2017-11-15 01:38:01 +08:00
|
|
|
// SPDX-License-Identifier: GPL-2.0
|
2012-08-28 22:48:29 +08:00
|
|
|
/*
|
|
|
|
* Copyright IBM Corp. 2012
|
|
|
|
* Author(s): Holger Dengler <hd@linux.vnet.ibm.com>
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <linux/module.h>
|
|
|
|
#include <linux/slab.h>
|
|
|
|
#include <linux/init.h>
|
|
|
|
#include <linux/err.h>
|
|
|
|
#include <linux/atomic.h>
|
|
|
|
#include <linux/uaccess.h>
|
2016-08-25 17:16:03 +08:00
|
|
|
#include <linux/mod_devicetable.h>
|
2012-08-28 22:48:29 +08:00
|
|
|
|
|
|
|
#include "ap_bus.h"
|
|
|
|
#include "zcrypt_api.h"
|
|
|
|
#include "zcrypt_msgtype6.h"
|
|
|
|
#include "zcrypt_msgtype50.h"
|
|
|
|
#include "zcrypt_error.h"
|
|
|
|
#include "zcrypt_cex4.h"
|
|
|
|
|
|
|
|
#define CEX4A_MIN_MOD_SIZE 1 /* 8 bits */
|
|
|
|
#define CEX4A_MAX_MOD_SIZE_2K 256 /* 2048 bits */
|
|
|
|
#define CEX4A_MAX_MOD_SIZE_4K 512 /* 4096 bits */
|
|
|
|
|
|
|
|
#define CEX4C_MIN_MOD_SIZE 16 /* 256 bits */
|
|
|
|
#define CEX4C_MAX_MOD_SIZE 512 /* 4096 bits */
|
|
|
|
|
|
|
|
#define CEX4A_MAX_MESSAGE_SIZE MSGTYPE50_CRB3_MAX_MSG_SIZE
|
|
|
|
#define CEX4C_MAX_MESSAGE_SIZE MSGTYPE06_MAX_MSG_SIZE
|
|
|
|
|
2013-11-20 17:47:13 +08:00
|
|
|
/* Waiting time for requests to be processed.
|
|
|
|
* Currently there are some types of request which are not deterministic.
|
|
|
|
* But the maximum time limit managed by the stomper code is set to 60sec.
|
|
|
|
* Hence we have to wait at least that time period.
|
|
|
|
*/
|
2015-06-17 22:19:15 +08:00
|
|
|
#define CEX4_CLEANUP_TIME (900*HZ)
|
2012-08-28 22:48:29 +08:00
|
|
|
|
|
|
|
MODULE_AUTHOR("IBM Corporation");
|
|
|
|
MODULE_DESCRIPTION("CEX4 Cryptographic Card device driver, " \
|
|
|
|
"Copyright IBM Corp. 2012");
|
|
|
|
MODULE_LICENSE("GPL");
|
|
|
|
|
2016-08-25 17:16:03 +08:00
|
|
|
static struct ap_device_id zcrypt_cex4_card_ids[] = {
|
|
|
|
{ .dev_type = AP_DEVICE_TYPE_CEX4,
|
|
|
|
.match_flags = AP_DEVICE_ID_MATCH_CARD_TYPE },
|
|
|
|
{ .dev_type = AP_DEVICE_TYPE_CEX5,
|
|
|
|
.match_flags = AP_DEVICE_ID_MATCH_CARD_TYPE },
|
2017-10-10 17:25:06 +08:00
|
|
|
{ .dev_type = AP_DEVICE_TYPE_CEX6,
|
|
|
|
.match_flags = AP_DEVICE_ID_MATCH_CARD_TYPE },
|
2016-08-25 17:16:03 +08:00
|
|
|
{ /* end of list */ },
|
|
|
|
};
|
|
|
|
|
|
|
|
MODULE_DEVICE_TABLE(ap, zcrypt_cex4_card_ids);
|
2012-08-28 22:48:29 +08:00
|
|
|
|
2016-08-25 17:16:03 +08:00
|
|
|
static struct ap_device_id zcrypt_cex4_queue_ids[] = {
|
|
|
|
{ .dev_type = AP_DEVICE_TYPE_CEX4,
|
|
|
|
.match_flags = AP_DEVICE_ID_MATCH_QUEUE_TYPE },
|
|
|
|
{ .dev_type = AP_DEVICE_TYPE_CEX5,
|
|
|
|
.match_flags = AP_DEVICE_ID_MATCH_QUEUE_TYPE },
|
2017-10-10 17:25:06 +08:00
|
|
|
{ .dev_type = AP_DEVICE_TYPE_CEX6,
|
|
|
|
.match_flags = AP_DEVICE_ID_MATCH_QUEUE_TYPE },
|
2016-08-25 17:16:03 +08:00
|
|
|
{ /* end of list */ },
|
2012-08-28 22:48:29 +08:00
|
|
|
};
|
|
|
|
|
2016-08-25 17:16:03 +08:00
|
|
|
MODULE_DEVICE_TABLE(ap, zcrypt_cex4_queue_ids);
|
|
|
|
|
2012-08-28 22:48:29 +08:00
|
|
|
/**
|
2016-08-25 17:16:03 +08:00
|
|
|
* Probe function for CEX4 card device. It always accepts the AP device
|
2012-08-28 22:48:29 +08:00
|
|
|
* since the bus_match already checked the hardware type.
|
|
|
|
* @ap_dev: pointer to the AP device.
|
|
|
|
*/
|
2016-08-25 17:16:03 +08:00
|
|
|
static int zcrypt_cex4_card_probe(struct ap_device *ap_dev)
|
2012-08-28 22:48:29 +08:00
|
|
|
{
|
2016-08-25 17:14:15 +08:00
|
|
|
/*
|
|
|
|
* Normalized speed ratings per crypto adapter
|
|
|
|
* MEX_1k, MEX_2k, MEX_4k, CRT_1k, CRT_2k, CRT_4k, RNG, SECKEY
|
|
|
|
*/
|
2016-08-25 17:16:03 +08:00
|
|
|
static const int CEX4A_SPEED_IDX[] = {
|
2017-10-10 17:25:06 +08:00
|
|
|
14, 19, 249, 42, 228, 1458, 0, 0};
|
2016-08-25 17:16:03 +08:00
|
|
|
static const int CEX5A_SPEED_IDX[] = {
|
2017-10-10 17:25:06 +08:00
|
|
|
8, 9, 20, 18, 66, 458, 0, 0};
|
|
|
|
static const int CEX6A_SPEED_IDX[] = {
|
|
|
|
6, 9, 20, 17, 65, 438, 0, 0};
|
|
|
|
|
2016-08-25 17:16:03 +08:00
|
|
|
static const int CEX4C_SPEED_IDX[] = {
|
2017-10-10 17:25:06 +08:00
|
|
|
59, 69, 308, 83, 278, 2204, 209, 40};
|
2016-08-25 17:16:03 +08:00
|
|
|
static const int CEX5C_SPEED_IDX[] = {
|
2017-10-10 17:25:06 +08:00
|
|
|
24, 31, 50, 37, 90, 479, 27, 10};
|
|
|
|
static const int CEX6C_SPEED_IDX[] = {
|
|
|
|
16, 20, 32, 27, 77, 455, 23, 9};
|
|
|
|
|
2016-08-25 17:16:03 +08:00
|
|
|
static const int CEX4P_SPEED_IDX[] = {
|
2017-10-10 17:25:06 +08:00
|
|
|
224, 313, 3560, 359, 605, 2827, 0, 50};
|
2016-08-25 17:16:03 +08:00
|
|
|
static const int CEX5P_SPEED_IDX[] = {
|
2017-10-10 17:25:06 +08:00
|
|
|
63, 84, 156, 83, 142, 533, 0, 10};
|
|
|
|
static const int CEX6P_SPEED_IDX[] = {
|
|
|
|
55, 70, 121, 73, 129, 522, 0, 9};
|
2016-08-25 17:16:03 +08:00
|
|
|
|
|
|
|
struct ap_card *ac = to_ap_card(&ap_dev->device);
|
|
|
|
struct zcrypt_card *zc;
|
2012-08-28 22:48:29 +08:00
|
|
|
int rc = 0;
|
|
|
|
|
2016-08-25 17:16:03 +08:00
|
|
|
zc = zcrypt_card_alloc();
|
|
|
|
if (!zc)
|
|
|
|
return -ENOMEM;
|
|
|
|
zc->card = ac;
|
|
|
|
ac->private = zc;
|
|
|
|
if (ap_test_bit(&ac->functions, AP_FUNC_ACCEL)) {
|
|
|
|
if (ac->ap_dev.device_type == AP_DEVICE_TYPE_CEX4) {
|
|
|
|
zc->type_string = "CEX4A";
|
|
|
|
zc->user_space_type = ZCRYPT_CEX4;
|
|
|
|
memcpy(zc->speed_rating, CEX4A_SPEED_IDX,
|
|
|
|
sizeof(CEX4A_SPEED_IDX));
|
2017-10-10 17:25:06 +08:00
|
|
|
} else if (ac->ap_dev.device_type == AP_DEVICE_TYPE_CEX5) {
|
2016-08-25 17:16:03 +08:00
|
|
|
zc->type_string = "CEX5A";
|
|
|
|
zc->user_space_type = ZCRYPT_CEX5;
|
|
|
|
memcpy(zc->speed_rating, CEX5A_SPEED_IDX,
|
|
|
|
sizeof(CEX5A_SPEED_IDX));
|
2017-10-10 17:25:06 +08:00
|
|
|
} else {
|
|
|
|
zc->type_string = "CEX6A";
|
|
|
|
zc->user_space_type = ZCRYPT_CEX6;
|
|
|
|
memcpy(zc->speed_rating, CEX6A_SPEED_IDX,
|
|
|
|
sizeof(CEX6A_SPEED_IDX));
|
2012-08-28 22:48:29 +08:00
|
|
|
}
|
2016-08-25 17:16:03 +08:00
|
|
|
zc->min_mod_size = CEX4A_MIN_MOD_SIZE;
|
|
|
|
if (ap_test_bit(&ac->functions, AP_FUNC_MEX4K) &&
|
|
|
|
ap_test_bit(&ac->functions, AP_FUNC_CRT4K)) {
|
|
|
|
zc->max_mod_size = CEX4A_MAX_MOD_SIZE_4K;
|
|
|
|
zc->max_exp_bit_length =
|
|
|
|
CEX4A_MAX_MOD_SIZE_4K;
|
|
|
|
} else {
|
|
|
|
zc->max_mod_size = CEX4A_MAX_MOD_SIZE_2K;
|
|
|
|
zc->max_exp_bit_length =
|
|
|
|
CEX4A_MAX_MOD_SIZE_2K;
|
|
|
|
}
|
|
|
|
} else if (ap_test_bit(&ac->functions, AP_FUNC_COPRO)) {
|
|
|
|
if (ac->ap_dev.device_type == AP_DEVICE_TYPE_CEX4) {
|
|
|
|
zc->type_string = "CEX4C";
|
|
|
|
/* wrong user space type, must be CEX4
|
|
|
|
* just keep it for cca compatibility
|
|
|
|
*/
|
|
|
|
zc->user_space_type = ZCRYPT_CEX3C;
|
|
|
|
memcpy(zc->speed_rating, CEX4C_SPEED_IDX,
|
|
|
|
sizeof(CEX4C_SPEED_IDX));
|
2017-10-10 17:25:06 +08:00
|
|
|
} else if (ac->ap_dev.device_type == AP_DEVICE_TYPE_CEX5) {
|
2016-08-25 17:16:03 +08:00
|
|
|
zc->type_string = "CEX5C";
|
|
|
|
/* wrong user space type, must be CEX5
|
|
|
|
* just keep it for cca compatibility
|
|
|
|
*/
|
|
|
|
zc->user_space_type = ZCRYPT_CEX3C;
|
|
|
|
memcpy(zc->speed_rating, CEX5C_SPEED_IDX,
|
|
|
|
sizeof(CEX5C_SPEED_IDX));
|
2017-10-10 17:25:06 +08:00
|
|
|
} else {
|
|
|
|
zc->type_string = "CEX6C";
|
|
|
|
/* wrong user space type, must be CEX6
|
|
|
|
* just keep it for cca compatibility
|
|
|
|
*/
|
|
|
|
zc->user_space_type = ZCRYPT_CEX3C;
|
|
|
|
memcpy(zc->speed_rating, CEX6C_SPEED_IDX,
|
|
|
|
sizeof(CEX6C_SPEED_IDX));
|
2016-08-25 17:16:03 +08:00
|
|
|
}
|
|
|
|
zc->min_mod_size = CEX4C_MIN_MOD_SIZE;
|
|
|
|
zc->max_mod_size = CEX4C_MAX_MOD_SIZE;
|
|
|
|
zc->max_exp_bit_length = CEX4C_MAX_MOD_SIZE;
|
|
|
|
} else if (ap_test_bit(&ac->functions, AP_FUNC_EP11)) {
|
|
|
|
if (ac->ap_dev.device_type == AP_DEVICE_TYPE_CEX4) {
|
|
|
|
zc->type_string = "CEX4P";
|
|
|
|
zc->user_space_type = ZCRYPT_CEX4;
|
|
|
|
memcpy(zc->speed_rating, CEX4P_SPEED_IDX,
|
|
|
|
sizeof(CEX4P_SPEED_IDX));
|
2017-10-10 17:25:06 +08:00
|
|
|
} else if (ac->ap_dev.device_type == AP_DEVICE_TYPE_CEX5) {
|
2016-08-25 17:16:03 +08:00
|
|
|
zc->type_string = "CEX5P";
|
|
|
|
zc->user_space_type = ZCRYPT_CEX5;
|
|
|
|
memcpy(zc->speed_rating, CEX5P_SPEED_IDX,
|
|
|
|
sizeof(CEX5P_SPEED_IDX));
|
2017-10-10 17:25:06 +08:00
|
|
|
} else {
|
|
|
|
zc->type_string = "CEX6P";
|
|
|
|
zc->user_space_type = ZCRYPT_CEX6;
|
|
|
|
memcpy(zc->speed_rating, CEX6P_SPEED_IDX,
|
|
|
|
sizeof(CEX6P_SPEED_IDX));
|
2016-08-25 17:16:03 +08:00
|
|
|
}
|
|
|
|
zc->min_mod_size = CEX4C_MIN_MOD_SIZE;
|
|
|
|
zc->max_mod_size = CEX4C_MAX_MOD_SIZE;
|
|
|
|
zc->max_exp_bit_length = CEX4C_MAX_MOD_SIZE;
|
|
|
|
} else {
|
|
|
|
zcrypt_card_free(zc);
|
2012-08-28 22:48:29 +08:00
|
|
|
return -ENODEV;
|
2016-08-25 17:16:03 +08:00
|
|
|
}
|
|
|
|
zc->online = 1;
|
|
|
|
|
|
|
|
rc = zcrypt_card_register(zc);
|
2012-08-28 22:48:29 +08:00
|
|
|
if (rc) {
|
2016-08-25 17:16:03 +08:00
|
|
|
ac->private = NULL;
|
|
|
|
zcrypt_card_free(zc);
|
2012-08-28 22:48:29 +08:00
|
|
|
}
|
2016-08-25 17:16:03 +08:00
|
|
|
|
2012-08-28 22:48:29 +08:00
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2016-08-25 17:16:03 +08:00
|
|
|
* This is called to remove the CEX4 card driver information
|
|
|
|
* if an AP card device is removed.
|
2012-08-28 22:48:29 +08:00
|
|
|
*/
|
2016-08-25 17:16:03 +08:00
|
|
|
static void zcrypt_cex4_card_remove(struct ap_device *ap_dev)
|
2012-08-28 22:48:29 +08:00
|
|
|
{
|
2016-08-25 17:16:03 +08:00
|
|
|
struct zcrypt_card *zc = to_ap_card(&ap_dev->device)->private;
|
2012-08-28 22:48:29 +08:00
|
|
|
|
2016-08-25 17:16:03 +08:00
|
|
|
if (zc)
|
|
|
|
zcrypt_card_unregister(zc);
|
|
|
|
}
|
|
|
|
|
|
|
|
static struct ap_driver zcrypt_cex4_card_driver = {
|
|
|
|
.probe = zcrypt_cex4_card_probe,
|
|
|
|
.remove = zcrypt_cex4_card_remove,
|
|
|
|
.ids = zcrypt_cex4_card_ids,
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 14:36:53 +08:00
|
|
|
.flags = AP_DRIVER_FLAG_DEFAULT,
|
2016-08-25 17:16:03 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Probe function for CEX4 queue device. It always accepts the AP device
|
|
|
|
* since the bus_match already checked the hardware type.
|
|
|
|
* @ap_dev: pointer to the AP device.
|
|
|
|
*/
|
|
|
|
static int zcrypt_cex4_queue_probe(struct ap_device *ap_dev)
|
|
|
|
{
|
|
|
|
struct ap_queue *aq = to_ap_queue(&ap_dev->device);
|
|
|
|
struct zcrypt_queue *zq;
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
if (ap_test_bit(&aq->card->functions, AP_FUNC_ACCEL)) {
|
|
|
|
zq = zcrypt_queue_alloc(CEX4A_MAX_MESSAGE_SIZE);
|
|
|
|
if (!zq)
|
|
|
|
return -ENOMEM;
|
|
|
|
zq->ops = zcrypt_msgtype(MSGTYPE50_NAME,
|
|
|
|
MSGTYPE50_VARIANT_DEFAULT);
|
|
|
|
} else if (ap_test_bit(&aq->card->functions, AP_FUNC_COPRO)) {
|
|
|
|
zq = zcrypt_queue_alloc(CEX4C_MAX_MESSAGE_SIZE);
|
|
|
|
if (!zq)
|
|
|
|
return -ENOMEM;
|
|
|
|
zq->ops = zcrypt_msgtype(MSGTYPE06_NAME,
|
|
|
|
MSGTYPE06_VARIANT_DEFAULT);
|
|
|
|
} else if (ap_test_bit(&aq->card->functions, AP_FUNC_EP11)) {
|
|
|
|
zq = zcrypt_queue_alloc(CEX4C_MAX_MESSAGE_SIZE);
|
|
|
|
if (!zq)
|
|
|
|
return -ENOMEM;
|
|
|
|
zq->ops = zcrypt_msgtype(MSGTYPE06_NAME,
|
|
|
|
MSGTYPE06_VARIANT_EP11);
|
|
|
|
} else {
|
|
|
|
return -ENODEV;
|
2012-08-28 22:48:29 +08:00
|
|
|
}
|
2016-08-25 17:16:03 +08:00
|
|
|
zq->queue = aq;
|
|
|
|
zq->online = 1;
|
|
|
|
atomic_set(&zq->load, 0);
|
|
|
|
ap_queue_init_reply(aq, &zq->reply);
|
|
|
|
aq->request_timeout = CEX4_CLEANUP_TIME,
|
|
|
|
aq->private = zq;
|
|
|
|
rc = zcrypt_queue_register(zq);
|
|
|
|
if (rc) {
|
|
|
|
aq->private = NULL;
|
|
|
|
zcrypt_queue_free(zq);
|
|
|
|
}
|
|
|
|
|
|
|
|
return rc;
|
2012-08-28 22:48:29 +08:00
|
|
|
}
|
|
|
|
|
2016-08-25 17:16:03 +08:00
|
|
|
/**
|
|
|
|
* This is called to remove the CEX4 queue driver information
|
|
|
|
* if an AP queue device is removed.
|
|
|
|
*/
|
|
|
|
static void zcrypt_cex4_queue_remove(struct ap_device *ap_dev)
|
|
|
|
{
|
|
|
|
struct ap_queue *aq = to_ap_queue(&ap_dev->device);
|
|
|
|
struct zcrypt_queue *zq = aq->private;
|
|
|
|
|
|
|
|
ap_queue_remove(aq);
|
|
|
|
if (zq)
|
|
|
|
zcrypt_queue_unregister(zq);
|
|
|
|
}
|
|
|
|
|
|
|
|
static struct ap_driver zcrypt_cex4_queue_driver = {
|
|
|
|
.probe = zcrypt_cex4_queue_probe,
|
|
|
|
.remove = zcrypt_cex4_queue_remove,
|
|
|
|
.suspend = ap_queue_suspend,
|
|
|
|
.resume = ap_queue_resume,
|
|
|
|
.ids = zcrypt_cex4_queue_ids,
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 14:36:53 +08:00
|
|
|
.flags = AP_DRIVER_FLAG_DEFAULT,
|
2016-08-25 17:16:03 +08:00
|
|
|
};
|
|
|
|
|
2012-08-28 22:48:29 +08:00
|
|
|
int __init zcrypt_cex4_init(void)
|
|
|
|
{
|
2016-08-25 17:16:03 +08:00
|
|
|
int rc;
|
|
|
|
|
|
|
|
rc = ap_driver_register(&zcrypt_cex4_card_driver,
|
|
|
|
THIS_MODULE, "cex4card");
|
|
|
|
if (rc)
|
|
|
|
return rc;
|
|
|
|
|
|
|
|
rc = ap_driver_register(&zcrypt_cex4_queue_driver,
|
|
|
|
THIS_MODULE, "cex4queue");
|
|
|
|
if (rc)
|
|
|
|
ap_driver_unregister(&zcrypt_cex4_card_driver);
|
|
|
|
|
|
|
|
return rc;
|
2012-08-28 22:48:29 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void __exit zcrypt_cex4_exit(void)
|
|
|
|
{
|
2016-08-25 17:16:03 +08:00
|
|
|
ap_driver_unregister(&zcrypt_cex4_queue_driver);
|
|
|
|
ap_driver_unregister(&zcrypt_cex4_card_driver);
|
2012-08-28 22:48:29 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
module_init(zcrypt_cex4_init);
|
|
|
|
module_exit(zcrypt_cex4_exit);
|