1099                                TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0;
1100                        if (!zcrypt_queue_compare(zq, pref_zq,
1101                                                  wgt + cpen + qpen, pref_wgt))
1102                                continue;
1103                        pref_zc = zc;
1104                        pref_zq = zq;
1105                        pref_wgt = wgt + cpen + qpen;
1106                }
1107        }
1108        pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
1109        spin_unlock(&zcrypt_list_lock);
1110
1111        if (!pref_zq) {
1112                rc = -ENODEV;
1113                goto out_free;
1114        }
1115
1116        qid = pref_zq->queue->qid;
1117        rc = pref_zq->ops->send_ep11_cprb(userspace, pref_zq, xcrb, &ap_msg);
1118
1119        spin_lock(&zcrypt_list_lock);
1120        zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
1121        spin_unlock(&zcrypt_list_lock);
1122
1123out_free:
1124        kfree(targets);
1125out:
1126        ap_release_message(&ap_msg);
1127        if (tr) {
1128                tr->last_rc = rc;
1129                tr->last_qid = qid;
1130        }
1131        trace_s390_zcrypt_rep(xcrb, func_code, rc,
1132                              AP_QID_CARD(qid), AP_QID_QUEUE(qid));
1133        return rc;
1134}
1135
1136long zcrypt_send_ep11_cprb(struct ep11_urb *xcrb)
1137{
1138        return _zcrypt_send_ep11_cprb(false, &ap_perms, NULL, xcrb);
1139}
1140EXPORT_SYMBOL(zcrypt_send_ep11_cprb);
1141
1142static long zcrypt_rng(char *buffer)
1143{
1144        struct zcrypt_card *zc, *pref_zc;
1145        struct zcrypt_queue *zq, *pref_zq;
1146        unsigned int wgt = 0, pref_wgt = 0;
1147        unsigned int func_code;
1148        struct ap_message ap_msg;
1149        unsigned int domain;
1150        int qid = 0, rc = -ENODEV;
1151        struct module *mod;
1152
1153        trace_s390_zcrypt_req(buffer, TP_HWRNGCPRB);
1154
1155        ap_init_message(&ap_msg);
1156        rc = get_rng_fc(&ap_msg, &func_code, &domain);
1157        if (rc)
1158                goto out;
1159
1160        pref_zc = NULL;
1161        pref_zq = NULL;
1162        spin_lock(&zcrypt_list_lock);
1163        for_each_zcrypt_card(zc) {
1164                /* Check for useable CCA card */
1165                if (!zc->online || !zc->card->config ||
1166                    !(zc->card->functions & 0x10000000))
1167                        continue;
1168                /* get weight index of the card device  */
1169                wgt = zc->speed_rating[func_code];
1170                if (!zcrypt_card_compare(zc, pref_zc, wgt, pref_wgt))
1171                        continue;
1172                for_each_zcrypt_queue(zq, zc) {
1173                        /* check if device is useable and eligible */
1174                        if (!zq->online || !zq->ops->rng ||
1175                            !zq->queue->config)
1176                                continue;
1177                        if (!zcrypt_queue_compare(zq, pref_zq, wgt, pref_wgt))
1178                                continue;
1179                        pref_zc = zc;
1180                        pref_zq = zq;
1181                        pref_wgt = wgt;
1182                }
1183        }
1184        pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
1185        spin_unlock(&zcrypt_list_lock);
1186
1187        if (!pref_zq) {
1188                rc = -ENODEV;
1189                goto out;
1190        }
1191
1192        qid = pref_zq->queue->qid;
1193        rc = pref_zq->ops->rng(pref_zq, buffer, &ap_msg);
1194
1195        spin_lock(&zcrypt_list_lock);
1196        zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
1197        spin_unlock(&zcrypt_list_lock);
1198
1199out:
1200        ap_release_message(&ap_msg);
1201        trace_s390_zcrypt_rep(buffer, func_code, rc,
1202                              AP_QID_CARD(qid), AP_QID_QUEUE(qid));
1203        return rc;
1204}
1205
1206static void zcrypt_device_status_mask(struct zcrypt_device_status *devstatus)
1207{
1208        struct zcrypt_card *zc;
1209        struct zcrypt_queue *zq;
1210        struct zcrypt_device_status *stat;
1211        int card, queue;
1212
1213        memset(devstatus, 0, MAX_ZDEV_ENTRIES
1214               * sizeof(struct zcrypt_device_status));
1215
1216        spin_lock(&zcrypt_list_lock);
1217        for_each_zcrypt_card(zc) {
1218                for_each_zcrypt_queue(zq, zc) {
1219                        card = AP_QID_CARD(zq->queue->qid);
1220                        if (card >= MAX_ZDEV_CARDIDS)
1221                                continue;
1222                        queue = AP_QID_QUEUE(zq->queue->qid);
1223                        stat = &devstatus[card * AP_DOMAINS + queue];
1224                        stat->hwtype = zc->card->ap_dev.device_type;
1225                        stat->functions = zc->card->functions >> 26;
1226                        stat->qid = zq->queue->qid;
1227                        stat->online = zq->online ? 0x01 : 0x00;
1228                }
1229        }
1230        spin_unlock(&zcrypt_list_lock);
1231}
1232
1233void zcrypt_device_status_mask_ext(struct zcrypt_device_status_ext *devstatus)
1234{
1235        struct zcrypt_card *zc;
1236        struct zcrypt_queue *zq;
1237        struct zcrypt_device_status_ext *stat;
1238        int card, queue;
1239
1240        memset(devstatus, 0, MAX_ZDEV_ENTRIES_EXT
1241               * sizeof(struct zcrypt_device_status_ext));
1242
1243        spin_lock(&zcrypt_list_lock);
1244        for_each_zcrypt_card(zc) {
1245                for_each_zcrypt_queue(zq, zc) {
1246                        card = AP_QID_CARD(zq->queue->qid);
1247                        queue = AP_QID_QUEUE(zq->queue->qid);
1248                        stat = &devstatus[card * AP_DOMAINS + queue];
1249                        stat->hwtype = zc->card->ap_dev.device_type;
1250                        stat->functions = zc->card->functions >> 26;
1251                        stat->qid = zq->queue->qid;
1252                        stat->online = zq->online ? 0x01 : 0x00;
1253                }
1254        }
1255        spin_unlock(&zcrypt_list_lock);
1256}
1257EXPORT_SYMBOL(zcrypt_device_status_mask_ext);
1258
1259int zcrypt_device_status_ext(int card, int queue,
1260                             struct zcrypt_device_status_ext *devstat)
1261{
1262        struct zcrypt_card *zc;
1263        struct zcrypt_queue *zq;
1264
1265        memset(devstat, 0, sizeof(*devstat));
1266
1267        spin_lock(&zcrypt_list_lock);
1268        for_each_zcrypt_card(zc) {
1269                for_each_zcrypt_queue(zq, zc) {
1270                        if (card == AP_QID_CARD(zq->queue->qid) &&
1271                            queue == AP_QID_QUEUE(zq->queue->qid)) {
1272                                devstat->hwtype = zc->card->ap_dev.device_type;
1273                                devstat->functions = zc->card->functions >> 26;
1274                                devstat->qid = zq->queue->qid;
1275                                devstat->online = zq->online ? 0x01 : 0x00;
1276                                spin_unlock(&zcrypt_list_lock);
1277                                return 0;
1278                        }
1279                }
1280        }
1281        spin_unlock(&zcrypt_list_lock);
1282
1283        return -ENODEV;
1284}
1285EXPORT_SYMBOL(zcrypt_device_status_ext);
1286
1287static void zcrypt_status_mask(char status[], size_t max_adapters)
1288{
1289        struct zcrypt_card *zc;
1290        struct zcrypt_queue *zq;
1291        int card;
1292
1293        memset(status, 0, max_adapters);
1294        spin_lock(&zcrypt_list_lock);
1295        for_each_zcrypt_card(zc) {
1296                for_each_zcrypt_queue(zq, zc) {
1297                        card = AP_QID_CARD(zq->queue->qid);
1298                        if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index
1299                            || card >= max_adapters)
1300                                continue;
1301                        status[card] = zc->online ? zc->user_space_type : 0x0d;
1302                }
1303        }
1304        spin_unlock(&zcrypt_list_lock);
1305}
1306
1307static void zcrypt_qdepth_mask(char qdepth[], size_t max_adapters)
1308{
1309        struct zcrypt_card *zc;
1310        struct zcrypt_queue *zq;
1311        int card;
1312
1313        memset(qdepth, 0, max_adapters);
1314        spin_lock(&zcrypt_list_lock);
1315        local_bh_disable();
1316        for_each_zcrypt_card(zc) {
1317                for_each_zcrypt_queue(zq, zc) {
1318                        card = AP_QID_CARD(zq->queue->qid);
1319                        if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index
1320                            || card >= max_adapters)
1321                                continue;
1322                        spin_lock(&zq->queue->lock);
1323                        qdepth[card] =
1324                                zq->queue->pendingq_count +
1325                                zq->queue->requestq_count;
1326                        spin_unlock(&zq->queue->lock);
1327                }
1328        }
1329        local_bh_enable();
1330        spin_unlock(&zcrypt_list_lock);
1331}
1332
1333static void zcrypt_perdev_reqcnt(u32 reqcnt[], size_t max_adapters)
1334{
1335        struct zcrypt_card *zc;
1336        struct zcrypt_queue *zq;
1337        int card;
1338        u64 cnt;
1339
1340        memset(reqcnt, 0, sizeof(int) * max_adapters);
1341        spin_lock(&zcrypt_list_lock);
1342        local_bh_disable();
1343        for_each_zcrypt_card(zc) {
1344                for_each_zcrypt_queue(zq, zc) {
1345                        card = AP_QID_CARD(zq->queue->qid);
1346                        if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index
1347                            || card >= max_adapters)
1348                                continue;
1349                        spin_lock(&zq->queue->lock);
1350                        cnt = zq->queue->total_request_count;
1351                        spin_unlock(&zq->queue->lock);
1352                        reqcnt[card] = (cnt < UINT_MAX) ? (u32) cnt : UINT_MAX;
1353                }
1354        }
1355        local_bh_enable();
1356        spin_unlock(&zcrypt_list_lock);
1357}
1358
1359static int zcrypt_pendingq_count(void)
1360{
1361        struct zcrypt_card *zc;
1362        struct zcrypt_queue *zq;
1363        int pendingq_count;
1364
1365        pendingq_count = 0;
1366        spin_lock(&zcrypt_list_lock);
1367        local_bh_disable();
1368        for_each_zcrypt_card(zc) {
1369                for_each_zcrypt_queue(zq, zc) {
1370                        if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index)
1371                                continue;
1372                        spin_lock(&zq->queue->lock);
1373                        pendingq_count += zq->queue->pendingq_count;
1374                        spin_unlock(&zq->queue->lock);
1375                }
1376        }
1377        local_bh_enable();
1378        spin_unlock(&zcrypt_list_lock);
1379        return pendingq_count;
1380}
1381
1382static int zcrypt_requestq_count(void)
1383{
1384        struct zcrypt_card *zc;
1385        struct zcrypt_queue *zq;
1386        int requestq_count;
1387
1388        requestq_count = 0;
1389        spin_lock(&zcrypt_list_lock);
1390        local_bh_disable();
1391        for_each_zcrypt_card(zc) {
1392                for_each_zcrypt_queue(zq, zc) {
1393                        if (AP_QID_QUEUE(zq->queue->qid) != ap_domain_index)
1394                                continue;
1395                        spin_lock(&zq->queue->lock);
1396                        requestq_count += zq->queue->requestq_count;
1397                        spin_unlock(&zq->queue->lock);
1398                }
1399        }
1400        local_bh_enable();
1401        spin_unlock(&zcrypt_list_lock);
1402        return requestq_count;
1403}
1404
1405static int icarsamodexpo_ioctl(struct ap_perms *perms, unsigned long arg)
1406{
1407        int rc;
1408        struct zcrypt_track tr;
1409        struct ica_rsa_modexpo mex;
1410        struct ica_rsa_modexpo __user *umex = (void __user *) arg;
1411
1412        memset(&tr, 0, sizeof(tr));
1413        if (copy_from_user(&mex, umex, sizeof(mex)))
1414                return -EFAULT;
1415
1416#ifdef CONFIG_ZCRYPT_DEBUG
1417        if (mex.inputdatalength & (1U << 31)) {
1418                if (!capable(CAP_SYS_ADMIN))
1419                        return -EPERM;
1420                tr.fi.cmd = (u16)(mex.inputdatalength >> 16);
1421        }
1422        mex.inputdatalength &= 0x0000FFFF;
1423#endif
1424
1425        do {
1426                rc = zcrypt_rsa_modexpo(perms, &tr, &mex);
1427                if (rc == -EAGAIN)
1428                        tr.again_counter++;
1429#ifdef CONFIG_ZCRYPT_DEBUG
1430                if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY))
1431                        break;
1432#endif
1433        } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1434        /* on failure: retry once again after a requested rescan */
1435        if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1436                do {
1437                        rc = zcrypt_rsa_modexpo(perms, &tr, &mex);
1438                        if (rc == -EAGAIN)
1439                                tr.again_counter++;
1440                } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1441        if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1442                rc = -EIO;
1443        if (rc) {
1444                ZCRYPT_DBF(DBF_DEBUG, "ioctl ICARSAMODEXPO rc=%d\n", rc);
1445                return rc;
1446        }
1447        return put_user(mex.outputdatalength, &umex->outputdatalength);
1448}
1449
1450static int icarsacrt_ioctl(struct ap_perms *perms, unsigned long arg)
1451{
1452        int rc;
1453        struct zcrypt_track tr;
1454        struct ica_rsa_modexpo_crt crt;
1455        struct ica_rsa_modexpo_crt __user *ucrt = (void __user *) arg;
1456
1457        memset(&tr, 0, sizeof(tr));
1458        if (copy_from_user(&crt, ucrt, sizeof(crt)))
1459                return -EFAULT;
1460
1461#ifdef CONFIG_ZCRYPT_DEBUG
1462        if (crt.inputdatalength & (1U << 31)) {
1463                if (!capable(CAP_SYS_ADMIN))
1464                        return -EPERM;
1465                tr.fi.cmd = (u16)(crt.inputdatalength >> 16);
1466        }
1467        crt.inputdatalength &= 0x0000FFFF;
1468#endif
1469
1470        do {
1471                rc = zcrypt_rsa_crt(perms, &tr, &crt);
1472                if (rc == -EAGAIN)
1473                        tr.again_counter++;
1474#ifdef CONFIG_ZCRYPT_DEBUG
1475                if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY))
1476                        break;
1477#endif
1478        } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1479        /* on failure: retry once again after a requested rescan */
1480        if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1481                do {
1482                        rc = zcrypt_rsa_crt(perms, &tr, &crt);
1483                        if (rc == -EAGAIN)
1484                                tr.again_counter++;
1485                } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1486        if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1487                rc = -EIO;
1488        if (rc) {
1489                ZCRYPT_DBF(DBF_DEBUG, "ioctl ICARSACRT rc=%d\n", rc);
1490                return rc;
1491        }
1492        return put_user(crt.outputdatalength, &ucrt->outputdatalength);
1493}
1494
1495static int zsecsendcprb_ioctl(struct ap_perms *perms, unsigned long arg)
1496{
1497        int rc;
1498        struct ica_xcRB xcRB;
1499        struct zcrypt_track tr;
1500        struct ica_xcRB __user *uxcRB = (void __user *) arg;
1501
1502        memset(&tr, 0, sizeof(tr));
1503        if (copy_from_user(&xcRB, uxcRB, sizeof(xcRB)))
1504                return -EFAULT;
1505
1506#ifdef CONFIG_ZCRYPT_DEBUG
1507        if (xcRB.status & (1U << 31)) {
1508                if (!capable(CAP_SYS_ADMIN))
1509                        return -EPERM;
1510                tr.fi.cmd = (u16)(xcRB.status >> 16);
1511        }
1512        xcRB.status &= 0x0000FFFF;
1513#endif
1514
1515        do {
1516                rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB);
1517                if (rc == -EAGAIN)
1518                        tr.again_counter++;
1519#ifdef CONFIG_ZCRYPT_DEBUG
1520                if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY))
1521                        break;
1522#endif
1523        } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1524        /* on failure: retry once again after a requested rescan */
1525        if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1526                do {
1527                        rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB);
1528                        if (rc == -EAGAIN)
1529                                tr.again_counter++;
1530                } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1531        if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1532                rc = -EIO;
1533        if (rc)
1534                ZCRYPT_DBF(DBF_DEBUG, "ioctl ZSENDCPRB rc=%d status=0x%x\n",
1535                           rc, xcRB.status);
1536        if (copy_to_user(uxcRB, &xcRB, sizeof(xcRB)))
1537                return -EFAULT;
1538        return rc;
1539}
1540
1541static int zsendep11cprb_ioctl(struct ap_perms *perms, unsigned long arg)
1542{
1543        int rc;
1544        struct ep11_urb xcrb;
1545        struct zcrypt_track tr;
1546        struct ep11_urb __user *uxcrb = (void __user *)arg;
1547
1548        memset(&tr, 0, sizeof(tr));
1549        if (copy_from_user(&xcrb, uxcrb, sizeof(xcrb)))
1550                return -EFAULT;
1551
1552#ifdef CONFIG_ZCRYPT_DEBUG
1553        if (xcrb.req_len & (1ULL << 63)) {
1554                if (!capable(CAP_SYS_ADMIN))
1555                        return -EPERM;
1556                tr.fi.cmd = (u16)(xcrb.req_len >> 48);
1557        }
1558        xcrb.req_len &= 0x0000FFFFFFFFFFFFULL;
1559#endif
1560
1561        do {
1562                rc = _zcrypt_send_ep11_cprb(true, perms, &tr, &xcrb);
1563                if (rc == -EAGAIN)
1564                        tr.again_counter++;
1565#ifdef CONFIG_ZCRYPT_DEBUG
1566                if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY))
1567                        break;
1568#endif
1569        } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1570        /* on failure: retry once again after a requested rescan */
1571        if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1572                do {
1573                        rc = _zcrypt_send_ep11_cprb(true, perms, &tr, &xcrb);
1574                        if (rc == -EAGAIN)
1575                                tr.again_counter++;
1576                } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1577        if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1578                rc = -EIO;
1579        if (rc)
1580                ZCRYPT_DBF(DBF_DEBUG, "ioctl ZSENDEP11CPRB rc=%d\n", rc);
1581        if (copy_to_user(uxcrb, &xcrb, sizeof(xcrb)))
1582                return -EFAULT;
1583        return rc;
1584}
1585
1586static long zcrypt_unlocked_ioctl(struct file *filp, unsigned int cmd,
1587                                  unsigned long arg)
1588{
1589        int rc;
1590        struct ap_perms *perms =
1591                (struct ap_perms *) filp->private_data;
1592
1593        rc = zcrypt_check_ioctl(perms, cmd);
1594        if (rc)
1595                return rc;
1596
1597        switch (cmd) {
1598        case ICARSAMODEXPO:
1599                return icarsamodexpo_ioctl(perms, arg);
1600        case ICARSACRT:
1601                return icarsacrt_ioctl(perms, arg);
1602        case ZSECSENDCPRB:
1603                return zsecsendcprb_ioctl(perms, arg);
1604        case ZSENDEP11CPRB:
1605                return zsendep11cprb_ioctl(perms, arg);
1606        case ZCRYPT_DEVICE_STATUS: {
1607                struct zcrypt_device_status_ext *device_status;
1608                size_t total_size = MAX_ZDEV_ENTRIES_EXT
1609                        * sizeof(struct zcrypt_device_status_ext);
1610
1611                device_status = kzalloc(total_size, GFP_KERNEL);
1612                if (!device_status)
1613                        return -ENOMEM;
1614                zcrypt_device_status_mask_ext(device_status);
1615                if (copy_to_user((char __user *) arg, device_status,
1616                                 total_size))
1617                        rc = -EFAULT;
1618                kfree(device_status);
1619                return rc;
1620        }
1621        case ZCRYPT_STATUS_MASK: {
1622                char status[AP_DEVICES];
1623
1624                zcrypt_status_mask(status, AP_DEVICES);
1625                if (copy_to_user((char __user *) arg, status, sizeof(status)))
1626                        return -EFAULT;
1627                return 0;
1628        }
1629        case ZCRYPT_QDEPTH_MASK: {
1630                char qdepth[AP_DEVICES];
1631
1632                zcrypt_qdepth_mask(qdepth, AP_DEVICES);
1633                if (copy_to_user((char __user *) arg, qdepth, sizeof(qdepth)))
1634                        return -EFAULT;
1635                return 0;
1636        }
1637        case ZCRYPT_PERDEV_REQCNT: {
1638                u32 *reqcnt;
1639
1640                reqcnt = kcalloc(AP_DEVICES, sizeof(u32), GFP_KERNEL);
1641                if (!reqcnt)
1642                        return -ENOMEM;
1643                zcrypt_perdev_reqcnt(reqcnt, AP_DEVICES);
1644                if (copy_to_user((int __user *) arg, reqcnt,
1645                                 sizeof(u32) * AP_DEVICES))
1646                        rc = -EFAULT;
1647                kfree(reqcnt);
1648                return rc;
1649        }
1650        case Z90STAT_REQUESTQ_COUNT:
1651                return put_user(zcrypt_requestq_count(), (int __user *) arg);
1652        case Z90STAT_PENDINGQ_COUNT:
1653                return put_user(zcrypt_pendingq_count(), (int __user *) arg);
1654        case Z90STAT_TOTALOPEN_COUNT:
1655                return put_user(atomic_read(&zcrypt_open_count),
1656                                (int __user *) arg);
1657        case Z90STAT_DOMAIN_INDEX:
1658                return put_user(ap_domain_index, (int __user *) arg);
1659        /*
1660         * Deprecated ioctls
1661         */
1662        case ZDEVICESTATUS: {
1663                /* the old ioctl supports only 64 adapters */
1664                struct zcrypt_device_status *device_status;
1665                size_t total_size = MAX_ZDEV_ENTRIES
1666                        * sizeof(struct zcrypt_device_status);
1667
1668                device_status = kzalloc(total_size, GFP_KERNEL);
1669                if (!device_status)
1670                        return -ENOMEM;
1671                zcrypt_device_status_mask(device_status);
1672                if (copy_to_user((char __user *) arg, device_status,
1673                                 total_size))
1674                        rc = -EFAULT;
1675                kfree(device_status);
1676                return rc;
1677        }
1678        case Z90STAT_STATUS_MASK: {
1679                /* the old ioctl supports only 64 adapters */
1680                char status[MAX_ZDEV_CARDIDS];
1681
1682                zcrypt_status_mask(status, MAX_ZDEV_CARDIDS);
1683                if (copy_to_user((char __user *) arg, status, sizeof(status)))
1684                        return -EFAULT;
1685                return 0;
1686        }
1687        case Z90STAT_QDEPTH_MASK: {
1688                /* the old ioctl supports only 64 adapters */
1689                char qdepth[MAX_ZDEV_CARDIDS];
1690
1691                zcrypt_qdepth_mask(qdepth, MAX_ZDEV_CARDIDS);
1692                if (copy_to_user((char __user *) arg, qdepth, sizeof(qdepth)))
1693                        return -EFAULT;
1694                return 0;
1695        }
1696        case Z90STAT_PERDEV_REQCNT: {
1697                /* the old ioctl supports only 64 adapters */
1698                u32 reqcnt[MAX_ZDEV_CARDIDS];
1699
1700                zcrypt_perdev_reqcnt(reqcnt, MAX_ZDEV_CARDIDS);
1701                if (copy_to_user((int __user *) arg, reqcnt, sizeof(reqcnt)))
1702                        return -EFAULT;
1703                return 0;
1704        }
1705        /* unknown ioctl number */
1706        default:
1707                ZCRYPT_DBF(DBF_DEBUG, "unknown ioctl 0x%08x\n", cmd);
1708                return -ENOIOCTLCMD;
1709        }
1710}
1711
1712#ifdef CONFIG_COMPAT
1713/*
1714 * ioctl32 conversion routines
1715 */
1716struct compat_ica_rsa_modexpo {
1717        compat_uptr_t   inputdata;
1718        unsigned int    inputdatalength;
1719        compat_uptr_t   outputdata;
1720        unsigned int    outputdatalength;
1721        compat_uptr_t   b_key;
1722        compat_uptr_t   n_modulus;
1723};
1724
1725static long trans_modexpo32(struct ap_perms *perms, struct file *filp,
1726                            unsigned int cmd, unsigned long arg)
1727{
1728        struct compat_ica_rsa_modexpo __user *umex32 = compat_ptr(arg);
1729        struct compat_ica_rsa_modexpo mex32;
1730        struct ica_rsa_modexpo mex64;
1731        struct zcrypt_track tr;
1732        long rc;
1733
1734        memset(&tr, 0, sizeof(tr));
1735        if (copy_from_user(&mex32, umex32, sizeof(mex32)))
1736                return -EFAULT;
1737        mex64.inputdata = compat_ptr(mex32.inputdata);
1738        mex64.inputdatalength = mex32.inputdatalength;
1739        mex64.outputdata = compat_ptr(mex32.outputdata);
1740        mex64.outputdatalength = mex32.outputdatalength;
1741        mex64.b_key = compat_ptr(mex32.b_key);
1742        mex64.n_modulus = compat_ptr(mex32.n_modulus);
1743        do {
1744                rc = zcrypt_rsa_modexpo(perms, &tr, &mex64);
1745                if (rc == -EAGAIN)
1746                        tr.again_counter++;
1747        } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1748        /* on failure: retry once again after a requested rescan */
1749        if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1750                do {
1751                        rc = zcrypt_rsa_modexpo(perms, &tr, &mex64);
1752                        if (rc == -EAGAIN)
1753                                tr.again_counter++;
1754                } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1755        if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1756                rc = -EIO;
1757        if (rc)
1758                return rc;
1759        return put_user(mex64.outputdatalength,
1760                        &umex32->outputdatalength);
1761}
1762
1763struct compat_ica_rsa_modexpo_crt {
1764        compat_uptr_t   inputdata;
1765        unsigned int    inputdatalength;
1766        compat_uptr_t   outputdata;
1767        unsigned int    outputdatalength;
1768        compat_uptr_t   bp_key;
1769        compat_uptr_t   bq_key;
1770        compat_uptr_t   np_prime;
1771        compat_uptr_t   nq_prime;
1772        compat_uptr_t   u_mult_inv;
1773};
1774
1775static long trans_modexpo_crt32(struct ap_perms *perms, struct file *filp,
1776                                unsigned int cmd, unsigned long arg)
1777{
1778        struct compat_ica_rsa_modexpo_crt __user *ucrt32 = compat_ptr(arg);
1779        struct compat_ica_rsa_modexpo_crt crt32;
1780        struct ica_rsa_modexpo_crt crt64;
1781        struct zcrypt_track tr;
1782        long rc;
1783
1784        memset(&tr, 0, sizeof(tr));
1785        if (copy_from_user(&crt32, ucrt32, sizeof(crt32)))
1786                return -EFAULT;
1787        crt64.inputdata = compat_ptr(crt32.inputdata);
1788        crt64.inputdatalength = crt32.inputdatalength;
1789        crt64.outputdata = compat_ptr(crt32.outputdata);
1790        crt64.outputdatalength = crt32.outputdatalength;
1791        crt64.bp_key = compat_ptr(crt32.bp_key);
1792        crt64.bq_key = compat_ptr(crt32.bq_key);
1793        crt64.np_prime = compat_ptr(crt32.np_prime);
1794        crt64.nq_prime = compat_ptr(crt32.nq_prime);
1795        crt64.u_mult_inv = compat_ptr(crt32.u_mult_inv);
1796        do {
1797                rc = zcrypt_rsa_crt(perms, &tr, &crt64);
1798                if (rc == -EAGAIN)
1799                        tr.again_counter++;
1800        } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1801        /* on failure: retry once again after a requested rescan */
1802        if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1803                do {
1804                        rc = zcrypt_rsa_crt(perms, &tr, &crt64);
1805                        if (rc == -EAGAIN)
1806                                tr.again_counter++;
1807                } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1808        if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1809                rc = -EIO;
1810        if (rc)
1811                return rc;
1812        return put_user(crt64.outputdatalength,
1813                        &ucrt32->outputdatalength);
1814}
1815
1816struct compat_ica_xcRB {
1817        unsigned short  agent_ID;
1818        unsigned int    user_defined;
1819        unsigned short  request_ID;
1820        unsigned int    request_control_blk_length;
1821        unsigned char   padding1[16 - sizeof(compat_uptr_t)];
1822        compat_uptr_t   request_control_blk_addr;
1823        unsigned int    request_data_length;
1824        char            padding2[16 - sizeof(compat_uptr_t)];
1825        compat_uptr_t   request_data_address;
1826        unsigned int    reply_control_blk_length;
1827        char            padding3[16 - sizeof(compat_uptr_t)];
1828        compat_uptr_t   reply_control_blk_addr;
1829        unsigned int    reply_data_length;
1830        char            padding4[16 - sizeof(compat_uptr_t)];
1831        compat_uptr_t   reply_data_addr;
1832        unsigned short  priority_window;
1833        unsigned int    status;
1834} __packed;
1835
1836static long trans_xcRB32(struct ap_perms *perms, struct file *filp,
1837                         unsigned int cmd, unsigned long arg)
1838{
1839        struct compat_ica_xcRB __user *uxcRB32 = compat_ptr(arg);
1840        struct compat_ica_xcRB xcRB32;
1841        struct zcrypt_track tr;
1842        struct ica_xcRB xcRB64;
1843        long rc;
1844
1845        memset(&tr, 0, sizeof(tr));
1846        if (copy_from_user(&xcRB32, uxcRB32, sizeof(xcRB32)))
1847                return -EFAULT;
1848        xcRB64.agent_ID = xcRB32.agent_ID;
1849        xcRB64.user_defined = xcRB32.user_defined;
1850        xcRB64.request_ID = xcRB32.request_ID;
1851        xcRB64.request_control_blk_length =
1852                xcRB32.request_control_blk_length;
1853        xcRB64.request_control_blk_addr =
1854                compat_ptr(xcRB32.request_control_blk_addr);
1855        xcRB64.request_data_length =
1856                xcRB32.request_data_length;
1857        xcRB64.request_data_address =
1858                compat_ptr(xcRB32.request_data_address);
1859        xcRB64.reply_control_blk_length =
1860                xcRB32.reply_control_blk_length;
1861        xcRB64.reply_control_blk_addr =
1862                compat_ptr(xcRB32.reply_control_blk_addr);
1863        xcRB64.reply_data_length = xcRB32.reply_data_length;
1864        xcRB64.reply_data_addr =
1865                compat_ptr(xcRB32.reply_data_addr);
1866        xcRB64.priority_window = xcRB32.priority_window;
1867        xcRB64.status = xcRB32.status;
1868        do {
1869                rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB64);
1870                if (rc == -EAGAIN)
1871                        tr.again_counter++;
1872        } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1873        /* on failure: retry once again after a requested rescan */
1874        if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1875                do {
1876                        rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB64);
1877                        if (rc == -EAGAIN)
1878                                tr.again_counter++;
1879                } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1880        if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1881                rc = -EIO;
1882        xcRB32.reply_control_blk_length = xcRB64.reply_control_blk_length;
1883        xcRB32.reply_data_length = xcRB64.reply_data_length;
1884        xcRB32.status = xcRB64.status;
1885        if (copy_to_user(uxcRB32, &xcRB32, sizeof(xcRB32)))
1886                return -EFAULT;
1887        return rc;
1888}
1889
1890static long zcrypt_compat_ioctl(struct file *filp, unsigned int cmd,
1891                         unsigned long arg)
1892{
1893        int rc;
1894        struct ap_perms *perms =
1895                (struct ap_perms *) filp->private_data;
1896
1897        rc = zcrypt_check_ioctl(perms, cmd);
1898        if (rc)
1899                return rc;
1900
1901        if (cmd == ICARSAMODEXPO)
1902                return trans_modexpo32(perms, filp, cmd, arg);
1903        if (cmd == ICARSACRT)
1904                return trans_modexpo_crt32(perms, filp, cmd, arg);
1905        if (cmd == ZSECSENDCPRB)
1906                return trans_xcRB32(perms, filp, cmd, arg);
1907        return zcrypt_unlocked_ioctl(filp, cmd, arg);
1908}
1909#endif
1910
1911/*
1912 * Misc device file operations.
1913 */
1914static const struct file_operations zcrypt_fops = {
1915        .owner          = THIS_MODULE,
1916        .read           = zcrypt_read,
1917        .write          = zcrypt_write,
1918        .unlocked_ioctl = zcrypt_unlocked_ioctl,
1919#ifdef CONFIG_COMPAT
1920        .compat_ioctl   = zcrypt_compat_ioctl,
1921#endif
1922        .open           = zcrypt_open,
1923        .release        = zcrypt_release,
1924        .llseek         = no_llseek,
1925};
1926
1927/*
1928 * Misc device.
1929 */
1930static struct miscdevice zcrypt_misc_device = {
1931        .minor      = MISC_DYNAMIC_MINOR,
1932        .name       = "z90crypt",
1933        .fops       = &zcrypt_fops,
1934};
1935
1936static int zcrypt_rng_device_count;
1937static u32 *zcrypt_rng_buffer;
1938static int zcrypt_rng_buffer_index;
1939static DEFINE_MUTEX(zcrypt_rng_mutex);
1940
1941static int zcrypt_rng_data_read(struct hwrng *rng, u32 *data)
1942{
1943        int rc;
1944
1945        /*
1946         * We don't need locking here because the RNG API guarantees serialized
1947         * read method calls.
1948         */
1949        if (zcrypt_rng_buffer_index == 0) {
1950                rc = zcrypt_rng((char *) zcrypt_rng_buffer);
1951                /* on failure: retry once again after a requested rescan */
1952                if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1953                        rc = zcrypt_rng((char *) zcrypt_rng_buffer);
1954                if (rc < 0)
1955                        return -EIO;
1956                zcrypt_rng_buffer_index = rc / sizeof(*data);
1957        }
1958        *data = zcrypt_rng_buffer[--zcrypt_rng_buffer_index];
1959        return sizeof(*data);
1960}
1961
1962static struct hwrng zcrypt_rng_dev = {
1963        .name           = "zcrypt",
1964        .data_read      = zcrypt_rng_data_read,
1965        .quality        = 990,
1966};
1967
1968int zcrypt_rng_device_add(void)
1969{
1970        int rc = 0;
1971
1972        mutex_lock(&zcrypt_rng_mutex);
1973        if (zcrypt_rng_device_count == 0) {
1974                zcrypt_rng_buffer = (u32 *) get_zeroed_page(GFP_KERNEL);
1975                if (!zcrypt_rng_buffer) {
1976                        rc = -ENOMEM;
1977                        goto out;
1978                }
1979                zcrypt_rng_buffer_index = 0;
1980                if (!zcrypt_hwrng_seed)
1981                        zcrypt_rng_dev.quality = 0;
1982                rc = hwrng_register(&zcrypt_rng_dev);
1983                if (rc)
1984                        goto out_free;
1985                zcrypt_rng_device_count = 1;
1986        } else
1987                zcrypt_rng_device_count++;
1988        mutex_unlock(&zcrypt_rng_mutex);
1989        return 0;
1990
1991out_free:
1992        free_page((unsigned long) zcrypt_rng_buffer);
1993out:
1994        mutex_unlock(&zcrypt_rng_mutex);
1995        return rc;
1996}
1997
1998void zcrypt_rng_device_remove(void)
1999{
2000        mutex_lock(&zcrypt_rng_mutex);
2001        zcrypt_rng_device_count--;
2002        if (zcrypt_rng_device_count == 0) {
2003                hwrng_unregister(&zcrypt_rng_dev);
2004                free_page((unsigned long) zcrypt_rng_buffer);
2005        }
2006        mutex_unlock(&zcrypt_rng_mutex);
2007}
2008
2009/*
2010 * Wait until the zcrypt api is operational.
2011 * The AP bus scan and the binding of ap devices to device drivers is
2012 * an asynchronous job. This function waits until these initial jobs
2013 * are done and so the zcrypt api should be ready to serve crypto
2014 * requests - if there are resources available. The function uses an
2015 * internal timeout of 60s. The very first caller will either wait for
2016 * ap bus bindings complete or the timeout happens. This state will be
2017 * remembered for further callers which will only be blocked until a
2018 * decision is made (timeout or bindings complete).
2019 * On timeout -ETIME is returned, on success the return value is 0.
2020 */
2021int zcrypt_wait_api_operational(void)
2022{
2023        static DEFINE_MUTEX(zcrypt_wait_api_lock);
2024        static int zcrypt_wait_api_state;
2025        int rc;
2026
2027        rc = mutex_lock_interruptible(&zcrypt_wait_api_lock);
2028        if (rc)
2029                return rc;
2030
2031        switch (zcrypt_wait_api_state) {
2032        case 0:
2033                /* initial state, invoke wait for the ap bus complete */
2034                rc = ap_wait_init_apqn_bindings_complete(
2035                        msecs_to_jiffies(60 * 1000));
2036                switch (rc) {
2037                case 0:
2038                        /* ap bus bindings are complete */
2039                        zcrypt_wait_api_state = 1;
2040                        break;
2041                case -EINTR:
2042                        /* interrupted, go back to caller */
2043                        break;
2044                case -ETIME:
2045                        /* timeout */
2046                        ZCRYPT_DBF(DBF_WARN,
2047                                   "%s ap_wait_init_apqn_bindings_complete() returned with ETIME\n",
2048                                   __func__);
2049                        zcrypt_wait_api_state = -ETIME;
2050                        break;
2051                default:
2052                        /* other failure */
2053                        ZCRYPT_DBF(DBF_DEBUG,
2054                                   "%s ap_wait_init_apqn_bindings_complete() failure rc=%d\n",
2055                                   __func__, rc);
2056                        break;
2057                }
2058                break;
2059        case 1:
2060                /* a previous caller already found ap bus bindings complete */
2061                rc = 0;
2062                break;
2063        default:
2064                /* a previous caller had timeout or other failure */
2065                rc = zcrypt_wait_api_state;
2066                break;
2067        }
2068
2069        mutex_unlock(&zcrypt_wait_api_lock);
2070
2071        return rc;
2072}
2073EXPORT_SYMBOL(zcrypt_wait_api_operational);
2074
2075int __init zcrypt_debug_init(void)
2076{
2077        zcrypt_dbf_info = debug_register("zcrypt", 1, 1,
2078                                         DBF_MAX_SPRINTF_ARGS * sizeof(long));
2079        debug_register_view(zcrypt_dbf_info, &debug_sprintf_view);
2080        debug_set_level(zcrypt_dbf_info, DBF_ERR);
2081
2082        return 0;
2083}
2084
2085void zcrypt_debug_exit(void)
2086{
2087        debug_unregister(zcrypt_dbf_info);
2088}
2089
2090#ifdef CONFIG_ZCRYPT_MULTIDEVNODES
2091
2092static int __init zcdn_init(void)
2093{
2094        int rc;
2095
2096        /* create a new class 'zcrypt' */
2097        zcrypt_class = class_create(THIS_MODULE, ZCRYPT_NAME);
2098        if (IS_ERR(zcrypt_class)) {
2099                rc = PTR_ERR(zcrypt_class);
2100                goto out_class_create_failed;
2101        }
2102        zcrypt_class->dev_release = zcdn_device_release;
2103
2104        /* alloc device minor range */
2105        rc = alloc_chrdev_region(&zcrypt_devt,
2106                                 0, ZCRYPT_MAX_MINOR_NODES,
2107                                 ZCRYPT_NAME);
2108        if (rc)
2109                goto out_alloc_chrdev_failed;
2110
2111        cdev_init(&zcrypt_cdev, &zcrypt_fops);
2112        zcrypt_cdev.owner = THIS_MODULE;
2113        rc = cdev_add(&zcrypt_cdev, zcrypt_devt, ZCRYPT_MAX_MINOR_NODES);
2114        if (rc)
2115                goto out_cdev_add_failed;
2116
2117        /* need some class specific sysfs attributes */
2118        rc = class_create_file(zcrypt_class, &class_attr_zcdn_create);
2119        if (rc)
2120                goto out_class_create_file_1_failed;
2121        rc = class_create_file(zcrypt_class, &class_attr_zcdn_destroy);
2122        if (rc)
2123                goto out_class_create_file_2_failed;
2124
2125        return 0;
2126
2127out_class_create_file_2_failed:
2128        class_remove_file(zcrypt_class, &class_attr_zcdn_create);
2129out_class_create_file_1_failed:
2130        cdev_del(&zcrypt_cdev);
2131out_cdev_add_failed:
2132        unregister_chrdev_region(zcrypt_devt, ZCRYPT_MAX_MINOR_NODES);
2133out_alloc_chrdev_failed:
2134        class_destroy(zcrypt_class);
2135out_class_create_failed:
2136        return rc;
2137}
2138
2139static void zcdn_exit(void)
2140{
2141        class_remove_file(zcrypt_class, &class_attr_zcdn_create);
2142        class_remove_file(zcrypt_class, &class_attr_zcdn_destroy);
2143        zcdn_destroy_all();
2144        cdev_del(&zcrypt_cdev);
2145        unregister_chrdev_region(zcrypt_devt, ZCRYPT_MAX_MINOR_NODES);
2146        class_destroy(zcrypt_class);
2147}
2148
2149#endif
2150
2151/**
2152 * zcrypt_api_init(): Module initialization.
2153 *
2154 * The module initialization code.
2155 */
2156int __init zcrypt_api_init(void)
2157{
2158        int rc;
2159
2160        rc = zcrypt_debug_init();
2161        if (rc)
2162                goto out;
2163
2164#ifdef CONFIG_ZCRYPT_MULTIDEVNODES
2165        rc = zcdn_init();
2166        if (rc)
2167                goto out;
2168#endif
2169
2170        /* Register the request sprayer. */
2171        rc = misc_register(&zcrypt_misc_device);
2172        if (rc < 0)
2173                goto out_misc_register_failed;
2174
2175        zcrypt_msgtype6_init();
2176        zcrypt_msgtype50_init();
2177
2178        return 0;
2179
2180out_misc_register_failed:
2181#ifdef CONFIG_ZCRYPT_MULTIDEVNODES
2182        zcdn_exit();
2183#endif
2184        zcrypt_debug_exit();
2185out:
2186        return rc;
2187}
2188
2189/**
2190 * zcrypt_api_exit(): Module termination.
2191 *
2192 * The module termination code.
2193 */
2194void __exit zcrypt_api_exit(void)
2195{
2196#ifdef CONFIG_ZCRYPT_MULTIDEVNODES
2197        zcdn_exit();
2198#endif
2199        misc_deregister(&zcrypt_misc_device);
2200        zcrypt_msgtype6_exit();
2201        zcrypt_msgtype50_exit();
2202        zcrypt_ccamisc_exit();
2203        zcrypt_ep11misc_exit();
2204        zcrypt_debug_exit();
2205}
2206
2207module_init(zcrypt_api_init);
2208module_exit(zcrypt_api_exit);
2209