1 /* 2 * linux/drivers/s390/crypto/zcrypt_api.c 3 * 4 * zcrypt 2.1.0 5 * 6 * Copyright (C) 2001, 2006 IBM Corporation 7 * Author(s): Robert Burroughs 8 * Eric Rossman (edrossma@us.ibm.com) 9 * Cornelia Huck <cornelia.huck@de.ibm.com> 10 * 11 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com) 12 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com> 13 * Ralph Wuerthner <rwuerthn@de.ibm.com> 14 * 15 * This program is free software; you can redistribute it and/or modify 16 * it under the terms of the GNU General Public License as published by 17 * the Free Software Foundation; either version 2, or (at your option) 18 * any later version. 19 * 20 * This program is distributed in the hope that it will be useful, 21 * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 * GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with this program; if not, write to the Free Software 27 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 28 */ 29 30 #include <linux/module.h> 31 #include <linux/init.h> 32 #include <linux/interrupt.h> 33 #include <linux/miscdevice.h> 34 #include <linux/fs.h> 35 #include <linux/proc_fs.h> 36 #include <linux/compat.h> 37 #include <linux/smp_lock.h> 38 #include <asm/atomic.h> 39 #include <asm/uaccess.h> 40 #include <linux/hw_random.h> 41 42 #include "zcrypt_api.h" 43 44 /* 45 * Module description. 46 */ 47 MODULE_AUTHOR("IBM Corporation"); 48 MODULE_DESCRIPTION("Cryptographic Coprocessor interface, " 49 "Copyright 2001, 2006 IBM Corporation"); 50 MODULE_LICENSE("GPL"); 51 52 static DEFINE_SPINLOCK(zcrypt_device_lock); 53 static LIST_HEAD(zcrypt_device_list); 54 static int zcrypt_device_count = 0; 55 static atomic_t zcrypt_open_count = ATOMIC_INIT(0); 56 57 static int zcrypt_rng_device_add(void); 58 static void zcrypt_rng_device_remove(void); 59 60 /* 61 * Device attributes common for all crypto devices. 62 */ 63 static ssize_t zcrypt_type_show(struct device *dev, 64 struct device_attribute *attr, char *buf) 65 { 66 struct zcrypt_device *zdev = to_ap_dev(dev)->private; 67 return snprintf(buf, PAGE_SIZE, "%s\n", zdev->type_string); 68 } 69 70 static DEVICE_ATTR(type, 0444, zcrypt_type_show, NULL); 71 72 static ssize_t zcrypt_online_show(struct device *dev, 73 struct device_attribute *attr, char *buf) 74 { 75 struct zcrypt_device *zdev = to_ap_dev(dev)->private; 76 return snprintf(buf, PAGE_SIZE, "%d\n", zdev->online); 77 } 78 79 static ssize_t zcrypt_online_store(struct device *dev, 80 struct device_attribute *attr, 81 const char *buf, size_t count) 82 { 83 struct zcrypt_device *zdev = to_ap_dev(dev)->private; 84 int online; 85 86 if (sscanf(buf, "%d\n", &online) != 1 || online < 0 || online > 1) 87 return -EINVAL; 88 zdev->online = online; 89 if (!online) 90 ap_flush_queue(zdev->ap_dev); 91 return count; 92 } 93 94 static DEVICE_ATTR(online, 0644, zcrypt_online_show, zcrypt_online_store); 95 96 static struct attribute * zcrypt_device_attrs[] = { 97 &dev_attr_type.attr, 98 &dev_attr_online.attr, 99 NULL, 100 }; 101 102 static struct attribute_group zcrypt_device_attr_group = { 103 .attrs = zcrypt_device_attrs, 104 }; 105 106 /** 107 * __zcrypt_increase_preference(): Increase preference of a crypto device. 108 * @zdev: Pointer the crypto device 109 * 110 * Move the device towards the head of the device list. 111 * Need to be called while holding the zcrypt device list lock. 112 * Note: cards with speed_rating of 0 are kept at the end of the list. 113 */ 114 static void __zcrypt_increase_preference(struct zcrypt_device *zdev) 115 { 116 struct zcrypt_device *tmp; 117 struct list_head *l; 118 119 if (zdev->speed_rating == 0) 120 return; 121 for (l = zdev->list.prev; l != &zcrypt_device_list; l = l->prev) { 122 tmp = list_entry(l, struct zcrypt_device, list); 123 if ((tmp->request_count + 1) * tmp->speed_rating <= 124 (zdev->request_count + 1) * zdev->speed_rating && 125 tmp->speed_rating != 0) 126 break; 127 } 128 if (l == zdev->list.prev) 129 return; 130 /* Move zdev behind l */ 131 list_del(&zdev->list); 132 list_add(&zdev->list, l); 133 } 134 135 /** 136 * __zcrypt_decrease_preference(): Decrease preference of a crypto device. 137 * @zdev: Pointer to a crypto device. 138 * 139 * Move the device towards the tail of the device list. 140 * Need to be called while holding the zcrypt device list lock. 141 * Note: cards with speed_rating of 0 are kept at the end of the list. 142 */ 143 static void __zcrypt_decrease_preference(struct zcrypt_device *zdev) 144 { 145 struct zcrypt_device *tmp; 146 struct list_head *l; 147 148 if (zdev->speed_rating == 0) 149 return; 150 for (l = zdev->list.next; l != &zcrypt_device_list; l = l->next) { 151 tmp = list_entry(l, struct zcrypt_device, list); 152 if ((tmp->request_count + 1) * tmp->speed_rating > 153 (zdev->request_count + 1) * zdev->speed_rating || 154 tmp->speed_rating == 0) 155 break; 156 } 157 if (l == zdev->list.next) 158 return; 159 /* Move zdev before l */ 160 list_del(&zdev->list); 161 list_add_tail(&zdev->list, l); 162 } 163 164 static void zcrypt_device_release(struct kref *kref) 165 { 166 struct zcrypt_device *zdev = 167 container_of(kref, struct zcrypt_device, refcount); 168 zcrypt_device_free(zdev); 169 } 170 171 void zcrypt_device_get(struct zcrypt_device *zdev) 172 { 173 kref_get(&zdev->refcount); 174 } 175 EXPORT_SYMBOL(zcrypt_device_get); 176 177 int zcrypt_device_put(struct zcrypt_device *zdev) 178 { 179 return kref_put(&zdev->refcount, zcrypt_device_release); 180 } 181 EXPORT_SYMBOL(zcrypt_device_put); 182 183 struct zcrypt_device *zcrypt_device_alloc(size_t max_response_size) 184 { 185 struct zcrypt_device *zdev; 186 187 zdev = kzalloc(sizeof(struct zcrypt_device), GFP_KERNEL); 188 if (!zdev) 189 return NULL; 190 zdev->reply.message = kmalloc(max_response_size, GFP_KERNEL); 191 if (!zdev->reply.message) 192 goto out_free; 193 zdev->reply.length = max_response_size; 194 spin_lock_init(&zdev->lock); 195 INIT_LIST_HEAD(&zdev->list); 196 return zdev; 197 198 out_free: 199 kfree(zdev); 200 return NULL; 201 } 202 EXPORT_SYMBOL(zcrypt_device_alloc); 203 204 void zcrypt_device_free(struct zcrypt_device *zdev) 205 { 206 kfree(zdev->reply.message); 207 kfree(zdev); 208 } 209 EXPORT_SYMBOL(zcrypt_device_free); 210 211 /** 212 * zcrypt_device_register() - Register a crypto device. 213 * @zdev: Pointer to a crypto device 214 * 215 * Register a crypto device. Returns 0 if successful. 216 */ 217 int zcrypt_device_register(struct zcrypt_device *zdev) 218 { 219 int rc; 220 221 rc = sysfs_create_group(&zdev->ap_dev->device.kobj, 222 &zcrypt_device_attr_group); 223 if (rc) 224 goto out; 225 get_device(&zdev->ap_dev->device); 226 kref_init(&zdev->refcount); 227 spin_lock_bh(&zcrypt_device_lock); 228 zdev->online = 1; /* New devices are online by default. */ 229 list_add_tail(&zdev->list, &zcrypt_device_list); 230 __zcrypt_increase_preference(zdev); 231 zcrypt_device_count++; 232 spin_unlock_bh(&zcrypt_device_lock); 233 if (zdev->ops->rng) { 234 rc = zcrypt_rng_device_add(); 235 if (rc) 236 goto out_unregister; 237 } 238 return 0; 239 240 out_unregister: 241 spin_lock_bh(&zcrypt_device_lock); 242 zcrypt_device_count--; 243 list_del_init(&zdev->list); 244 spin_unlock_bh(&zcrypt_device_lock); 245 sysfs_remove_group(&zdev->ap_dev->device.kobj, 246 &zcrypt_device_attr_group); 247 put_device(&zdev->ap_dev->device); 248 zcrypt_device_put(zdev); 249 out: 250 return rc; 251 } 252 EXPORT_SYMBOL(zcrypt_device_register); 253 254 /** 255 * zcrypt_device_unregister(): Unregister a crypto device. 256 * @zdev: Pointer to crypto device 257 * 258 * Unregister a crypto device. 259 */ 260 void zcrypt_device_unregister(struct zcrypt_device *zdev) 261 { 262 if (zdev->ops->rng) 263 zcrypt_rng_device_remove(); 264 spin_lock_bh(&zcrypt_device_lock); 265 zcrypt_device_count--; 266 list_del_init(&zdev->list); 267 spin_unlock_bh(&zcrypt_device_lock); 268 sysfs_remove_group(&zdev->ap_dev->device.kobj, 269 &zcrypt_device_attr_group); 270 put_device(&zdev->ap_dev->device); 271 zcrypt_device_put(zdev); 272 } 273 EXPORT_SYMBOL(zcrypt_device_unregister); 274 275 /** 276 * zcrypt_read (): Not supported beyond zcrypt 1.3.1. 277 * 278 * This function is not supported beyond zcrypt 1.3.1. 279 */ 280 static ssize_t zcrypt_read(struct file *filp, char __user *buf, 281 size_t count, loff_t *f_pos) 282 { 283 return -EPERM; 284 } 285 286 /** 287 * zcrypt_write(): Not allowed. 288 * 289 * Write is is not allowed 290 */ 291 static ssize_t zcrypt_write(struct file *filp, const char __user *buf, 292 size_t count, loff_t *f_pos) 293 { 294 return -EPERM; 295 } 296 297 /** 298 * zcrypt_open(): Count number of users. 299 * 300 * Device open function to count number of users. 301 */ 302 static int zcrypt_open(struct inode *inode, struct file *filp) 303 { 304 lock_kernel(); 305 atomic_inc(&zcrypt_open_count); 306 unlock_kernel(); 307 return 0; 308 } 309 310 /** 311 * zcrypt_release(): Count number of users. 312 * 313 * Device close function to count number of users. 314 */ 315 static int zcrypt_release(struct inode *inode, struct file *filp) 316 { 317 atomic_dec(&zcrypt_open_count); 318 return 0; 319 } 320 321 /* 322 * zcrypt ioctls. 323 */ 324 static long zcrypt_rsa_modexpo(struct ica_rsa_modexpo *mex) 325 { 326 struct zcrypt_device *zdev; 327 int rc; 328 329 if (mex->outputdatalength < mex->inputdatalength) 330 return -EINVAL; 331 /* 332 * As long as outputdatalength is big enough, we can set the 333 * outputdatalength equal to the inputdatalength, since that is the 334 * number of bytes we will copy in any case 335 */ 336 mex->outputdatalength = mex->inputdatalength; 337 338 spin_lock_bh(&zcrypt_device_lock); 339 list_for_each_entry(zdev, &zcrypt_device_list, list) { 340 if (!zdev->online || 341 !zdev->ops->rsa_modexpo || 342 zdev->min_mod_size > mex->inputdatalength || 343 zdev->max_mod_size < mex->inputdatalength) 344 continue; 345 zcrypt_device_get(zdev); 346 get_device(&zdev->ap_dev->device); 347 zdev->request_count++; 348 __zcrypt_decrease_preference(zdev); 349 if (try_module_get(zdev->ap_dev->drv->driver.owner)) { 350 spin_unlock_bh(&zcrypt_device_lock); 351 rc = zdev->ops->rsa_modexpo(zdev, mex); 352 spin_lock_bh(&zcrypt_device_lock); 353 module_put(zdev->ap_dev->drv->driver.owner); 354 } 355 else 356 rc = -EAGAIN; 357 zdev->request_count--; 358 __zcrypt_increase_preference(zdev); 359 put_device(&zdev->ap_dev->device); 360 zcrypt_device_put(zdev); 361 spin_unlock_bh(&zcrypt_device_lock); 362 return rc; 363 } 364 spin_unlock_bh(&zcrypt_device_lock); 365 return -ENODEV; 366 } 367 368 static long zcrypt_rsa_crt(struct ica_rsa_modexpo_crt *crt) 369 { 370 struct zcrypt_device *zdev; 371 unsigned long long z1, z2, z3; 372 int rc, copied; 373 374 if (crt->outputdatalength < crt->inputdatalength || 375 (crt->inputdatalength & 1)) 376 return -EINVAL; 377 /* 378 * As long as outputdatalength is big enough, we can set the 379 * outputdatalength equal to the inputdatalength, since that is the 380 * number of bytes we will copy in any case 381 */ 382 crt->outputdatalength = crt->inputdatalength; 383 384 copied = 0; 385 restart: 386 spin_lock_bh(&zcrypt_device_lock); 387 list_for_each_entry(zdev, &zcrypt_device_list, list) { 388 if (!zdev->online || 389 !zdev->ops->rsa_modexpo_crt || 390 zdev->min_mod_size > crt->inputdatalength || 391 zdev->max_mod_size < crt->inputdatalength) 392 continue; 393 if (zdev->short_crt && crt->inputdatalength > 240) { 394 /* 395 * Check inputdata for leading zeros for cards 396 * that can't handle np_prime, bp_key, or 397 * u_mult_inv > 128 bytes. 398 */ 399 if (copied == 0) { 400 int len; 401 spin_unlock_bh(&zcrypt_device_lock); 402 /* len is max 256 / 2 - 120 = 8 */ 403 len = crt->inputdatalength / 2 - 120; 404 z1 = z2 = z3 = 0; 405 if (copy_from_user(&z1, crt->np_prime, len) || 406 copy_from_user(&z2, crt->bp_key, len) || 407 copy_from_user(&z3, crt->u_mult_inv, len)) 408 return -EFAULT; 409 copied = 1; 410 /* 411 * We have to restart device lookup - 412 * the device list may have changed by now. 413 */ 414 goto restart; 415 } 416 if (z1 != 0ULL || z2 != 0ULL || z3 != 0ULL) 417 /* The device can't handle this request. */ 418 continue; 419 } 420 zcrypt_device_get(zdev); 421 get_device(&zdev->ap_dev->device); 422 zdev->request_count++; 423 __zcrypt_decrease_preference(zdev); 424 if (try_module_get(zdev->ap_dev->drv->driver.owner)) { 425 spin_unlock_bh(&zcrypt_device_lock); 426 rc = zdev->ops->rsa_modexpo_crt(zdev, crt); 427 spin_lock_bh(&zcrypt_device_lock); 428 module_put(zdev->ap_dev->drv->driver.owner); 429 } 430 else 431 rc = -EAGAIN; 432 zdev->request_count--; 433 __zcrypt_increase_preference(zdev); 434 put_device(&zdev->ap_dev->device); 435 zcrypt_device_put(zdev); 436 spin_unlock_bh(&zcrypt_device_lock); 437 return rc; 438 } 439 spin_unlock_bh(&zcrypt_device_lock); 440 return -ENODEV; 441 } 442 443 static long zcrypt_send_cprb(struct ica_xcRB *xcRB) 444 { 445 struct zcrypt_device *zdev; 446 int rc; 447 448 spin_lock_bh(&zcrypt_device_lock); 449 list_for_each_entry(zdev, &zcrypt_device_list, list) { 450 if (!zdev->online || !zdev->ops->send_cprb || 451 (xcRB->user_defined != AUTOSELECT && 452 AP_QID_DEVICE(zdev->ap_dev->qid) != xcRB->user_defined) 453 ) 454 continue; 455 zcrypt_device_get(zdev); 456 get_device(&zdev->ap_dev->device); 457 zdev->request_count++; 458 __zcrypt_decrease_preference(zdev); 459 if (try_module_get(zdev->ap_dev->drv->driver.owner)) { 460 spin_unlock_bh(&zcrypt_device_lock); 461 rc = zdev->ops->send_cprb(zdev, xcRB); 462 spin_lock_bh(&zcrypt_device_lock); 463 module_put(zdev->ap_dev->drv->driver.owner); 464 } 465 else 466 rc = -EAGAIN; 467 zdev->request_count--; 468 __zcrypt_increase_preference(zdev); 469 put_device(&zdev->ap_dev->device); 470 zcrypt_device_put(zdev); 471 spin_unlock_bh(&zcrypt_device_lock); 472 return rc; 473 } 474 spin_unlock_bh(&zcrypt_device_lock); 475 return -ENODEV; 476 } 477 478 static long zcrypt_rng(char *buffer) 479 { 480 struct zcrypt_device *zdev; 481 int rc; 482 483 spin_lock_bh(&zcrypt_device_lock); 484 list_for_each_entry(zdev, &zcrypt_device_list, list) { 485 if (!zdev->online || !zdev->ops->rng) 486 continue; 487 zcrypt_device_get(zdev); 488 get_device(&zdev->ap_dev->device); 489 zdev->request_count++; 490 __zcrypt_decrease_preference(zdev); 491 if (try_module_get(zdev->ap_dev->drv->driver.owner)) { 492 spin_unlock_bh(&zcrypt_device_lock); 493 rc = zdev->ops->rng(zdev, buffer); 494 spin_lock_bh(&zcrypt_device_lock); 495 module_put(zdev->ap_dev->drv->driver.owner); 496 } else 497 rc = -EAGAIN; 498 zdev->request_count--; 499 __zcrypt_increase_preference(zdev); 500 put_device(&zdev->ap_dev->device); 501 zcrypt_device_put(zdev); 502 spin_unlock_bh(&zcrypt_device_lock); 503 return rc; 504 } 505 spin_unlock_bh(&zcrypt_device_lock); 506 return -ENODEV; 507 } 508 509 static void zcrypt_status_mask(char status[AP_DEVICES]) 510 { 511 struct zcrypt_device *zdev; 512 513 memset(status, 0, sizeof(char) * AP_DEVICES); 514 spin_lock_bh(&zcrypt_device_lock); 515 list_for_each_entry(zdev, &zcrypt_device_list, list) 516 status[AP_QID_DEVICE(zdev->ap_dev->qid)] = 517 zdev->online ? zdev->user_space_type : 0x0d; 518 spin_unlock_bh(&zcrypt_device_lock); 519 } 520 521 static void zcrypt_qdepth_mask(char qdepth[AP_DEVICES]) 522 { 523 struct zcrypt_device *zdev; 524 525 memset(qdepth, 0, sizeof(char) * AP_DEVICES); 526 spin_lock_bh(&zcrypt_device_lock); 527 list_for_each_entry(zdev, &zcrypt_device_list, list) { 528 spin_lock(&zdev->ap_dev->lock); 529 qdepth[AP_QID_DEVICE(zdev->ap_dev->qid)] = 530 zdev->ap_dev->pendingq_count + 531 zdev->ap_dev->requestq_count; 532 spin_unlock(&zdev->ap_dev->lock); 533 } 534 spin_unlock_bh(&zcrypt_device_lock); 535 } 536 537 static void zcrypt_perdev_reqcnt(int reqcnt[AP_DEVICES]) 538 { 539 struct zcrypt_device *zdev; 540 541 memset(reqcnt, 0, sizeof(int) * AP_DEVICES); 542 spin_lock_bh(&zcrypt_device_lock); 543 list_for_each_entry(zdev, &zcrypt_device_list, list) { 544 spin_lock(&zdev->ap_dev->lock); 545 reqcnt[AP_QID_DEVICE(zdev->ap_dev->qid)] = 546 zdev->ap_dev->total_request_count; 547 spin_unlock(&zdev->ap_dev->lock); 548 } 549 spin_unlock_bh(&zcrypt_device_lock); 550 } 551 552 static int zcrypt_pendingq_count(void) 553 { 554 struct zcrypt_device *zdev; 555 int pendingq_count = 0; 556 557 spin_lock_bh(&zcrypt_device_lock); 558 list_for_each_entry(zdev, &zcrypt_device_list, list) { 559 spin_lock(&zdev->ap_dev->lock); 560 pendingq_count += zdev->ap_dev->pendingq_count; 561 spin_unlock(&zdev->ap_dev->lock); 562 } 563 spin_unlock_bh(&zcrypt_device_lock); 564 return pendingq_count; 565 } 566 567 static int zcrypt_requestq_count(void) 568 { 569 struct zcrypt_device *zdev; 570 int requestq_count = 0; 571 572 spin_lock_bh(&zcrypt_device_lock); 573 list_for_each_entry(zdev, &zcrypt_device_list, list) { 574 spin_lock(&zdev->ap_dev->lock); 575 requestq_count += zdev->ap_dev->requestq_count; 576 spin_unlock(&zdev->ap_dev->lock); 577 } 578 spin_unlock_bh(&zcrypt_device_lock); 579 return requestq_count; 580 } 581 582 static int zcrypt_count_type(int type) 583 { 584 struct zcrypt_device *zdev; 585 int device_count = 0; 586 587 spin_lock_bh(&zcrypt_device_lock); 588 list_for_each_entry(zdev, &zcrypt_device_list, list) 589 if (zdev->user_space_type == type) 590 device_count++; 591 spin_unlock_bh(&zcrypt_device_lock); 592 return device_count; 593 } 594 595 /** 596 * zcrypt_ica_status(): Old, depracted combi status call. 597 * 598 * Old, deprecated combi status call. 599 */ 600 static long zcrypt_ica_status(struct file *filp, unsigned long arg) 601 { 602 struct ica_z90_status *pstat; 603 int ret; 604 605 pstat = kzalloc(sizeof(*pstat), GFP_KERNEL); 606 if (!pstat) 607 return -ENOMEM; 608 pstat->totalcount = zcrypt_device_count; 609 pstat->leedslitecount = zcrypt_count_type(ZCRYPT_PCICA); 610 pstat->leeds2count = zcrypt_count_type(ZCRYPT_PCICC); 611 pstat->requestqWaitCount = zcrypt_requestq_count(); 612 pstat->pendingqWaitCount = zcrypt_pendingq_count(); 613 pstat->totalOpenCount = atomic_read(&zcrypt_open_count); 614 pstat->cryptoDomain = ap_domain_index; 615 zcrypt_status_mask(pstat->status); 616 zcrypt_qdepth_mask(pstat->qdepth); 617 ret = 0; 618 if (copy_to_user((void __user *) arg, pstat, sizeof(*pstat))) 619 ret = -EFAULT; 620 kfree(pstat); 621 return ret; 622 } 623 624 static long zcrypt_unlocked_ioctl(struct file *filp, unsigned int cmd, 625 unsigned long arg) 626 { 627 int rc; 628 629 switch (cmd) { 630 case ICARSAMODEXPO: { 631 struct ica_rsa_modexpo __user *umex = (void __user *) arg; 632 struct ica_rsa_modexpo mex; 633 if (copy_from_user(&mex, umex, sizeof(mex))) 634 return -EFAULT; 635 do { 636 rc = zcrypt_rsa_modexpo(&mex); 637 } while (rc == -EAGAIN); 638 if (rc) 639 return rc; 640 return put_user(mex.outputdatalength, &umex->outputdatalength); 641 } 642 case ICARSACRT: { 643 struct ica_rsa_modexpo_crt __user *ucrt = (void __user *) arg; 644 struct ica_rsa_modexpo_crt crt; 645 if (copy_from_user(&crt, ucrt, sizeof(crt))) 646 return -EFAULT; 647 do { 648 rc = zcrypt_rsa_crt(&crt); 649 } while (rc == -EAGAIN); 650 if (rc) 651 return rc; 652 return put_user(crt.outputdatalength, &ucrt->outputdatalength); 653 } 654 case ZSECSENDCPRB: { 655 struct ica_xcRB __user *uxcRB = (void __user *) arg; 656 struct ica_xcRB xcRB; 657 if (copy_from_user(&xcRB, uxcRB, sizeof(xcRB))) 658 return -EFAULT; 659 do { 660 rc = zcrypt_send_cprb(&xcRB); 661 } while (rc == -EAGAIN); 662 if (copy_to_user(uxcRB, &xcRB, sizeof(xcRB))) 663 return -EFAULT; 664 return rc; 665 } 666 case Z90STAT_STATUS_MASK: { 667 char status[AP_DEVICES]; 668 zcrypt_status_mask(status); 669 if (copy_to_user((char __user *) arg, status, 670 sizeof(char) * AP_DEVICES)) 671 return -EFAULT; 672 return 0; 673 } 674 case Z90STAT_QDEPTH_MASK: { 675 char qdepth[AP_DEVICES]; 676 zcrypt_qdepth_mask(qdepth); 677 if (copy_to_user((char __user *) arg, qdepth, 678 sizeof(char) * AP_DEVICES)) 679 return -EFAULT; 680 return 0; 681 } 682 case Z90STAT_PERDEV_REQCNT: { 683 int reqcnt[AP_DEVICES]; 684 zcrypt_perdev_reqcnt(reqcnt); 685 if (copy_to_user((int __user *) arg, reqcnt, 686 sizeof(int) * AP_DEVICES)) 687 return -EFAULT; 688 return 0; 689 } 690 case Z90STAT_REQUESTQ_COUNT: 691 return put_user(zcrypt_requestq_count(), (int __user *) arg); 692 case Z90STAT_PENDINGQ_COUNT: 693 return put_user(zcrypt_pendingq_count(), (int __user *) arg); 694 case Z90STAT_TOTALOPEN_COUNT: 695 return put_user(atomic_read(&zcrypt_open_count), 696 (int __user *) arg); 697 case Z90STAT_DOMAIN_INDEX: 698 return put_user(ap_domain_index, (int __user *) arg); 699 /* 700 * Deprecated ioctls. Don't add another device count ioctl, 701 * you can count them yourself in the user space with the 702 * output of the Z90STAT_STATUS_MASK ioctl. 703 */ 704 case ICAZ90STATUS: 705 return zcrypt_ica_status(filp, arg); 706 case Z90STAT_TOTALCOUNT: 707 return put_user(zcrypt_device_count, (int __user *) arg); 708 case Z90STAT_PCICACOUNT: 709 return put_user(zcrypt_count_type(ZCRYPT_PCICA), 710 (int __user *) arg); 711 case Z90STAT_PCICCCOUNT: 712 return put_user(zcrypt_count_type(ZCRYPT_PCICC), 713 (int __user *) arg); 714 case Z90STAT_PCIXCCMCL2COUNT: 715 return put_user(zcrypt_count_type(ZCRYPT_PCIXCC_MCL2), 716 (int __user *) arg); 717 case Z90STAT_PCIXCCMCL3COUNT: 718 return put_user(zcrypt_count_type(ZCRYPT_PCIXCC_MCL3), 719 (int __user *) arg); 720 case Z90STAT_PCIXCCCOUNT: 721 return put_user(zcrypt_count_type(ZCRYPT_PCIXCC_MCL2) + 722 zcrypt_count_type(ZCRYPT_PCIXCC_MCL3), 723 (int __user *) arg); 724 case Z90STAT_CEX2CCOUNT: 725 return put_user(zcrypt_count_type(ZCRYPT_CEX2C), 726 (int __user *) arg); 727 case Z90STAT_CEX2ACOUNT: 728 return put_user(zcrypt_count_type(ZCRYPT_CEX2A), 729 (int __user *) arg); 730 default: 731 /* unknown ioctl number */ 732 return -ENOIOCTLCMD; 733 } 734 } 735 736 #ifdef CONFIG_COMPAT 737 /* 738 * ioctl32 conversion routines 739 */ 740 struct compat_ica_rsa_modexpo { 741 compat_uptr_t inputdata; 742 unsigned int inputdatalength; 743 compat_uptr_t outputdata; 744 unsigned int outputdatalength; 745 compat_uptr_t b_key; 746 compat_uptr_t n_modulus; 747 }; 748 749 static long trans_modexpo32(struct file *filp, unsigned int cmd, 750 unsigned long arg) 751 { 752 struct compat_ica_rsa_modexpo __user *umex32 = compat_ptr(arg); 753 struct compat_ica_rsa_modexpo mex32; 754 struct ica_rsa_modexpo mex64; 755 long rc; 756 757 if (copy_from_user(&mex32, umex32, sizeof(mex32))) 758 return -EFAULT; 759 mex64.inputdata = compat_ptr(mex32.inputdata); 760 mex64.inputdatalength = mex32.inputdatalength; 761 mex64.outputdata = compat_ptr(mex32.outputdata); 762 mex64.outputdatalength = mex32.outputdatalength; 763 mex64.b_key = compat_ptr(mex32.b_key); 764 mex64.n_modulus = compat_ptr(mex32.n_modulus); 765 do { 766 rc = zcrypt_rsa_modexpo(&mex64); 767 } while (rc == -EAGAIN); 768 if (!rc) 769 rc = put_user(mex64.outputdatalength, 770 &umex32->outputdatalength); 771 return rc; 772 } 773 774 struct compat_ica_rsa_modexpo_crt { 775 compat_uptr_t inputdata; 776 unsigned int inputdatalength; 777 compat_uptr_t outputdata; 778 unsigned int outputdatalength; 779 compat_uptr_t bp_key; 780 compat_uptr_t bq_key; 781 compat_uptr_t np_prime; 782 compat_uptr_t nq_prime; 783 compat_uptr_t u_mult_inv; 784 }; 785 786 static long trans_modexpo_crt32(struct file *filp, unsigned int cmd, 787 unsigned long arg) 788 { 789 struct compat_ica_rsa_modexpo_crt __user *ucrt32 = compat_ptr(arg); 790 struct compat_ica_rsa_modexpo_crt crt32; 791 struct ica_rsa_modexpo_crt crt64; 792 long rc; 793 794 if (copy_from_user(&crt32, ucrt32, sizeof(crt32))) 795 return -EFAULT; 796 crt64.inputdata = compat_ptr(crt32.inputdata); 797 crt64.inputdatalength = crt32.inputdatalength; 798 crt64.outputdata= compat_ptr(crt32.outputdata); 799 crt64.outputdatalength = crt32.outputdatalength; 800 crt64.bp_key = compat_ptr(crt32.bp_key); 801 crt64.bq_key = compat_ptr(crt32.bq_key); 802 crt64.np_prime = compat_ptr(crt32.np_prime); 803 crt64.nq_prime = compat_ptr(crt32.nq_prime); 804 crt64.u_mult_inv = compat_ptr(crt32.u_mult_inv); 805 do { 806 rc = zcrypt_rsa_crt(&crt64); 807 } while (rc == -EAGAIN); 808 if (!rc) 809 rc = put_user(crt64.outputdatalength, 810 &ucrt32->outputdatalength); 811 return rc; 812 } 813 814 struct compat_ica_xcRB { 815 unsigned short agent_ID; 816 unsigned int user_defined; 817 unsigned short request_ID; 818 unsigned int request_control_blk_length; 819 unsigned char padding1[16 - sizeof (compat_uptr_t)]; 820 compat_uptr_t request_control_blk_addr; 821 unsigned int request_data_length; 822 char padding2[16 - sizeof (compat_uptr_t)]; 823 compat_uptr_t request_data_address; 824 unsigned int reply_control_blk_length; 825 char padding3[16 - sizeof (compat_uptr_t)]; 826 compat_uptr_t reply_control_blk_addr; 827 unsigned int reply_data_length; 828 char padding4[16 - sizeof (compat_uptr_t)]; 829 compat_uptr_t reply_data_addr; 830 unsigned short priority_window; 831 unsigned int status; 832 } __attribute__((packed)); 833 834 static long trans_xcRB32(struct file *filp, unsigned int cmd, 835 unsigned long arg) 836 { 837 struct compat_ica_xcRB __user *uxcRB32 = compat_ptr(arg); 838 struct compat_ica_xcRB xcRB32; 839 struct ica_xcRB xcRB64; 840 long rc; 841 842 if (copy_from_user(&xcRB32, uxcRB32, sizeof(xcRB32))) 843 return -EFAULT; 844 xcRB64.agent_ID = xcRB32.agent_ID; 845 xcRB64.user_defined = xcRB32.user_defined; 846 xcRB64.request_ID = xcRB32.request_ID; 847 xcRB64.request_control_blk_length = 848 xcRB32.request_control_blk_length; 849 xcRB64.request_control_blk_addr = 850 compat_ptr(xcRB32.request_control_blk_addr); 851 xcRB64.request_data_length = 852 xcRB32.request_data_length; 853 xcRB64.request_data_address = 854 compat_ptr(xcRB32.request_data_address); 855 xcRB64.reply_control_blk_length = 856 xcRB32.reply_control_blk_length; 857 xcRB64.reply_control_blk_addr = 858 compat_ptr(xcRB32.reply_control_blk_addr); 859 xcRB64.reply_data_length = xcRB32.reply_data_length; 860 xcRB64.reply_data_addr = 861 compat_ptr(xcRB32.reply_data_addr); 862 xcRB64.priority_window = xcRB32.priority_window; 863 xcRB64.status = xcRB32.status; 864 do { 865 rc = zcrypt_send_cprb(&xcRB64); 866 } while (rc == -EAGAIN); 867 xcRB32.reply_control_blk_length = xcRB64.reply_control_blk_length; 868 xcRB32.reply_data_length = xcRB64.reply_data_length; 869 xcRB32.status = xcRB64.status; 870 if (copy_to_user(uxcRB32, &xcRB32, sizeof(xcRB32))) 871 return -EFAULT; 872 return rc; 873 } 874 875 static long zcrypt_compat_ioctl(struct file *filp, unsigned int cmd, 876 unsigned long arg) 877 { 878 if (cmd == ICARSAMODEXPO) 879 return trans_modexpo32(filp, cmd, arg); 880 if (cmd == ICARSACRT) 881 return trans_modexpo_crt32(filp, cmd, arg); 882 if (cmd == ZSECSENDCPRB) 883 return trans_xcRB32(filp, cmd, arg); 884 return zcrypt_unlocked_ioctl(filp, cmd, arg); 885 } 886 #endif 887 888 /* 889 * Misc device file operations. 890 */ 891 static const struct file_operations zcrypt_fops = { 892 .owner = THIS_MODULE, 893 .read = zcrypt_read, 894 .write = zcrypt_write, 895 .unlocked_ioctl = zcrypt_unlocked_ioctl, 896 #ifdef CONFIG_COMPAT 897 .compat_ioctl = zcrypt_compat_ioctl, 898 #endif 899 .open = zcrypt_open, 900 .release = zcrypt_release 901 }; 902 903 /* 904 * Misc device. 905 */ 906 static struct miscdevice zcrypt_misc_device = { 907 .minor = MISC_DYNAMIC_MINOR, 908 .name = "z90crypt", 909 .fops = &zcrypt_fops, 910 }; 911 912 /* 913 * Deprecated /proc entry support. 914 */ 915 static struct proc_dir_entry *zcrypt_entry; 916 917 static int sprintcl(unsigned char *outaddr, unsigned char *addr, 918 unsigned int len) 919 { 920 int hl, i; 921 922 hl = 0; 923 for (i = 0; i < len; i++) 924 hl += sprintf(outaddr+hl, "%01x", (unsigned int) addr[i]); 925 hl += sprintf(outaddr+hl, " "); 926 return hl; 927 } 928 929 static int sprintrw(unsigned char *outaddr, unsigned char *addr, 930 unsigned int len) 931 { 932 int hl, inl, c, cx; 933 934 hl = sprintf(outaddr, " "); 935 inl = 0; 936 for (c = 0; c < (len / 16); c++) { 937 hl += sprintcl(outaddr+hl, addr+inl, 16); 938 inl += 16; 939 } 940 cx = len%16; 941 if (cx) { 942 hl += sprintcl(outaddr+hl, addr+inl, cx); 943 inl += cx; 944 } 945 hl += sprintf(outaddr+hl, "\n"); 946 return hl; 947 } 948 949 static int sprinthx(unsigned char *title, unsigned char *outaddr, 950 unsigned char *addr, unsigned int len) 951 { 952 int hl, inl, r, rx; 953 954 hl = sprintf(outaddr, "\n%s\n", title); 955 inl = 0; 956 for (r = 0; r < (len / 64); r++) { 957 hl += sprintrw(outaddr+hl, addr+inl, 64); 958 inl += 64; 959 } 960 rx = len % 64; 961 if (rx) { 962 hl += sprintrw(outaddr+hl, addr+inl, rx); 963 inl += rx; 964 } 965 hl += sprintf(outaddr+hl, "\n"); 966 return hl; 967 } 968 969 static int sprinthx4(unsigned char *title, unsigned char *outaddr, 970 unsigned int *array, unsigned int len) 971 { 972 int hl, r; 973 974 hl = sprintf(outaddr, "\n%s\n", title); 975 for (r = 0; r < len; r++) { 976 if ((r % 8) == 0) 977 hl += sprintf(outaddr+hl, " "); 978 hl += sprintf(outaddr+hl, "%08X ", array[r]); 979 if ((r % 8) == 7) 980 hl += sprintf(outaddr+hl, "\n"); 981 } 982 hl += sprintf(outaddr+hl, "\n"); 983 return hl; 984 } 985 986 static int zcrypt_status_read(char *resp_buff, char **start, off_t offset, 987 int count, int *eof, void *data) 988 { 989 unsigned char *workarea; 990 int len; 991 992 len = 0; 993 994 /* resp_buff is a page. Use the right half for a work area */ 995 workarea = resp_buff + 2000; 996 len += sprintf(resp_buff + len, "\nzcrypt version: %d.%d.%d\n", 997 ZCRYPT_VERSION, ZCRYPT_RELEASE, ZCRYPT_VARIANT); 998 len += sprintf(resp_buff + len, "Cryptographic domain: %d\n", 999 ap_domain_index); 1000 len += sprintf(resp_buff + len, "Total device count: %d\n", 1001 zcrypt_device_count); 1002 len += sprintf(resp_buff + len, "PCICA count: %d\n", 1003 zcrypt_count_type(ZCRYPT_PCICA)); 1004 len += sprintf(resp_buff + len, "PCICC count: %d\n", 1005 zcrypt_count_type(ZCRYPT_PCICC)); 1006 len += sprintf(resp_buff + len, "PCIXCC MCL2 count: %d\n", 1007 zcrypt_count_type(ZCRYPT_PCIXCC_MCL2)); 1008 len += sprintf(resp_buff + len, "PCIXCC MCL3 count: %d\n", 1009 zcrypt_count_type(ZCRYPT_PCIXCC_MCL3)); 1010 len += sprintf(resp_buff + len, "CEX2C count: %d\n", 1011 zcrypt_count_type(ZCRYPT_CEX2C)); 1012 len += sprintf(resp_buff + len, "CEX2A count: %d\n", 1013 zcrypt_count_type(ZCRYPT_CEX2A)); 1014 len += sprintf(resp_buff + len, "requestq count: %d\n", 1015 zcrypt_requestq_count()); 1016 len += sprintf(resp_buff + len, "pendingq count: %d\n", 1017 zcrypt_pendingq_count()); 1018 len += sprintf(resp_buff + len, "Total open handles: %d\n\n", 1019 atomic_read(&zcrypt_open_count)); 1020 zcrypt_status_mask(workarea); 1021 len += sprinthx("Online devices: 1=PCICA 2=PCICC 3=PCIXCC(MCL2) " 1022 "4=PCIXCC(MCL3) 5=CEX2C 6=CEX2A", 1023 resp_buff+len, workarea, AP_DEVICES); 1024 zcrypt_qdepth_mask(workarea); 1025 len += sprinthx("Waiting work element counts", 1026 resp_buff+len, workarea, AP_DEVICES); 1027 zcrypt_perdev_reqcnt((int *) workarea); 1028 len += sprinthx4("Per-device successfully completed request counts", 1029 resp_buff+len,(unsigned int *) workarea, AP_DEVICES); 1030 *eof = 1; 1031 memset((void *) workarea, 0x00, AP_DEVICES * sizeof(unsigned int)); 1032 return len; 1033 } 1034 1035 static void zcrypt_disable_card(int index) 1036 { 1037 struct zcrypt_device *zdev; 1038 1039 spin_lock_bh(&zcrypt_device_lock); 1040 list_for_each_entry(zdev, &zcrypt_device_list, list) 1041 if (AP_QID_DEVICE(zdev->ap_dev->qid) == index) { 1042 zdev->online = 0; 1043 ap_flush_queue(zdev->ap_dev); 1044 break; 1045 } 1046 spin_unlock_bh(&zcrypt_device_lock); 1047 } 1048 1049 static void zcrypt_enable_card(int index) 1050 { 1051 struct zcrypt_device *zdev; 1052 1053 spin_lock_bh(&zcrypt_device_lock); 1054 list_for_each_entry(zdev, &zcrypt_device_list, list) 1055 if (AP_QID_DEVICE(zdev->ap_dev->qid) == index) { 1056 zdev->online = 1; 1057 break; 1058 } 1059 spin_unlock_bh(&zcrypt_device_lock); 1060 } 1061 1062 static int zcrypt_status_write(struct file *file, const char __user *buffer, 1063 unsigned long count, void *data) 1064 { 1065 unsigned char *lbuf, *ptr; 1066 unsigned long local_count; 1067 int j; 1068 1069 if (count <= 0) 1070 return 0; 1071 1072 #define LBUFSIZE 1200UL 1073 lbuf = kmalloc(LBUFSIZE, GFP_KERNEL); 1074 if (!lbuf) 1075 return 0; 1076 1077 local_count = min(LBUFSIZE - 1, count); 1078 if (copy_from_user(lbuf, buffer, local_count) != 0) { 1079 kfree(lbuf); 1080 return -EFAULT; 1081 } 1082 lbuf[local_count] = '\0'; 1083 1084 ptr = strstr(lbuf, "Online devices"); 1085 if (!ptr) 1086 goto out; 1087 ptr = strstr(ptr, "\n"); 1088 if (!ptr) 1089 goto out; 1090 ptr++; 1091 1092 if (strstr(ptr, "Waiting work element counts") == NULL) 1093 goto out; 1094 1095 for (j = 0; j < 64 && *ptr; ptr++) { 1096 /* 1097 * '0' for no device, '1' for PCICA, '2' for PCICC, 1098 * '3' for PCIXCC_MCL2, '4' for PCIXCC_MCL3, 1099 * '5' for CEX2C and '6' for CEX2A' 1100 */ 1101 if (*ptr >= '0' && *ptr <= '6') 1102 j++; 1103 else if (*ptr == 'd' || *ptr == 'D') 1104 zcrypt_disable_card(j++); 1105 else if (*ptr == 'e' || *ptr == 'E') 1106 zcrypt_enable_card(j++); 1107 else if (*ptr != ' ' && *ptr != '\t') 1108 break; 1109 } 1110 out: 1111 kfree(lbuf); 1112 return count; 1113 } 1114 1115 static int zcrypt_rng_device_count; 1116 static u32 *zcrypt_rng_buffer; 1117 static int zcrypt_rng_buffer_index; 1118 static DEFINE_MUTEX(zcrypt_rng_mutex); 1119 1120 static int zcrypt_rng_data_read(struct hwrng *rng, u32 *data) 1121 { 1122 int rc; 1123 1124 /* 1125 * We don't need locking here because the RNG API guarantees serialized 1126 * read method calls. 1127 */ 1128 if (zcrypt_rng_buffer_index == 0) { 1129 rc = zcrypt_rng((char *) zcrypt_rng_buffer); 1130 if (rc < 0) 1131 return -EIO; 1132 zcrypt_rng_buffer_index = rc / sizeof *data; 1133 } 1134 *data = zcrypt_rng_buffer[--zcrypt_rng_buffer_index]; 1135 return sizeof *data; 1136 } 1137 1138 static struct hwrng zcrypt_rng_dev = { 1139 .name = "zcrypt", 1140 .data_read = zcrypt_rng_data_read, 1141 }; 1142 1143 static int zcrypt_rng_device_add(void) 1144 { 1145 int rc = 0; 1146 1147 mutex_lock(&zcrypt_rng_mutex); 1148 if (zcrypt_rng_device_count == 0) { 1149 zcrypt_rng_buffer = (u32 *) get_zeroed_page(GFP_KERNEL); 1150 if (!zcrypt_rng_buffer) { 1151 rc = -ENOMEM; 1152 goto out; 1153 } 1154 zcrypt_rng_buffer_index = 0; 1155 rc = hwrng_register(&zcrypt_rng_dev); 1156 if (rc) 1157 goto out_free; 1158 zcrypt_rng_device_count = 1; 1159 } else 1160 zcrypt_rng_device_count++; 1161 mutex_unlock(&zcrypt_rng_mutex); 1162 return 0; 1163 1164 out_free: 1165 free_page((unsigned long) zcrypt_rng_buffer); 1166 out: 1167 mutex_unlock(&zcrypt_rng_mutex); 1168 return rc; 1169 } 1170 1171 static void zcrypt_rng_device_remove(void) 1172 { 1173 mutex_lock(&zcrypt_rng_mutex); 1174 zcrypt_rng_device_count--; 1175 if (zcrypt_rng_device_count == 0) { 1176 hwrng_unregister(&zcrypt_rng_dev); 1177 free_page((unsigned long) zcrypt_rng_buffer); 1178 } 1179 mutex_unlock(&zcrypt_rng_mutex); 1180 } 1181 1182 /** 1183 * zcrypt_api_init(): Module initialization. 1184 * 1185 * The module initialization code. 1186 */ 1187 int __init zcrypt_api_init(void) 1188 { 1189 int rc; 1190 1191 /* Register the request sprayer. */ 1192 rc = misc_register(&zcrypt_misc_device); 1193 if (rc < 0) 1194 goto out; 1195 1196 /* Set up the proc file system */ 1197 zcrypt_entry = create_proc_entry("driver/z90crypt", 0644, NULL); 1198 if (!zcrypt_entry) { 1199 rc = -ENOMEM; 1200 goto out_misc; 1201 } 1202 zcrypt_entry->data = NULL; 1203 zcrypt_entry->read_proc = zcrypt_status_read; 1204 zcrypt_entry->write_proc = zcrypt_status_write; 1205 1206 return 0; 1207 1208 out_misc: 1209 misc_deregister(&zcrypt_misc_device); 1210 out: 1211 return rc; 1212 } 1213 1214 /** 1215 * zcrypt_api_exit(): Module termination. 1216 * 1217 * The module termination code. 1218 */ 1219 void zcrypt_api_exit(void) 1220 { 1221 remove_proc_entry("driver/z90crypt", NULL); 1222 misc_deregister(&zcrypt_misc_device); 1223 } 1224 1225 #ifndef CONFIG_ZCRYPT_MONOLITHIC 1226 module_init(zcrypt_api_init); 1227 module_exit(zcrypt_api_exit); 1228 #endif 1229