Commit Graph

210 Commits

Author SHA1 Message Date
Harald Freudenberger
dbed23dba0 s390/zcrypt: Add some debug messages on failure.
Added some dbf debug messages on failure of the most important
ioctl calls. These messages are only enabled with dbf level
6 (debug) and so do not affect the normal operating mode which
uses level 3 (errors and higher).

Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-06-12 16:25:59 +02:00
Harald Freudenberger
ac994e80f9 s390/zcrypt: Rework ap init in case of out of range domain param.
When a out of range domain parameter was given, the init function
returned with -EINVAL and the driver was not operational. As the
driver is statically build into the kernel and is able to work
with multiple domains anyway the init function should continue.
Now the user has a chance to write a new default domain value
via sysfs attribute file. Also added two new dbf debug messages
related to the domain value handling.

Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-06-12 16:25:58 +02:00
Harald Freudenberger
a1b19d07ca s390/zcrypt: remove unused function zcrypt_type6_mex_key_de()
Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-06-12 16:25:57 +02:00
Heiko Carstens
8ff3458865 s390/zcrypt: get rid of little/big endian handling
The zcrypt code contains a couple of functions which receive a
"big_endian" argument. All callers naturally pass "1" for big endian,
since s390 is big endian. Therefore get rid of this argument and also
get rid of the cpu_to_le()/cpu_to_be() calls.

This way we get rid of a couple of sparse warnings:

drivers/s390/crypto/zcrypt_cca_key.h:255:34:
 warning: incorrect type in assignment (different base types)
    expected unsigned short [unsigned] ulen
    got restricted __be16 [usertype] <noident>

Cc: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-06-12 16:25:57 +02:00
Heiko Carstens
7a00363792 s390/pkey: add missing __user annotations
Add missing __user annotations to get rid of a couple of sparse
warnings. All callers actually pass kernel pointers instead of user
space pointers, however the pointers are being used within
KERNEL_DS. So everything is fine.

Corresponding sparse warnings:

drivers/s390/crypto/pkey_api.c:181:41:
 warning: incorrect type in assignment (different address spaces)
    expected char [noderef] <asn:1>*request_control_blk_addr
    got void *<noident>

Cc: Harald Freudenberger <freude@linux.vnet.ibm.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-06-12 16:25:56 +02:00
Heiko Carstens
cb4ef3c20b s390/pkey: make pkey_init() static
drivers/s390/crypto/pkey_api.c:1197:12:
  warning: symbol 'pkey_init' was not declared. Should it be static?

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-06-12 16:25:55 +02:00
Harald Freudenberger
e385050873 s390/zcrypt: Fix blocking queue device after unbind/bind.
When the association between a queue device and the
driver is released via unbind and later re-associated
the queue device was not operational any more. Reason
was a wrong administration of the card/queue lists
within the ap device driver.

This patch introduces revised card/queue list handling
within the ap device driver: when an ap device is
detected it is initial not added to the card/queue list
any more. With driver probe the card device is added to
the card list/the queue device is added to the queue list
within a card. With driver remove the device is removed
from the card/queue list. Additionally there are some
situations within the ap device live where the lists
need update upon card/queue device release (for example
device hot unplug or suspend/resume).

Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-06-02 14:30:12 +02:00
Harald Freudenberger
e61a6134e7 s390/pkey: Introduce new API for secure key verification
User space needs some information about the secure key(s)
before actually invoking the pkey and/or paes funcionality.
This patch introduces a new ioctl API and in kernel API to
verify the the secure key blob and give back some
information about the key (type, bitsize, old MKVP).
Both APIs are described in detail in the header files
arch/s390/include/asm/pkey.h and arch/s390/include/uapi/asm/pkey.h.

Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-03-22 08:29:13 +01:00
Harald Freudenberger
ca681ec860 s390/pkey: Fix wrong handling of secure key with old MKVP
When a secure key with an old Master Key Verification
Pattern was given to the pkey_findcard function, there was
no responsible card found because only the current MKVP of
each card was compared. With this fix also the old MKVP
values are considered and so a matching card able to handle
the key is reported back to the caller.

Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-03-22 08:21:20 +01:00
Harald Freudenberger
e80d4af0a3 s390/pkey: Introduce pkey kernel module
This patch introcudes a new kernel module pkey which is providing
protected key handling and management functions. The pkey API is
available within the kernel for other s390 specific code to create
and manage protected keys. Additionally the functions are exported
to user space via IOCTL calls. The implementation makes extensive
use of functions provided by the zcrypt device driver. For
generating protected keys from secure keys there is also a CEX
coprocessor card needed.

Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-02-23 10:06:40 +01:00
Harald Freudenberger
a1d001e26d s390/zcrypt: export additional symbols
Export the two zcrypt device driver functions zcrypt_send_cprb and
zcrypt_device_status_mask to be useable for other kernel code.

Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-02-23 10:06:40 +01:00
Harald Freudenberger
f546d6a941 s390/zcrypt: Cleanup leftover module code.
The AP bus code is not buildable as kernel module any more.
Commit 5fe38260d083 ("s390/zcrypt: make ap_bus explicitly
non-modular") leaves one now unused function which gets
removed with this patch.

Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-02-23 10:06:39 +01:00
Harald Freudenberger
d0360d7b52 s390/zcrypt: Enable request count reset for cards and queues.
This patch introduces the possibility to reset the
request_count attribute for cards and queues to zero.
This can be used to set a clear state on the counters before
running an application and try out if and which hardware is
actually used. If the request_count counter of a card is
reset, for all associated queues the request_count is also
zeroed. If just a queue request_count is reset the card
counter is not updated however.

Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-02-23 10:06:39 +01:00
Paul Gortmaker
50a0d46c98 s390/zcrypt: make ap_bus explicitly non-modular
The Makefile in drivers/s390 has:

	obj-y += cio/ block/ char/ crypto/ net/ scsi/ virtio/

  and the Makefile in crypto/ has:

	ap-objs := ap_bus.o ap_card.o ap_queue.o

  meaning that it currently is not being built as a module by anyone.

Lets remove the modular code that is essentially orphaned, so that
when reading the driver there is no doubt it is builtin-only.

Since module_init translates to device_initcall in the non-modular
case, the init ordering remains unchanged with this commit.

Also note that MODULE_ALIAS is a no-op for non-module builds.

We also delete the MODULE_LICENSE tag etc. since all that information
is already contained at the top of the file in the comments.

We replace module.h with moduleparam.h since the file does declare
some module parameters even though it is not modular itself.

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-02-20 12:37:37 +01:00
Harald Freudenberger
260021e21b s390/zcrypt: Removed unneeded debug feature directory creation.
The ap bus code and the zcrypt api had invocations to the
debug feature debugfs_create_dir() call but never populated
these directories in any way. Removed this unneeded code.

Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-02-20 12:37:32 +01:00
Harald Freudenberger
7fbe5c0f2a s390/zcrypt: use spin_lock_bh for all queue locks and unlocks.
During tests the Kernel complained about inconsistend lock state:
inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
Now all the queue locks use spin_lock_bh/spin_unlock_bh.

Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-01-31 10:46:15 +01:00
Heiko Carstens
970ba6ac6a s390: use false/true when using bool
Yet another trivial patch to reduce the noise that coccinelle
generates.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-01-16 07:27:54 +01:00
Heiko Carstens
57c52ae757 s390/zcrypt: get rid of variable length arrays
The variable length arrays used to specify clobbered memory within
ap_nqap and ap_dqap would only work if the length would be known at
compile time.
This is not the case for both usages. Therefore simply use a full
memory clobber and get rid of the old construct.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-01-16 07:27:51 +01:00
Heiko Carstens
227374b1dd s390/zcrypt: make structures static
Get rid of these:
drivers/s390/crypto/ap_card.c:140:20:
  warning: symbol 'ap_card_type' was not declared. Should it be static?
drivers/s390/crypto/ap_queue.c:567:20:
 warning: symbol 'ap_queue_type' was not declared. Should it be static?

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2017-01-16 07:27:51 +01:00
Thomas Gleixner
8b0e195314 ktime: Cleanup ktime_set() usage
ktime_set(S,N) was required for the timespec storage type and is still
useful for situations where a Seconds and Nanoseconds part of a time value
needs to be converted. For anything where the Seconds argument is 0, this
is pointless and can be replaced with a simple assignment.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
2016-12-25 17:21:22 +01:00
Linus Torvalds
7c0f6ba682 Replace <asm/uaccess.h> with <linux/uaccess.h> globally
This was entirely automated, using the script by Al:

  PATT='^[[:blank:]]*#[[:blank:]]*include[[:blank:]]*<asm/uaccess.h>'
  sed -i -e "s!$PATT!#include <linux/uaccess.h>!" \
        $(git grep -l "$PATT"|grep -v ^include/linux/uaccess.h)

to do the replacement at the end of the merge window.

Requested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-12-24 11:46:01 -08:00
Heiko Carstens
d03502684b s390/zcrypt: add missing memory clobber to ap_qci inline assembly
The ap_qci() inline assembly writes to memory (*config) but misses to
tell the compiler about it. Add the missing memory clobber to fix
this.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-12-14 16:33:41 +01:00
Harald Freudenberger
13b251bdc8 s390/zcrypt: tracepoint definitions for zcrypt device driver.
This patch introduces tracepoint definitions and tracepoint
event invocations for the s390 zcrypt device.

Currently there are just two tracepoint events defined.
An s390_zcrypt_req request event occurs as soon as the
request is recognized by the zcrypt ioctl function. This
event may act as some kind of request-processing-starts-now
indication.
As late as possible within the zcrypt ioctl function there
occurs the s390_zcrypt_rep event which may act as the point
in time where the request has been processed by the kernel
and the result is about to be transferred back to userspace.
The glue which binds together request and reply event is the
ptr parameter, which is the local buffer address where the
request from userspace has been stored by the ioctl function.

The main purpose of this zcrypt tracepoint patch is to get
some data for performance measurements together with
information about the kind of request and on which card and
queue the request has been processed. It is not an ffdc
interface as there is already code in the zcrypt device
driver to serve the s390 debug feature interface.

Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-12-14 16:33:40 +01:00
Harald Freudenberger
cccd85bfb7 s390/zcrypt: Rework debug feature invocations.
Rework the debug feature calls and initialization.  There
are now two debug feature entries used by the zcrypt code.
The first is 'ap' with all the AP bus related stuff and the
second is 'zcrypt' with all the zcrypt and devices and
driver related entries. However, there isn't much traffic on
both debug features. The ap bus code emits only some debug
info and for zcrypt devices on appearance and disappearance
there is an entry written.

The new dbf invocations use the sprintf buffer layout,
whereas the old implementation used the ascii dbf buffer.
There are now 5*8=40 bytes used for each entry, resulting in
5 parameters per call. As the sprintf buffer needs a format
string the first parameter provides this and so up to 4 more
parameters can be used. Alltogehter the new layout should be
much more human readable for customers and test.

Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-12-14 16:33:39 +01:00
Harald Freudenberger
bf9f31190a s390/zcrypt: Improved invalid domain response handling.
Add defines and switch case code to handle the two invalid
domain response codes better. Until now these two response
codes are handled via default resulting in -EAGAIN and
switching the processed queue to offline.  So this kind of
malformed request bounced through all suitable queues and
switched them off. Now this kind of malformed request is
just rejected with EINVAL without switching off the queue.

Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-12-14 16:33:39 +01:00
Ingo Tuchscherer
c1c1368de4 s390/zcrypt: Fix ap_max_domain_id for older machine types
According to the system architecture the current implementation
requires the presence of the N bit in GR2 in the TAPQ response
field to validate the max. number of domains (Nd).
Older machine types don't have this N bit, hence the max. domain
field was ignored.

Before the N bit was introduced the maximum number of domain was
a constant value of 15. So set this value in case of N bit absence.

Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-12-14 16:33:39 +01:00
Harald Freudenberger
148784246e s390/zcrypt: Correct function bits for CEX2x and CEX3x cards.
For the older CEX2x and CEX3x cards the function bits returned
by TAPQ do not reflect the functions of the card. Instead the
functionality is implicit by the type of the card. The reworked
zcrypt requires to have the function bits set correct, so this
patch fixes this. The queue selection is not only based on these
function bits but also on function pointers set by the individual
drivers.

Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-12-14 16:33:39 +01:00
Ingo Tuchscherer
e47de21dd3 s390/zcrypt: Fixed attrition of AP adapters and domains
Currently the first eligible AP adapter respectively domain will be
selected to service requests. In case of sequential workload, the
very same adapter/domain will be used.

The adapter/domain selection algorithm now considers the completed
transactions per adaper/domain and therefore ensures a homogeneous
utilization.

Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-12-14 16:33:39 +01:00
Ingo Tuchscherer
b886a9d156 s390/zcrypt: Introduce new zcrypt device status API
Introduce new ioctl (ZDEVICESTATUS) to provide detailed
information, like hardware type, domains, status and functionality
of available crypto devices.

Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-12-14 16:33:38 +01:00
Ingo Tuchscherer
e28d2af436 s390/zcrypt: add multi domain support
Currently the ap infrastructure only supports one domain at a time.
This feature extends the generic cryptographic device driver to
support multiple cryptographic domains simultaneously.

There are now card and queue devices on the AP bus with independent
card and queue drivers. The new /sys layout is as follows:

/sys/bus/ap
    devices
        <xx>.<yyyy> -> ../../../devices/ap/card<xx>/<xx>.<yyyy>
        ...
        card<xx> -> ../../../devices/ap/card<xx>
        ...
    drivers
        <drv>card
            card<xx> -> ../../../../devices/ap/card<xx>
        <drv>queue
            <xx>.<yyyy> -> ../../../../devices/ap/card<xx>/<xx>.<yyyy>
            ...

/sys/devices/ap
    card<xx>
        <xx>.<yyyy>
            driver -> ../../../../bus/ap/drivers/<zzz>queue
            ...
        driver -> ../../../bus/ap/drivers/<drv>card
        ...

The two digit <xx> field is the card number, the four digit <yyyy>
field is the queue number and <drv> is the name of the device driver,
e.g. "cex4".

For compatability /sys/bus/ap/card<xx> for the old layout has to exist,
including the attributes that used to reside there.

With additional contributions from Harald Freudenberger and
Martin Schwidefsky.

Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-12-14 16:33:38 +01:00
Ingo Tuchscherer
34a1516773 s390/zcrypt: Introduce workload balancing
Crypto requests are very different in complexity and thus runtime.
Also various crypto adapters are differ with regard to the execution
time. Crypto requests can be balanced much better when the request
type and eligible crypto adapters are rated in a more precise
granularity. Therefore, request weights and adapter speed rates for
dedicated requests will be introduced.

Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-12-14 16:33:38 +01:00
Martin Schwidefsky
9af3e04ee4 s390/zcrypt: get rid of ap_poll_requests
The poll thread of the AP bus is burning CPU while waiting for
crypto requests to complete. We can as well burn a few more cycles
in the poll thread to check if there are pending requests and
remove the atomic operations with the ap_poll_requests.
This improves the code if the machine has adapter interrupts.

Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-12-14 16:33:38 +01:00
Martin Schwidefsky
0db78559f9 s390/zcrypt: header for the AP inline assmblies
Move the inline assemblies for the AP bus into a separate header file.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-12-14 16:33:38 +01:00
Martin Schwidefsky
236fb2ab95 s390/zcrypt: simplify message type handling
Now that the message type modules are linked with the zcrypt_api
into a single module the zcrypt_ops_list is initialized by
the module init function of the zcyppt.ko module. After that
the list is static and all message types are present.

Drop the zcrypt_ops_list_lock spinlock and the module handling
in regard to the message types.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-12-14 16:33:37 +01:00
Ingo Tuchscherer
fc1d3f0254 s390/zcrypt: Move the ap bus into kernel
Move the ap bus into the kernel and make it general available.
Additionally include the message types and the API layer as a
preparation for the workload management facility.

Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-12-14 16:33:37 +01:00
Harald Freudenberger
b3e8652bcb s390/zcrypt: Introduce CEX6 toleration
Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-12-14 16:33:37 +01:00
Lars-Peter Clausen
3e488c95c7 s390/zcrypt: Convert to PM ops
Switch the zcrypt bus from legacy suspend/resume callbacks to dev_pm_ops.
The conversion is straight forward with the help of SIMPLE_DEV_PM_OPS().
The new dev_pm_ops based version is functionally equivalent to the legacy
callbacks version.

This will allow to eventually remove support for legacy suspend/resume
callbacks from the kernel altogether.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-12-02 07:36:22 +01:00
Wei Yongjun
33c388b81c s390/zcrypt: fix possible memory leak in ap_module_init()
ap_configuration is malloced in ap_module_init() and should be freed
before leaving from the error handling cases, otherwise it may cause
memory leak.

Signed-off-by: Wei Yongjun <weiyj.lk@gmail.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-07-31 06:10:41 -04:00
Ingo Tuchscherer
d6d86c57d7 s390/zcrypt: Fix zcrypt suspend/resume behavior
The device suspend call triggers all ap devices to fetch potentially
available response messages from the queues. Therefore the
corresponding zcrypt device, that is allocated asynchronously after
ap device probing, needs to be fully prepared. This race condition
could lead to uninitialized response buffers while trying to read
from the queues.

Introduce a new callback within the ap layer to get noticed when a
zcrypt device is fully prepared. Additional checks prevent reading
from devices that are not fully prepared.

Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-07-31 05:27:58 -04:00
Heiko Carstens
11d3767303 s390/crypto: use basic blocks for ap bus inline assemblies
Use only simple inline assemblies which consist of a single basic
block if the register asm construct is being used.

Otherwise gcc would generate broken code if the compiler option
--sanitize-coverage=trace-pc would be used.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-06-28 09:32:30 +02:00
Heiko Carstens
f70a34c576 s390: make couple of variables and functions static
copy_oldmem_user() and ap_jumptable are private to the files they are
being used in. Therefore make them static.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-05-10 13:24:50 +02:00
Ingo Tuchscherer
d8f51227f3 s390/zcrypt: Fix cryptographic device id in kernel messages
Currently, on card response failures a combination of card domain and
domain id is recorded in the kernel messages.

According to the message description only the card id will be recorded.
The domain id is not relevant, since the whole card including all domains
is set offline.

Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-01-26 12:46:58 +01:00
Markus Elfring
a6e975c5f8 s390: Delete unnecessary checks before the function call "debug_unregister"
The debug_unregister() function performs also input parameter validation.
Thus the test around the calls is not needed.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2015-11-27 09:24:16 +01:00
Ingo Tuchscherer
2bc53b8046 s390/zcrypt: Fix AP queue handling if queue is full
When the AP queue depth of requests was reached additional requests
have been ignored. These request are stuck in the request queue.

The AP queue handling now push the next waiting request into the
queue after fetching a previous serviced and finished reply.

Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
Acked-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Acked-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2015-11-27 09:23:29 +01:00
Sascha Silbe
121a868d05 s390/zcrypt: Fix initialisation when zcrypt is built-in
ap_bus and zcrypt_api assumed module information to always be present
and initialisation to be done in module loading order (symbol
dependencies). These assumptions don't hold if zcrypt is built-in;
THIS_MODULE will be NULL in this case and init call order is linker
order, i.e. Makefile order.

Fix initialisation order by ordering the object files in the Makefile
according to their dependencies, like the module loader would do.

Fix message type registration by using a dedicated "name" field rather
than piggy-backing on the module ("owner") information. There's no
change to the requirement that module name and msgtype name are
identical. The existing name macros are used.

We don't need any special code for dealing with the drivers being
built-in; the generic module support code already does the right
thing.

Test results:
1. CONFIG_MODULES=y, CONFIG_ZCRYPT=y

   KVM: boots, no /sys/bus/ap (expected)
   LPAR with CEX5: boots, /sys/bus/ap/devices/card*/type present

2. CONFIG_MODULES=y, CONFIG_ZCRYPT=m=:

   KVM: boots, loading zcrypt_cex4 (and ap) fails (expected)
   LPAR with CEX5: boots, loading =zcrypt_cex4= succeeds,
   /sys/bus/ap/devices/card*/type present after explicit module
   loading

3. CONFIG_MODULES unset, CONFIG_ZCRYPT=y:
   KVM: boots, no /sys/bus/ap (expected)
   LPAR with CEX5: boots, /sys/bus/ap/devices/card*/type present

No further testing (user-space functionality) was done.

Fixes: 3b6245fd303f ("s390/zcrypt: Separate msgtype implementation from card modules.")
Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2015-11-11 13:56:34 +01:00
Sascha Silbe
e387753c5f s390/zcrypt: Fix kernel crash on systems without AP bus support
On systems without AP bus (e.g. KVM) the kernel crashes during init
calls when zcrypt is built-in:

kernel BUG at drivers/base/driver.c:153!
illegal operation: 0001 ilc:1 [#1] SMP
Modules linked in:
CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.2.0+ #221
task: 0000000010a40000 ti: 0000000010a48000 task.ti:0000000010a48000
Krnl PSW : 0704c00180000000 0000000000592bd6(driver_register+0x106/0x140)
           R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 EA:3
           0000000000000012 0000000000000000 0000000000c45328 0000000000c44e30
           00000000009ef63c 000000000067f598 0000000000cf3c58 0000000000000000
           000000000000007b 0000000000cb1030 0000000000000002 0000000000000000
           0000000000ca8580 0000000010306700 00000000001001d8 0000000010a4bd88
Krnl Code: 0000000000592bc6: f0b00004ebcf	srp 4(12,%r0),3023(%r14),0
           0000000000592bcc: f0a0000407f4       srp     4(11,%r0),2036,0
          #0000000000592bd2: a7f40001           brc     15,592bd4
          >0000000000592bd6: e330d0000004       lg      %r3,0(%r13)
           0000000000592bdc: c0200021edfd       larl    %r2,9d07d6
           0000000000592be2: c0e500126d8f       brasl   %r14,7e0700
           0000000000592be8: e330d0080004       lg      %r3,8(%r13)
           0000000000592bee: a7f4ffab           brc     15,592b44
Call Trace:
([<00000000001001c8>] do_one_initcall+0x90/0x1d0)
 [<0000000000c6dd34>] kernel_init_freeable+0x1e4/0x2a0
 [<00000000007db53a>] kernel_init+0x2a/0x120
 [<00000000007e8ece>] kernel_thread_starter+0x6/0xc
 [<00000000007e8ec8>] kernel_thread_starter+0x0/0xc
Last Breaking-Event-Address:
 [<0000000000592bd2>] driver_register+0x102/0x140

When zcrypt is built as a module, the module loader ensures that the
driver modules cannot be loaded if the AP bus module returns an error
during initialisation. But if zcrypt and the driver are built-in, the
driver is getting initialised even if the AP bus initialisation
failed. The driver invokes ap_driver_register() during initialisation,
which then causes operations on uninitialised data structures to be
performed.

Explicitly protect ap_driver_register() by introducing an
"initialised" flag that gets set iff the AP bus initialisation was
successful. When the AP bus initialisation failed,
ap_driver_register() will error out with -ENODEV, causing the driver
initialisation to fail as well.

Test results:
1. Inside KVM (no AP bus), zcrypt built-in

   Boots. /sys/bus/ap not present (expected).

2. Inside KVM (no AP bus), zcrypt as module

   Boots. Loading zcrypt_cex4 fails because loading ap_bus fails
   (expected).

3. On LPAR with CEX5, zcrypt built-in

   Boots. /sys/bus/ap/devices/card* present but .../card*/type missing
   (i.e. zcrypt_device_register() fails, unrelated issue).

4. On LPAR with CEX5, zcrypt as module

   Boots. Loading zcrypt_cex4 successful,
   /sys/bus/ap/devices/card*/type present. No further testing
   (user-space functionality) was done.

Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2015-11-11 13:56:30 +01:00
Martin Schwidefsky
8139b89d7c s390/zcrypt: use system work queue for ap_scan_bus
There is a system work queue system_long_wq for long running work.
Use this work queue for the AP bus scan loop.

Reviewd-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2015-10-14 14:32:25 +02:00
Martin Schwidefsky
b96a9e5140 s390/zcrypt: remove support for PCICC and PCICA cards
Remove the code for really old crypt cards, PCICC and PCICA.
These cards have been out of service for several years.

Reviewd-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2015-10-14 14:32:24 +02:00
Martin Schwidefsky
3f3007afda s390/zcrypt: introduce state machine for the AP bus
Replace the two fields 'unregistered' and 'reset' with a device
state with 5 possible values. Introduce two events for the AP devices,
device poll and device timeout. With the state machine it is easier
to deal with device initialization and suspend/resume. Device polling
is simpler as well, the arkane 'flags' passing is gone.

Reviewd-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2015-10-14 14:32:23 +02:00
Martin Schwidefsky
f58fe33600 s390/zcrypt: use explicit return code for flushed requests
If a AP device is removed while messages are still pending, the requests
are cancelled by calling the message receive function with an error pointer
for the reply. The message type receive handler recognize this and create
a fake hardware error TYPE82_RSP_CODE / REP82_ERROR_MACHINE_FAILURE.
The message with the hardware error then causes a printk and a return
code of -EAGAIN.

Replace the intricate scheme with an explicit return code for this sitation
and avoid the error message.

Reviewd-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2015-10-14 14:32:22 +02:00