add new system file

hc

2024-02-20 102a0743326a03cd1a1202ceda21e175b7d3575c

 kernel/drivers/s390/crypto/zcrypt_api.c
..
..
@@ -1,8 +1,6 @@
1
1
 // SPDX-License-Identifier: GPL-2.0+
2
2
 /*
3
- *  zcrypt 2.1.0
4
- *
5
- *  Copyright IBM Corp. 2001, 2012
3
+ *  Copyright IBM Corp. 2001, 2018
6
4
  *  Author(s): Robert Burroughs
7
5
  *	       Eric Rossman (edrossma@us.ibm.com)
8
6
  *	       Cornelia Huck <cornelia.huck@de.ibm.com>
..
..
@@ -11,6 +9,7 @@
11
9
  *  Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com>
12
10
  *				  Ralph Wuerthner <rwuerthn@de.ibm.com>
13
11
  *  MSGTYPE restruct:		  Holger Dengler <hd@linux.vnet.ibm.com>
12
+ *  Multiple device nodes: Harald Freudenberger <freude@linux.ibm.com>
14
13
  */
15
14
 
16
15
 #include <linux/module.h>
..
..
@@ -24,6 +23,9 @@
24
23
 #include <linux/uaccess.h>
25
24
 #include <linux/hw_random.h>
26
25
 #include <linux/debugfs.h>
26
+#include <linux/cdev.h>
27
+#include <linux/ctype.h>
28
+#include <linux/capability.h>
27
29
 #include <asm/debug.h>
28
30
 
29
31
 #define CREATE_TRACE_POINTS
..
..
@@ -34,6 +36,8 @@
34
36
 
35
37
 #include "zcrypt_msgtype6.h"
36
38
 #include "zcrypt_msgtype50.h"
39
+#include "zcrypt_ccamisc.h"
40
+#include "zcrypt_ep11misc.h"
37
41
 
38
42
 /*
39
43
  * Module description.
..
..
@@ -108,6 +112,358 @@
108
112
 }
109
113
 EXPORT_SYMBOL(zcrypt_msgtype);
110
114
 
115
+/*
116
+ * Multi device nodes extension functions.
117
+ */
118
+
119
+#ifdef CONFIG_ZCRYPT_MULTIDEVNODES
120
+
121
+struct zcdn_device;
122
+
123
+static struct class *zcrypt_class;
124
+static dev_t zcrypt_devt;
125
+static struct cdev zcrypt_cdev;
126
+
127
+struct zcdn_device {
128
+	struct device device;
129
+	struct ap_perms perms;
130
+};
131
+
132
+#define to_zcdn_dev(x) container_of((x), struct zcdn_device, device)
133
+
134
+#define ZCDN_MAX_NAME 32
135
+
136
+static int zcdn_create(const char *name);
137
+static int zcdn_destroy(const char *name);
138
+
139
+/*
140
+ * Find zcdn device by name.
141
+ * Returns reference to the zcdn device which needs to be released
142
+ * with put_device() after use.
143
+ */
144
+static inline struct zcdn_device *find_zcdndev_by_name(const char *name)
145
+{
146
+	struct device *dev = class_find_device_by_name(zcrypt_class, name);
147
+
148
+	return dev ? to_zcdn_dev(dev) : NULL;
149
+}
150
+
151
+/*
152
+ * Find zcdn device by devt value.
153
+ * Returns reference to the zcdn device which needs to be released
154
+ * with put_device() after use.
155
+ */
156
+static inline struct zcdn_device *find_zcdndev_by_devt(dev_t devt)
157
+{
158
+	struct device *dev = class_find_device_by_devt(zcrypt_class, devt);
159
+
160
+	return dev ? to_zcdn_dev(dev) : NULL;
161
+}
162
+
163
+static ssize_t ioctlmask_show(struct device *dev,
164
+			      struct device_attribute *attr,
165
+			      char *buf)
166
+{
167
+	int i, rc;
168
+	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
169
+
170
+	if (mutex_lock_interruptible(&ap_perms_mutex))
171
+		return -ERESTARTSYS;
172
+
173
+	buf[0] = '0';
174
+	buf[1] = 'x';
175
+	for (i = 0; i < sizeof(zcdndev->perms.ioctlm) / sizeof(long); i++)
176
+		snprintf(buf + 2 + 2 * i * sizeof(long),
177
+			 PAGE_SIZE - 2 - 2 * i * sizeof(long),
178
+			 "%016lx", zcdndev->perms.ioctlm[i]);
179
+	buf[2 + 2 * i * sizeof(long)] = '\n';
180
+	buf[2 + 2 * i * sizeof(long) + 1] = '\0';
181
+	rc = 2 + 2 * i * sizeof(long) + 1;
182
+
183
+	mutex_unlock(&ap_perms_mutex);
184
+
185
+	return rc;
186
+}
187
+
188
+static ssize_t ioctlmask_store(struct device *dev,
189
+			       struct device_attribute *attr,
190
+			       const char *buf, size_t count)
191
+{
192
+	int rc;
193
+	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
194
+
195
+	rc = ap_parse_mask_str(buf, zcdndev->perms.ioctlm,
196
+			       AP_IOCTLS, &ap_perms_mutex);
197
+	if (rc)
198
+		return rc;
199
+
200
+	return count;
201
+}
202
+
203
+static DEVICE_ATTR_RW(ioctlmask);
204
+
205
+static ssize_t apmask_show(struct device *dev,
206
+			   struct device_attribute *attr,
207
+			   char *buf)
208
+{
209
+	int i, rc;
210
+	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
211
+
212
+	if (mutex_lock_interruptible(&ap_perms_mutex))
213
+		return -ERESTARTSYS;
214
+
215
+	buf[0] = '0';
216
+	buf[1] = 'x';
217
+	for (i = 0; i < sizeof(zcdndev->perms.apm) / sizeof(long); i++)
218
+		snprintf(buf + 2 + 2 * i * sizeof(long),
219
+			 PAGE_SIZE - 2 - 2 * i * sizeof(long),
220
+			 "%016lx", zcdndev->perms.apm[i]);
221
+	buf[2 + 2 * i * sizeof(long)] = '\n';
222
+	buf[2 + 2 * i * sizeof(long) + 1] = '\0';
223
+	rc = 2 + 2 * i * sizeof(long) + 1;
224
+
225
+	mutex_unlock(&ap_perms_mutex);
226
+
227
+	return rc;
228
+}
229
+
230
+static ssize_t apmask_store(struct device *dev,
231
+			    struct device_attribute *attr,
232
+			    const char *buf, size_t count)
233
+{
234
+	int rc;
235
+	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
236
+
237
+	rc = ap_parse_mask_str(buf, zcdndev->perms.apm,
238
+			       AP_DEVICES, &ap_perms_mutex);
239
+	if (rc)
240
+		return rc;
241
+
242
+	return count;
243
+}
244
+
245
+static DEVICE_ATTR_RW(apmask);
246
+
247
+static ssize_t aqmask_show(struct device *dev,
248
+			   struct device_attribute *attr,
249
+			   char *buf)
250
+{
251
+	int i, rc;
252
+	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
253
+
254
+	if (mutex_lock_interruptible(&ap_perms_mutex))
255
+		return -ERESTARTSYS;
256
+
257
+	buf[0] = '0';
258
+	buf[1] = 'x';
259
+	for (i = 0; i < sizeof(zcdndev->perms.aqm) / sizeof(long); i++)
260
+		snprintf(buf + 2 + 2 * i * sizeof(long),
261
+			 PAGE_SIZE - 2 - 2 * i * sizeof(long),
262
+			 "%016lx", zcdndev->perms.aqm[i]);
263
+	buf[2 + 2 * i * sizeof(long)] = '\n';
264
+	buf[2 + 2 * i * sizeof(long) + 1] = '\0';
265
+	rc = 2 + 2 * i * sizeof(long) + 1;
266
+
267
+	mutex_unlock(&ap_perms_mutex);
268
+
269
+	return rc;
270
+}
271
+
272
+static ssize_t aqmask_store(struct device *dev,
273
+			    struct device_attribute *attr,
274
+			    const char *buf, size_t count)
275
+{
276
+	int rc;
277
+	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
278
+
279
+	rc = ap_parse_mask_str(buf, zcdndev->perms.aqm,
280
+			       AP_DOMAINS, &ap_perms_mutex);
281
+	if (rc)
282
+		return rc;
283
+
284
+	return count;
285
+}
286
+
287
+static DEVICE_ATTR_RW(aqmask);
288
+
289
+static struct attribute *zcdn_dev_attrs[] = {
290
+	&dev_attr_ioctlmask.attr,
291
+	&dev_attr_apmask.attr,
292
+	&dev_attr_aqmask.attr,
293
+	NULL
294
+};
295
+
296
+static struct attribute_group zcdn_dev_attr_group = {
297
+	.attrs = zcdn_dev_attrs
298
+};
299
+
300
+static const struct attribute_group *zcdn_dev_attr_groups[] = {
301
+	&zcdn_dev_attr_group,
302
+	NULL
303
+};
304
+
305
+static ssize_t zcdn_create_store(struct class *class,
306
+				 struct class_attribute *attr,
307
+				 const char *buf, size_t count)
308
+{
309
+	int rc;
310
+	char name[ZCDN_MAX_NAME];
311
+
312
+	strncpy(name, skip_spaces(buf), sizeof(name));
313
+	name[sizeof(name) - 1] = '\0';
314
+
315
+	rc = zcdn_create(strim(name));
316
+
317
+	return rc ? rc : count;
318
+}
319
+
320
+static const struct class_attribute class_attr_zcdn_create =
321
+	__ATTR(create, 0600, NULL, zcdn_create_store);
322
+
323
+static ssize_t zcdn_destroy_store(struct class *class,
324
+				  struct class_attribute *attr,
325
+				  const char *buf, size_t count)
326
+{
327
+	int rc;
328
+	char name[ZCDN_MAX_NAME];
329
+
330
+	strncpy(name, skip_spaces(buf), sizeof(name));
331
+	name[sizeof(name) - 1] = '\0';
332
+
333
+	rc = zcdn_destroy(strim(name));
334
+
335
+	return rc ? rc : count;
336
+}
337
+
338
+static const struct class_attribute class_attr_zcdn_destroy =
339
+	__ATTR(destroy, 0600, NULL, zcdn_destroy_store);
340
+
341
+static void zcdn_device_release(struct device *dev)
342
+{
343
+	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
344
+
345
+	ZCRYPT_DBF(DBF_INFO, "releasing zcdn device %d:%d\n",
346
+		   MAJOR(dev->devt), MINOR(dev->devt));
347
+
348
+	kfree(zcdndev);
349
+}
350
+
351
+static int zcdn_create(const char *name)
352
+{
353
+	dev_t devt;
354
+	int i, rc = 0;
355
+	char nodename[ZCDN_MAX_NAME];
356
+	struct zcdn_device *zcdndev;
357
+
358
+	if (mutex_lock_interruptible(&ap_perms_mutex))
359
+		return -ERESTARTSYS;
360
+
361
+	/* check if device node with this name already exists */
362
+	if (name[0]) {
363
+		zcdndev = find_zcdndev_by_name(name);
364
+		if (zcdndev) {
365
+			put_device(&zcdndev->device);
366
+			rc = -EEXIST;
367
+			goto unlockout;
368
+		}
369
+	}
370
+
371
+	/* find an unused minor number */
372
+	for (i = 0; i < ZCRYPT_MAX_MINOR_NODES; i++) {
373
+		devt = MKDEV(MAJOR(zcrypt_devt), MINOR(zcrypt_devt) + i);
374
+		zcdndev = find_zcdndev_by_devt(devt);
375
+		if (zcdndev)
376
+			put_device(&zcdndev->device);
377
+		else
378
+			break;
379
+	}
380
+	if (i == ZCRYPT_MAX_MINOR_NODES) {
381
+		rc = -ENOSPC;
382
+		goto unlockout;
383
+	}
384
+
385
+	/* alloc and prepare a new zcdn device */
386
+	zcdndev = kzalloc(sizeof(*zcdndev), GFP_KERNEL);
387
+	if (!zcdndev) {
388
+		rc = -ENOMEM;
389
+		goto unlockout;
390
+	}
391
+	zcdndev->device.release = zcdn_device_release;
392
+	zcdndev->device.class = zcrypt_class;
393
+	zcdndev->device.devt = devt;
394
+	zcdndev->device.groups = zcdn_dev_attr_groups;
395
+	if (name[0])
396
+		strncpy(nodename, name, sizeof(nodename));
397
+	else
398
+		snprintf(nodename, sizeof(nodename),
399
+			 ZCRYPT_NAME "_%d", (int) MINOR(devt));
400
+	nodename[sizeof(nodename)-1] = '\0';
401
+	if (dev_set_name(&zcdndev->device, nodename)) {
402
+		kfree(zcdndev);
403
+		rc = -EINVAL;
404
+		goto unlockout;
405
+	}
406
+	rc = device_register(&zcdndev->device);
407
+	if (rc) {
408
+		put_device(&zcdndev->device);
409
+		goto unlockout;
410
+	}
411
+
412
+	ZCRYPT_DBF(DBF_INFO, "created zcdn device %d:%d\n",
413
+		   MAJOR(devt), MINOR(devt));
414
+
415
+unlockout:
416
+	mutex_unlock(&ap_perms_mutex);
417
+	return rc;
418
+}
419
+
420
+static int zcdn_destroy(const char *name)
421
+{
422
+	int rc = 0;
423
+	struct zcdn_device *zcdndev;
424
+
425
+	if (mutex_lock_interruptible(&ap_perms_mutex))
426
+		return -ERESTARTSYS;
427
+
428
+	/* try to find this zcdn device */
429
+	zcdndev = find_zcdndev_by_name(name);
430
+	if (!zcdndev) {
431
+		rc = -ENOENT;
432
+		goto unlockout;
433
+	}
434
+
435
+	/*
436
+	 * The zcdn device is not hard destroyed. It is subject to
437
+	 * reference counting and thus just needs to be unregistered.
438
+	 */
439
+	put_device(&zcdndev->device);
440
+	device_unregister(&zcdndev->device);
441
+
442
+unlockout:
443
+	mutex_unlock(&ap_perms_mutex);
444
+	return rc;
445
+}
446
+
447
+static void zcdn_destroy_all(void)
448
+{
449
+	int i;
450
+	dev_t devt;
451
+	struct zcdn_device *zcdndev;
452
+
453
+	mutex_lock(&ap_perms_mutex);
454
+	for (i = 0; i < ZCRYPT_MAX_MINOR_NODES; i++) {
455
+		devt = MKDEV(MAJOR(zcrypt_devt), MINOR(zcrypt_devt) + i);
456
+		zcdndev = find_zcdndev_by_devt(devt);
457
+		if (zcdndev) {
458
+			put_device(&zcdndev->device);
459
+			device_unregister(&zcdndev->device);
460
+		}
461
+	}
462
+	mutex_unlock(&ap_perms_mutex);
463
+}
464
+
465
+#endif
466
+
111
467
 /**
112
468
  * zcrypt_read (): Not supported beyond zcrypt 1.3.1.
113
469
  *
..
..
@@ -137,8 +493,25 @@
137
493
  */
138
494
 static int zcrypt_open(struct inode *inode, struct file *filp)
139
495
 {
496
+	struct ap_perms *perms = &ap_perms;
497
+
498
+#ifdef CONFIG_ZCRYPT_MULTIDEVNODES
499
+	if (filp->f_inode->i_cdev == &zcrypt_cdev) {
500
+		struct zcdn_device *zcdndev;
501
+
502
+		if (mutex_lock_interruptible(&ap_perms_mutex))
503
+			return -ERESTARTSYS;
504
+		zcdndev = find_zcdndev_by_devt(filp->f_inode->i_rdev);
505
+		/* find returns a reference, no get_device() needed */
506
+		mutex_unlock(&ap_perms_mutex);
507
+		if (zcdndev)
508
+			perms = &zcdndev->perms;
509
+	}
510
+#endif
511
+	filp->private_data = (void *) perms;
512
+
140
513
 	atomic_inc(&zcrypt_open_count);
141
-	return nonseekable_open(inode, filp);
514
+	return stream_open(inode, filp);
142
515
 }
143
516
 
144
517
 /**
..
..
@@ -148,12 +521,57 @@
148
521
  */
149
522
 static int zcrypt_release(struct inode *inode, struct file *filp)
150
523
 {
524
+#ifdef CONFIG_ZCRYPT_MULTIDEVNODES
525
+	if (filp->f_inode->i_cdev == &zcrypt_cdev) {
526
+		struct zcdn_device *zcdndev;
527
+
528
+		mutex_lock(&ap_perms_mutex);
529
+		zcdndev = find_zcdndev_by_devt(filp->f_inode->i_rdev);
530
+		mutex_unlock(&ap_perms_mutex);
531
+		if (zcdndev) {
532
+			/* 2 puts here: one for find, one for open */
533
+			put_device(&zcdndev->device);
534
+			put_device(&zcdndev->device);
535
+		}
536
+	}
537
+#endif
538
+
151
539
 	atomic_dec(&zcrypt_open_count);
152
540
 	return 0;
153
541
 }
154
542
 
543
+static inline int zcrypt_check_ioctl(struct ap_perms *perms,
544
+				     unsigned int cmd)
545
+{
546
+	int rc = -EPERM;
547
+	int ioctlnr = (cmd & _IOC_NRMASK) >> _IOC_NRSHIFT;
548
+
549
+	if (ioctlnr > 0 && ioctlnr < AP_IOCTLS) {
550
+		if (test_bit_inv(ioctlnr, perms->ioctlm))
551
+			rc = 0;
552
+	}
553
+
554
+	if (rc)
555
+		ZCRYPT_DBF(DBF_WARN,
556
+			   "ioctl check failed: ioctlnr=0x%04x rc=%d\n",
557
+			   ioctlnr, rc);
558
+
559
+	return rc;
560
+}
561
+
562
+static inline bool zcrypt_check_card(struct ap_perms *perms, int card)
563
+{
564
+	return test_bit_inv(card, perms->apm) ? true : false;
565
+}
566
+
567
+static inline bool zcrypt_check_queue(struct ap_perms *perms, int queue)
568
+{
569
+	return test_bit_inv(queue, perms->aqm) ? true : false;
570
+}
571
+
155
572
 static inline struct zcrypt_queue *zcrypt_pick_queue(struct zcrypt_card *zc,
156
573
 						     struct zcrypt_queue *zq,
574
+						     struct module **pmod,
157
575
 						     unsigned int weight)
158
576
 {
159
577
 	if (!zq || !try_module_get(zq->queue->ap_dev.drv->driver.owner))
..
..
@@ -163,15 +581,15 @@
163
581
 	atomic_add(weight, &zc->load);
164
582
 	atomic_add(weight, &zq->load);
165
583
 	zq->request_count++;
584
+	*pmod = zq->queue->ap_dev.drv->driver.owner;
166
585
 	return zq;
167
586
 }
168
587
 
169
588
 static inline void zcrypt_drop_queue(struct zcrypt_card *zc,
170
589
 				     struct zcrypt_queue *zq,
590
+				     struct module *mod,
171
591
 				     unsigned int weight)
172
592
 {
173
-	struct module *mod = zq->queue->ap_dev.drv->driver.owner;
174
-
175
593
 	zq->request_count--;
176
594
 	atomic_sub(weight, &zc->load);
177
595
 	atomic_sub(weight, &zq->load);
..
..
@@ -186,13 +604,13 @@
186
604
 				       unsigned int pref_weight)
187
605
 {
188
606
 	if (!pref_zc)
189
-		return false;
607
+		return true;
190
608
 	weight += atomic_read(&zc->load);
191
609
 	pref_weight += atomic_read(&pref_zc->load);
192
610
 	if (weight == pref_weight)
193
-		return atomic64_read(&zc->card->total_request_count) >
611
+		return atomic64_read(&zc->card->total_request_count) <
194
612
 			atomic64_read(&pref_zc->card->total_request_count);
195
-	return weight > pref_weight;
613
+	return weight < pref_weight;
196
614
 }
197
615
 
198
616
 static inline bool zcrypt_queue_compare(struct zcrypt_queue *zq,
..
..
@@ -201,27 +619,38 @@
201
619
 					unsigned int pref_weight)
202
620
 {
203
621
 	if (!pref_zq)
204
-		return false;
622
+		return true;
205
623
 	weight += atomic_read(&zq->load);
206
624
 	pref_weight += atomic_read(&pref_zq->load);
207
625
 	if (weight == pref_weight)
208
-		return zq->queue->total_request_count >
626
+		return zq->queue->total_request_count <
209
627
 			pref_zq->queue->total_request_count;
210
-	return weight > pref_weight;
628
+	return weight < pref_weight;
211
629
 }
212
630
 
213
631
 /*
214
632
  * zcrypt ioctls.
215
633
  */
216
-static long zcrypt_rsa_modexpo(struct ica_rsa_modexpo *mex)
634
+static long zcrypt_rsa_modexpo(struct ap_perms *perms,
635
+			       struct zcrypt_track *tr,
636
+			       struct ica_rsa_modexpo *mex)
217
637
 {
218
638
 	struct zcrypt_card *zc, *pref_zc;
219
639
 	struct zcrypt_queue *zq, *pref_zq;
220
-	unsigned int weight, pref_weight;
640
+	struct ap_message ap_msg;
641
+	unsigned int wgt = 0, pref_wgt = 0;
221
642
 	unsigned int func_code;
222
-	int qid = 0, rc = -ENODEV;
643
+	int cpen, qpen, qid = 0, rc = -ENODEV;
644
+	struct module *mod;
223
645
 
224
646
 	trace_s390_zcrypt_req(mex, TP_ICARSAMODEXPO);
647
+
648
+	ap_init_message(&ap_msg);
649
+
650
+#ifdef CONFIG_ZCRYPT_DEBUG
651
+	if (tr && tr->fi.cmd)
652
+		ap_msg.fi.cmd = tr->fi.cmd;
653
+#endif
225
654
 
226
655
 	if (mex->outputdatalength < mex->inputdatalength) {
227
656
 		func_code = 0;
..
..
@@ -244,30 +673,47 @@
244
673
 	pref_zq = NULL;
245
674
 	spin_lock(&zcrypt_list_lock);
246
675
 	for_each_zcrypt_card(zc) {
247
-		/* Check for online accelarator and CCA cards */
248
-		if (!zc->online || !(zc->card->functions & 0x18000000))
676
+		/* Check for useable accelarator or CCA card */
677
+		if (!zc->online || !zc->card->config ||
678
+		    !(zc->card->functions & 0x18000000))
249
679
 			continue;
250
680
 		/* Check for size limits */
251
681
 		if (zc->min_mod_size > mex->inputdatalength ||
252
682
 		    zc->max_mod_size < mex->inputdatalength)
253
683
 			continue;
684
+		/* check if device node has admission for this card */
685
+		if (!zcrypt_check_card(perms, zc->card->id))
686
+			continue;
254
687
 		/* get weight index of the card device	*/
255
-		weight = zc->speed_rating[func_code];
256
-		if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight))
688
+		wgt = zc->speed_rating[func_code];
689
+		/* penalty if this msg was previously sent via this card */
690
+		cpen = (tr && tr->again_counter && tr->last_qid &&
691
+			AP_QID_CARD(tr->last_qid) == zc->card->id) ?
692
+			TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0;
693
+		if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt))
257
694
 			continue;
258
695
 		for_each_zcrypt_queue(zq, zc) {
259
-			/* check if device is online and eligible */
260
-			if (!zq->online || !zq->ops->rsa_modexpo)
696
+			/* check if device is useable and eligible */
697
+			if (!zq->online || !zq->ops->rsa_modexpo ||
698
+			    !zq->queue->config)
261
699
 				continue;
262
-			if (zcrypt_queue_compare(zq, pref_zq,
263
-						 weight, pref_weight))
700
+			/* check if device node has admission for this queue */
701
+			if (!zcrypt_check_queue(perms,
702
+						AP_QID_QUEUE(zq->queue->qid)))
703
+				continue;
704
+			/* penalty if the msg was previously sent at this qid */
705
+			qpen = (tr && tr->again_counter && tr->last_qid &&
706
+				tr->last_qid == zq->queue->qid) ?
707
+				TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0;
708
+			if (!zcrypt_queue_compare(zq, pref_zq,
709
+						  wgt + cpen + qpen, pref_wgt))
264
710
 				continue;
265
711
 			pref_zc = zc;
266
712
 			pref_zq = zq;
267
-			pref_weight = weight;
713
+			pref_wgt = wgt + cpen + qpen;
268
714
 		}
269
715
 	}
270
-	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, weight);
716
+	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
271
717
 	spin_unlock(&zcrypt_list_lock);
272
718
 
273
719
 	if (!pref_zq) {
..
..
@@ -276,27 +722,43 @@
276
722
 	}
277
723
 
278
724
 	qid = pref_zq->queue->qid;
279
-	rc = pref_zq->ops->rsa_modexpo(pref_zq, mex);
725
+	rc = pref_zq->ops->rsa_modexpo(pref_zq, mex, &ap_msg);
280
726
 
281
727
 	spin_lock(&zcrypt_list_lock);
282
-	zcrypt_drop_queue(pref_zc, pref_zq, weight);
728
+	zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
283
729
 	spin_unlock(&zcrypt_list_lock);
284
730
 
285
731
 out:
732
+	ap_release_message(&ap_msg);
733
+	if (tr) {
734
+		tr->last_rc = rc;
735
+		tr->last_qid = qid;
736
+	}
286
737
 	trace_s390_zcrypt_rep(mex, func_code, rc,
287
738
 			      AP_QID_CARD(qid), AP_QID_QUEUE(qid));
288
739
 	return rc;
289
740
 }
290
741
 
291
-static long zcrypt_rsa_crt(struct ica_rsa_modexpo_crt *crt)
742
+static long zcrypt_rsa_crt(struct ap_perms *perms,
743
+			   struct zcrypt_track *tr,
744
+			   struct ica_rsa_modexpo_crt *crt)
292
745
 {
293
746
 	struct zcrypt_card *zc, *pref_zc;
294
747
 	struct zcrypt_queue *zq, *pref_zq;
295
-	unsigned int weight, pref_weight;
748
+	struct ap_message ap_msg;
749
+	unsigned int wgt = 0, pref_wgt = 0;
296
750
 	unsigned int func_code;
297
-	int qid = 0, rc = -ENODEV;
751
+	int cpen, qpen, qid = 0, rc = -ENODEV;
752
+	struct module *mod;
298
753
 
299
754
 	trace_s390_zcrypt_req(crt, TP_ICARSACRT);
755
+
756
+	ap_init_message(&ap_msg);
757
+
758
+#ifdef CONFIG_ZCRYPT_DEBUG
759
+	if (tr && tr->fi.cmd)
760
+		ap_msg.fi.cmd = tr->fi.cmd;
761
+#endif
300
762
 
301
763
 	if (crt->outputdatalength < crt->inputdatalength) {
302
764
 		func_code = 0;
..
..
@@ -319,30 +781,47 @@
319
781
 	pref_zq = NULL;
320
782
 	spin_lock(&zcrypt_list_lock);
321
783
 	for_each_zcrypt_card(zc) {
322
-		/* Check for online accelarator and CCA cards */
323
-		if (!zc->online || !(zc->card->functions & 0x18000000))
784
+		/* Check for useable accelarator or CCA card */
785
+		if (!zc->online || !zc->card->config ||
786
+		    !(zc->card->functions & 0x18000000))
324
787
 			continue;
325
788
 		/* Check for size limits */
326
789
 		if (zc->min_mod_size > crt->inputdatalength ||
327
790
 		    zc->max_mod_size < crt->inputdatalength)
328
791
 			continue;
792
+		/* check if device node has admission for this card */
793
+		if (!zcrypt_check_card(perms, zc->card->id))
794
+			continue;
329
795
 		/* get weight index of the card device	*/
330
-		weight = zc->speed_rating[func_code];
331
-		if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight))
796
+		wgt = zc->speed_rating[func_code];
797
+		/* penalty if this msg was previously sent via this card */
798
+		cpen = (tr && tr->again_counter && tr->last_qid &&
799
+			AP_QID_CARD(tr->last_qid) == zc->card->id) ?
800
+			TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0;
801
+		if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt))
332
802
 			continue;
333
803
 		for_each_zcrypt_queue(zq, zc) {
334
-			/* check if device is online and eligible */
335
-			if (!zq->online || !zq->ops->rsa_modexpo_crt)
804
+			/* check if device is useable and eligible */
805
+			if (!zq->online || !zq->ops->rsa_modexpo_crt ||
806
+			    !zq->queue->config)
336
807
 				continue;
337
-			if (zcrypt_queue_compare(zq, pref_zq,
338
-						 weight, pref_weight))
808
+			/* check if device node has admission for this queue */
809
+			if (!zcrypt_check_queue(perms,
810
+						AP_QID_QUEUE(zq->queue->qid)))
811
+				continue;
812
+			/* penalty if the msg was previously sent at this qid */
813
+			qpen = (tr && tr->again_counter && tr->last_qid &&
814
+				tr->last_qid == zq->queue->qid) ?
815
+				TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0;
816
+			if (!zcrypt_queue_compare(zq, pref_zq,
817
+						  wgt + cpen + qpen, pref_wgt))
339
818
 				continue;
340
819
 			pref_zc = zc;
341
820
 			pref_zq = zq;
342
-			pref_weight = weight;
821
+			pref_wgt = wgt + cpen + qpen;
343
822
 		}
344
823
 	}
345
-	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, weight);
824
+	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
346
825
 	spin_unlock(&zcrypt_list_lock);
347
826
 
348
827
 	if (!pref_zq) {
..
..
@@ -351,66 +830,114 @@
351
830
 	}
352
831
 
353
832
 	qid = pref_zq->queue->qid;
354
-	rc = pref_zq->ops->rsa_modexpo_crt(pref_zq, crt);
833
+	rc = pref_zq->ops->rsa_modexpo_crt(pref_zq, crt, &ap_msg);
355
834
 
356
835
 	spin_lock(&zcrypt_list_lock);
357
-	zcrypt_drop_queue(pref_zc, pref_zq, weight);
836
+	zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
358
837
 	spin_unlock(&zcrypt_list_lock);
359
838
 
360
839
 out:
840
+	ap_release_message(&ap_msg);
841
+	if (tr) {
842
+		tr->last_rc = rc;
843
+		tr->last_qid = qid;
844
+	}
361
845
 	trace_s390_zcrypt_rep(crt, func_code, rc,
362
846
 			      AP_QID_CARD(qid), AP_QID_QUEUE(qid));
363
847
 	return rc;
364
848
 }
365
849
 
366
-long zcrypt_send_cprb(struct ica_xcRB *xcRB)
850
+static long _zcrypt_send_cprb(bool userspace, struct ap_perms *perms,
851
+			      struct zcrypt_track *tr,
852
+			      struct ica_xcRB *xcRB)
367
853
 {
368
854
 	struct zcrypt_card *zc, *pref_zc;
369
855
 	struct zcrypt_queue *zq, *pref_zq;
370
856
 	struct ap_message ap_msg;
371
-	unsigned int weight, pref_weight;
857
+	unsigned int wgt = 0, pref_wgt = 0;
372
858
 	unsigned int func_code;
373
-	unsigned short *domain;
374
-	int qid = 0, rc = -ENODEV;
859
+	unsigned short *domain, tdom;
860
+	int cpen, qpen, qid = 0, rc = -ENODEV;
861
+	struct module *mod;
375
862
 
376
863
 	trace_s390_zcrypt_req(xcRB, TB_ZSECSENDCPRB);
377
864
 
865
+	xcRB->status = 0;
378
866
 	ap_init_message(&ap_msg);
379
-	rc = get_cprb_fc(xcRB, &ap_msg, &func_code, &domain);
867
+
868
+#ifdef CONFIG_ZCRYPT_DEBUG
869
+	if (tr && tr->fi.cmd)
870
+		ap_msg.fi.cmd = tr->fi.cmd;
871
+	if (tr && tr->fi.action == AP_FI_ACTION_CCA_AGENT_FF) {
872
+		ZCRYPT_DBF_WARN("%s fi cmd 0x%04x: forcing invalid agent_ID 'FF'\n",
873
+				__func__, tr->fi.cmd);
874
+		xcRB->agent_ID = 0x4646;
875
+	}
876
+#endif
877
+
878
+	rc = get_cprb_fc(userspace, xcRB, &ap_msg, &func_code, &domain);
380
879
 	if (rc)
381
880
 		goto out;
881
+
882
+	/*
883
+	 * If a valid target domain is set and this domain is NOT a usage
884
+	 * domain but a control only domain, use the default domain as target.
885
+	 */
886
+	tdom = *domain;
887
+	if (tdom < AP_DOMAINS &&
888
+	    !ap_test_config_usage_domain(tdom) &&
889
+	    ap_test_config_ctrl_domain(tdom) &&
890
+	    ap_domain_index >= 0)
891
+		tdom = ap_domain_index;
382
892
 
383
893
 	pref_zc = NULL;
384
894
 	pref_zq = NULL;
385
895
 	spin_lock(&zcrypt_list_lock);
386
896
 	for_each_zcrypt_card(zc) {
387
-		/* Check for online CCA cards */
388
-		if (!zc->online || !(zc->card->functions & 0x10000000))
897
+		/* Check for useable CCA card */
898
+		if (!zc->online || !zc->card->config ||
899
+		    !(zc->card->functions & 0x10000000))
389
900
 			continue;
390
901
 		/* Check for user selected CCA card */
391
902
 		if (xcRB->user_defined != AUTOSELECT &&
392
903
 		    xcRB->user_defined != zc->card->id)
393
904
 			continue;
905
+		/* check if device node has admission for this card */
906
+		if (!zcrypt_check_card(perms, zc->card->id))
907
+			continue;
394
908
 		/* get weight index of the card device	*/
395
-		weight = speed_idx_cca(func_code) * zc->speed_rating[SECKEY];
396
-		if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight))
909
+		wgt = speed_idx_cca(func_code) * zc->speed_rating[SECKEY];
910
+		/* penalty if this msg was previously sent via this card */
911
+		cpen = (tr && tr->again_counter && tr->last_qid &&
912
+			AP_QID_CARD(tr->last_qid) == zc->card->id) ?
913
+			TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0;
914
+		if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt))
397
915
 			continue;
398
916
 		for_each_zcrypt_queue(zq, zc) {
399
-			/* check if device is online and eligible */
917
+			/* check for device useable and eligible */
400
918
 			if (!zq->online ||
401
919
 			    !zq->ops->send_cprb ||
402
-			    ((*domain != (unsigned short) AUTOSELECT) &&
403
-			     (*domain != AP_QID_QUEUE(zq->queue->qid))))
920
+			    !zq->queue->config ||
921
+			    (tdom != AUTOSEL_DOM &&
922
+			     tdom != AP_QID_QUEUE(zq->queue->qid)))
404
923
 				continue;
405
-			if (zcrypt_queue_compare(zq, pref_zq,
406
-						 weight, pref_weight))
924
+			/* check if device node has admission for this queue */
925
+			if (!zcrypt_check_queue(perms,
926
+						AP_QID_QUEUE(zq->queue->qid)))
927
+				continue;
928
+			/* penalty if the msg was previously sent at this qid */
929
+			qpen = (tr && tr->again_counter && tr->last_qid &&
930
+				tr->last_qid == zq->queue->qid) ?
931
+				TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0;
932
+			if (!zcrypt_queue_compare(zq, pref_zq,
933
+						  wgt + cpen + qpen, pref_wgt))
407
934
 				continue;
408
935
 			pref_zc = zc;
409
936
 			pref_zq = zq;
410
-			pref_weight = weight;
937
+			pref_wgt = wgt + cpen + qpen;
411
938
 		}
412
939
 	}
413
-	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, weight);
940
+	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
414
941
 	spin_unlock(&zcrypt_list_lock);
415
942
 
416
943
 	if (!pref_zq) {
..
..
@@ -420,20 +947,37 @@
420
947
 
421
948
 	/* in case of auto select, provide the correct domain */
422
949
 	qid = pref_zq->queue->qid;
423
-	if (*domain == (unsigned short) AUTOSELECT)
950
+	if (*domain == AUTOSEL_DOM)
424
951
 		*domain = AP_QID_QUEUE(qid);
425
952
 
426
-	rc = pref_zq->ops->send_cprb(pref_zq, xcRB, &ap_msg);
953
+#ifdef CONFIG_ZCRYPT_DEBUG
954
+	if (tr && tr->fi.action == AP_FI_ACTION_CCA_DOM_INVAL) {
955
+		ZCRYPT_DBF_WARN("%s fi cmd 0x%04x: forcing invalid domain\n",
956
+				__func__, tr->fi.cmd);
957
+		*domain = 99;
958
+	}
959
+#endif
960
+
961
+	rc = pref_zq->ops->send_cprb(userspace, pref_zq, xcRB, &ap_msg);
427
962
 
428
963
 	spin_lock(&zcrypt_list_lock);
429
-	zcrypt_drop_queue(pref_zc, pref_zq, weight);
964
+	zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
430
965
 	spin_unlock(&zcrypt_list_lock);
431
966
 
432
967
 out:
433
968
 	ap_release_message(&ap_msg);
969
+	if (tr) {
970
+		tr->last_rc = rc;
971
+		tr->last_qid = qid;
972
+	}
434
973
 	trace_s390_zcrypt_rep(xcRB, func_code, rc,
435
974
 			      AP_QID_CARD(qid), AP_QID_QUEUE(qid));
436
975
 	return rc;
976
+}
977
+
978
+long zcrypt_send_cprb(struct ica_xcRB *xcRB)
979
+{
980
+	return _zcrypt_send_cprb(false, &ap_perms, NULL, xcRB);
437
981
 }
438
982
 EXPORT_SYMBOL(zcrypt_send_cprb);
439
983
 
..
..
@@ -442,7 +986,7 @@
442
986
 				 struct ep11_target_dev *targets)
443
987
 {
444
988
 	while (target_num-- > 0) {
445
-		if (dev_id == targets->ap_id)
989
+		if (targets->ap_id == dev_id || targets->ap_id == AUTOSEL_AP)
446
990
 			return true;
447
991
 		targets++;
448
992
 	}
..
..
@@ -453,28 +997,39 @@
453
997
 				  unsigned short target_num,
454
998
 				  struct ep11_target_dev *targets)
455
999
 {
1000
+	int card = AP_QID_CARD(dev_qid), dom = AP_QID_QUEUE(dev_qid);
1001
+
456
1002
 	while (target_num-- > 0) {
457
-		if (AP_MKQID(targets->ap_id, targets->dom_id) == dev_qid)
1003
+		if ((targets->ap_id == card || targets->ap_id == AUTOSEL_AP) &&
1004
+		    (targets->dom_id == dom || targets->dom_id == AUTOSEL_DOM))
458
1005
 			return true;
459
1006
 		targets++;
460
1007
 	}
461
1008
 	return false;
462
1009
 }
463
1010
 
464
-static long zcrypt_send_ep11_cprb(struct ep11_urb *xcrb)
1011
+static long _zcrypt_send_ep11_cprb(bool userspace, struct ap_perms *perms,
1012
+				   struct zcrypt_track *tr,
1013
+				   struct ep11_urb *xcrb)
465
1014
 {
466
1015
 	struct zcrypt_card *zc, *pref_zc;
467
1016
 	struct zcrypt_queue *zq, *pref_zq;
468
1017
 	struct ep11_target_dev *targets;
469
1018
 	unsigned short target_num;
470
-	unsigned int weight, pref_weight;
1019
+	unsigned int wgt = 0, pref_wgt = 0;
471
1020
 	unsigned int func_code;
472
1021
 	struct ap_message ap_msg;
473
-	int qid = 0, rc = -ENODEV;
1022
+	int cpen, qpen, qid = 0, rc = -ENODEV;
1023
+	struct module *mod;
474
1024
 
475
1025
 	trace_s390_zcrypt_req(xcrb, TP_ZSENDEP11CPRB);
476
1026
 
477
1027
 	ap_init_message(&ap_msg);
1028
+
1029
+#ifdef CONFIG_ZCRYPT_DEBUG
1030
+	if (tr && tr->fi.cmd)
1031
+		ap_msg.fi.cmd = tr->fi.cmd;
1032
+#endif
478
1033
 
479
1034
 	target_num = (unsigned short) xcrb->targets_num;
480
1035
 
..
..
@@ -491,7 +1046,7 @@
491
1046
 		}
492
1047
 
493
1048
 		uptr = (struct ep11_target_dev __force __user *) xcrb->targets;
494
-		if (copy_from_user(targets, uptr,
1049
+		if (z_copy_from_user(userspace, targets, uptr,
495
1050
 				   target_num * sizeof(*targets))) {
496
1051
 			func_code = 0;
497
1052
 			rc = -EFAULT;
..
..
@@ -499,7 +1054,7 @@
499
1054
 		}
500
1055
 	}
501
1056
 
502
-	rc = get_ep11cprb_fc(xcrb, &ap_msg, &func_code);
1057
+	rc = get_ep11cprb_fc(userspace, xcrb, &ap_msg, &func_code);
503
1058
 	if (rc)
504
1059
 		goto out_free;
505
1060
 
..
..
@@ -507,34 +1062,51 @@
507
1062
 	pref_zq = NULL;
508
1063
 	spin_lock(&zcrypt_list_lock);
509
1064
 	for_each_zcrypt_card(zc) {
510
-		/* Check for online EP11 cards */
511
-		if (!zc->online || !(zc->card->functions & 0x04000000))
1065
+		/* Check for useable EP11 card */
1066
+		if (!zc->online || !zc->card->config ||
1067
+		    !(zc->card->functions & 0x04000000))
512
1068
 			continue;
513
1069
 		/* Check for user selected EP11 card */
514
1070
 		if (targets &&
515
1071
 		    !is_desired_ep11_card(zc->card->id, target_num, targets))
516
1072
 			continue;
1073
+		/* check if device node has admission for this card */
1074
+		if (!zcrypt_check_card(perms, zc->card->id))
1075
+			continue;
517
1076
 		/* get weight index of the card device	*/
518
-		weight = speed_idx_ep11(func_code) * zc->speed_rating[SECKEY];
519
-		if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight))
1077
+		wgt = speed_idx_ep11(func_code) * zc->speed_rating[SECKEY];
1078
+		/* penalty if this msg was previously sent via this card */
1079
+		cpen = (tr && tr->again_counter && tr->last_qid &&
1080
+			AP_QID_CARD(tr->last_qid) == zc->card->id) ?
1081
+			TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0;
1082
+		if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt))
520
1083
 			continue;
521
1084
 		for_each_zcrypt_queue(zq, zc) {
522
-			/* check if device is online and eligible */
1085
+			/* check if device is useable and eligible */
523
1086
 			if (!zq->online ||
524
1087
 			    !zq->ops->send_ep11_cprb ||
1088
+			    !zq->queue->config ||
525
1089
 			    (targets &&
526
1090
 			     !is_desired_ep11_queue(zq->queue->qid,
527
1091
 						    target_num, targets)))
528
1092
 				continue;
529
-			if (zcrypt_queue_compare(zq, pref_zq,
530
-						 weight, pref_weight))
1093
+			/* check if device node has admission for this queue */
1094
+			if (!zcrypt_check_queue(perms,
1095
+						AP_QID_QUEUE(zq->queue->qid)))
1096
+				continue;
1097
+			/* penalty if the msg was previously sent at this qid */
1098
+			qpen = (tr && tr->again_counter && tr->last_qid &&
1099
+				tr->last_qid == zq->queue->qid) ?
1100
+				TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0;
1101
+			if (!zcrypt_queue_compare(zq, pref_zq,
1102
+						  wgt + cpen + qpen, pref_wgt))
531
1103
 				continue;
532
1104
 			pref_zc = zc;
533
1105
 			pref_zq = zq;
534
-			pref_weight = weight;
1106
+			pref_wgt = wgt + cpen + qpen;
535
1107
 		}
536
1108
 	}
537
-	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, weight);
1109
+	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
538
1110
 	spin_unlock(&zcrypt_list_lock);
539
1111
 
540
1112
 	if (!pref_zq) {
..
..
@@ -543,30 +1115,41 @@
543
1115
 	}
544
1116
 
545
1117
 	qid = pref_zq->queue->qid;
546
-	rc = pref_zq->ops->send_ep11_cprb(pref_zq, xcrb, &ap_msg);
1118
+	rc = pref_zq->ops->send_ep11_cprb(userspace, pref_zq, xcrb, &ap_msg);
547
1119
 
548
1120
 	spin_lock(&zcrypt_list_lock);
549
-	zcrypt_drop_queue(pref_zc, pref_zq, weight);
1121
+	zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
550
1122
 	spin_unlock(&zcrypt_list_lock);
551
1123
 
552
1124
 out_free:
553
1125
 	kfree(targets);
554
1126
 out:
555
1127
 	ap_release_message(&ap_msg);
1128
+	if (tr) {
1129
+		tr->last_rc = rc;
1130
+		tr->last_qid = qid;
1131
+	}
556
1132
 	trace_s390_zcrypt_rep(xcrb, func_code, rc,
557
1133
 			      AP_QID_CARD(qid), AP_QID_QUEUE(qid));
558
1134
 	return rc;
559
1135
 }
560
1136
 
1137
+long zcrypt_send_ep11_cprb(struct ep11_urb *xcrb)
1138
+{
1139
+	return _zcrypt_send_ep11_cprb(false, &ap_perms, NULL, xcrb);
1140
+}
1141
+EXPORT_SYMBOL(zcrypt_send_ep11_cprb);
1142
+
561
1143
 static long zcrypt_rng(char *buffer)
562
1144
 {
563
1145
 	struct zcrypt_card *zc, *pref_zc;
564
1146
 	struct zcrypt_queue *zq, *pref_zq;
565
-	unsigned int weight, pref_weight;
1147
+	unsigned int wgt = 0, pref_wgt = 0;
566
1148
 	unsigned int func_code;
567
1149
 	struct ap_message ap_msg;
568
1150
 	unsigned int domain;
569
1151
 	int qid = 0, rc = -ENODEV;
1152
+	struct module *mod;
570
1153
 
571
1154
 	trace_s390_zcrypt_req(buffer, TP_HWRNGCPRB);
572
1155
 
..
..
@@ -579,26 +1162,27 @@
579
1162
 	pref_zq = NULL;
580
1163
 	spin_lock(&zcrypt_list_lock);
581
1164
 	for_each_zcrypt_card(zc) {
582
-		/* Check for online CCA cards */
583
-		if (!zc->online || !(zc->card->functions & 0x10000000))
1165
+		/* Check for useable CCA card */
1166
+		if (!zc->online || !zc->card->config ||
1167
+		    !(zc->card->functions & 0x10000000))
584
1168
 			continue;
585
1169
 		/* get weight index of the card device	*/
586
-		weight = zc->speed_rating[func_code];
587
-		if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight))
1170
+		wgt = zc->speed_rating[func_code];
1171
+		if (!zcrypt_card_compare(zc, pref_zc, wgt, pref_wgt))
588
1172
 			continue;
589
1173
 		for_each_zcrypt_queue(zq, zc) {
590
-			/* check if device is online and eligible */
591
-			if (!zq->online || !zq->ops->rng)
1174
+			/* check if device is useable and eligible */
1175
+			if (!zq->online || !zq->ops->rng ||
1176
+			    !zq->queue->config)
592
1177
 				continue;
593
-			if (zcrypt_queue_compare(zq, pref_zq,
594
-						 weight, pref_weight))
1178
+			if (!zcrypt_queue_compare(zq, pref_zq, wgt, pref_wgt))
595
1179
 				continue;
596
1180
 			pref_zc = zc;
597
1181
 			pref_zq = zq;
598
-			pref_weight = weight;
1182
+			pref_wgt = wgt;
599
1183
 		}
600
1184
 	}
601
-	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, weight);
1185
+	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
602
1186
 	spin_unlock(&zcrypt_list_lock);
603
1187
 
604
1188
 	if (!pref_zq) {
..
..
@@ -610,7 +1194,7 @@
610
1194
 	rc = pref_zq->ops->rng(pref_zq, buffer, &ap_msg);
611
1195
 
612
1196
 	spin_lock(&zcrypt_list_lock);
613
-	zcrypt_drop_queue(pref_zc, pref_zq, weight);
1197
+	zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
614
1198
 	spin_unlock(&zcrypt_list_lock);
615
1199
 
616
1200
 out:
..
..
@@ -672,6 +1256,34 @@
672
1256
 	spin_unlock(&zcrypt_list_lock);
673
1257
 }
674
1258
 EXPORT_SYMBOL(zcrypt_device_status_mask_ext);
1259
+
1260
+int zcrypt_device_status_ext(int card, int queue,
1261
+			     struct zcrypt_device_status_ext *devstat)
1262
+{
1263
+	struct zcrypt_card *zc;
1264
+	struct zcrypt_queue *zq;
1265
+
1266
+	memset(devstat, 0, sizeof(*devstat));
1267
+
1268
+	spin_lock(&zcrypt_list_lock);
1269
+	for_each_zcrypt_card(zc) {
1270
+		for_each_zcrypt_queue(zq, zc) {
1271
+			if (card == AP_QID_CARD(zq->queue->qid) &&
1272
+			    queue == AP_QID_QUEUE(zq->queue->qid)) {
1273
+				devstat->hwtype = zc->card->ap_dev.device_type;
1274
+				devstat->functions = zc->card->functions >> 26;
1275
+				devstat->qid = zq->queue->qid;
1276
+				devstat->online = zq->online ? 0x01 : 0x00;
1277
+				spin_unlock(&zcrypt_list_lock);
1278
+				return 0;
1279
+			}
1280
+		}
1281
+	}
1282
+	spin_unlock(&zcrypt_list_lock);
1283
+
1284
+	return -ENODEV;
1285
+}
1286
+EXPORT_SYMBOL(zcrypt_device_status_ext);
675
1287
 
676
1288
 static void zcrypt_status_mask(char status[], size_t max_adapters)
677
1289
 {
..
..
@@ -791,92 +1403,207 @@
791
1403
 	return requestq_count;
792
1404
 }
793
1405
 
1406
+static int icarsamodexpo_ioctl(struct ap_perms *perms, unsigned long arg)
1407
+{
1408
+	int rc;
1409
+	struct zcrypt_track tr;
1410
+	struct ica_rsa_modexpo mex;
1411
+	struct ica_rsa_modexpo __user *umex = (void __user *) arg;
1412
+
1413
+	memset(&tr, 0, sizeof(tr));
1414
+	if (copy_from_user(&mex, umex, sizeof(mex)))
1415
+		return -EFAULT;
1416
+
1417
+#ifdef CONFIG_ZCRYPT_DEBUG
1418
+	if (mex.inputdatalength & (1U << 31)) {
1419
+		if (!capable(CAP_SYS_ADMIN))
1420
+			return -EPERM;
1421
+		tr.fi.cmd = (u16)(mex.inputdatalength >> 16);
1422
+	}
1423
+	mex.inputdatalength &= 0x0000FFFF;
1424
+#endif
1425
+
1426
+	do {
1427
+		rc = zcrypt_rsa_modexpo(perms, &tr, &mex);
1428
+		if (rc == -EAGAIN)
1429
+			tr.again_counter++;
1430
+#ifdef CONFIG_ZCRYPT_DEBUG
1431
+		if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY))
1432
+			break;
1433
+#endif
1434
+	} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1435
+	/* on failure: retry once again after a requested rescan */
1436
+	if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1437
+		do {
1438
+			rc = zcrypt_rsa_modexpo(perms, &tr, &mex);
1439
+			if (rc == -EAGAIN)
1440
+				tr.again_counter++;
1441
+		} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1442
+	if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1443
+		rc = -EIO;
1444
+	if (rc) {
1445
+		ZCRYPT_DBF(DBF_DEBUG, "ioctl ICARSAMODEXPO rc=%d\n", rc);
1446
+		return rc;
1447
+	}
1448
+	return put_user(mex.outputdatalength, &umex->outputdatalength);
1449
+}
1450
+
1451
+static int icarsacrt_ioctl(struct ap_perms *perms, unsigned long arg)
1452
+{
1453
+	int rc;
1454
+	struct zcrypt_track tr;
1455
+	struct ica_rsa_modexpo_crt crt;
1456
+	struct ica_rsa_modexpo_crt __user *ucrt = (void __user *) arg;
1457
+
1458
+	memset(&tr, 0, sizeof(tr));
1459
+	if (copy_from_user(&crt, ucrt, sizeof(crt)))
1460
+		return -EFAULT;
1461
+
1462
+#ifdef CONFIG_ZCRYPT_DEBUG
1463
+	if (crt.inputdatalength & (1U << 31)) {
1464
+		if (!capable(CAP_SYS_ADMIN))
1465
+			return -EPERM;
1466
+		tr.fi.cmd = (u16)(crt.inputdatalength >> 16);
1467
+	}
1468
+	crt.inputdatalength &= 0x0000FFFF;
1469
+#endif
1470
+
1471
+	do {
1472
+		rc = zcrypt_rsa_crt(perms, &tr, &crt);
1473
+		if (rc == -EAGAIN)
1474
+			tr.again_counter++;
1475
+#ifdef CONFIG_ZCRYPT_DEBUG
1476
+		if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY))
1477
+			break;
1478
+#endif
1479
+	} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1480
+	/* on failure: retry once again after a requested rescan */
1481
+	if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1482
+		do {
1483
+			rc = zcrypt_rsa_crt(perms, &tr, &crt);
1484
+			if (rc == -EAGAIN)
1485
+				tr.again_counter++;
1486
+		} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1487
+	if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1488
+		rc = -EIO;
1489
+	if (rc) {
1490
+		ZCRYPT_DBF(DBF_DEBUG, "ioctl ICARSACRT rc=%d\n", rc);
1491
+		return rc;
1492
+	}
1493
+	return put_user(crt.outputdatalength, &ucrt->outputdatalength);
1494
+}
1495
+
1496
+static int zsecsendcprb_ioctl(struct ap_perms *perms, unsigned long arg)
1497
+{
1498
+	int rc;
1499
+	struct ica_xcRB xcRB;
1500
+	struct zcrypt_track tr;
1501
+	struct ica_xcRB __user *uxcRB = (void __user *) arg;
1502
+
1503
+	memset(&tr, 0, sizeof(tr));
1504
+	if (copy_from_user(&xcRB, uxcRB, sizeof(xcRB)))
1505
+		return -EFAULT;
1506
+
1507
+#ifdef CONFIG_ZCRYPT_DEBUG
1508
+	if (xcRB.status & (1U << 31)) {
1509
+		if (!capable(CAP_SYS_ADMIN))
1510
+			return -EPERM;
1511
+		tr.fi.cmd = (u16)(xcRB.status >> 16);
1512
+	}
1513
+	xcRB.status &= 0x0000FFFF;
1514
+#endif
1515
+
1516
+	do {
1517
+		rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB);
1518
+		if (rc == -EAGAIN)
1519
+			tr.again_counter++;
1520
+#ifdef CONFIG_ZCRYPT_DEBUG
1521
+		if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY))
1522
+			break;
1523
+#endif
1524
+	} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1525
+	/* on failure: retry once again after a requested rescan */
1526
+	if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1527
+		do {
1528
+			rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB);
1529
+			if (rc == -EAGAIN)
1530
+				tr.again_counter++;
1531
+		} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1532
+	if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1533
+		rc = -EIO;
1534
+	if (rc)
1535
+		ZCRYPT_DBF(DBF_DEBUG, "ioctl ZSENDCPRB rc=%d status=0x%x\n",
1536
+			   rc, xcRB.status);
1537
+	if (copy_to_user(uxcRB, &xcRB, sizeof(xcRB)))
1538
+		return -EFAULT;
1539
+	return rc;
1540
+}
1541
+
1542
+static int zsendep11cprb_ioctl(struct ap_perms *perms, unsigned long arg)
1543
+{
1544
+	int rc;
1545
+	struct ep11_urb xcrb;
1546
+	struct zcrypt_track tr;
1547
+	struct ep11_urb __user *uxcrb = (void __user *)arg;
1548
+
1549
+	memset(&tr, 0, sizeof(tr));
1550
+	if (copy_from_user(&xcrb, uxcrb, sizeof(xcrb)))
1551
+		return -EFAULT;
1552
+
1553
+#ifdef CONFIG_ZCRYPT_DEBUG
1554
+	if (xcrb.req_len & (1ULL << 63)) {
1555
+		if (!capable(CAP_SYS_ADMIN))
1556
+			return -EPERM;
1557
+		tr.fi.cmd = (u16)(xcrb.req_len >> 48);
1558
+	}
1559
+	xcrb.req_len &= 0x0000FFFFFFFFFFFFULL;
1560
+#endif
1561
+
1562
+	do {
1563
+		rc = _zcrypt_send_ep11_cprb(true, perms, &tr, &xcrb);
1564
+		if (rc == -EAGAIN)
1565
+			tr.again_counter++;
1566
+#ifdef CONFIG_ZCRYPT_DEBUG
1567
+		if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY))
1568
+			break;
1569
+#endif
1570
+	} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1571
+	/* on failure: retry once again after a requested rescan */
1572
+	if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1573
+		do {
1574
+			rc = _zcrypt_send_ep11_cprb(true, perms, &tr, &xcrb);
1575
+			if (rc == -EAGAIN)
1576
+				tr.again_counter++;
1577
+		} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1578
+	if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1579
+		rc = -EIO;
1580
+	if (rc)
1581
+		ZCRYPT_DBF(DBF_DEBUG, "ioctl ZSENDEP11CPRB rc=%d\n", rc);
1582
+	if (copy_to_user(uxcrb, &xcrb, sizeof(xcrb)))
1583
+		return -EFAULT;
1584
+	return rc;
1585
+}
1586
+
794
1587
 static long zcrypt_unlocked_ioctl(struct file *filp, unsigned int cmd,
795
1588
 				  unsigned long arg)
796
1589
 {
797
-	int rc = 0;
1590
+	int rc;
1591
+	struct ap_perms *perms =
1592
+		(struct ap_perms *) filp->private_data;
1593
+
1594
+	rc = zcrypt_check_ioctl(perms, cmd);
1595
+	if (rc)
1596
+		return rc;
798
1597
 
799
1598
 	switch (cmd) {
800
-	case ICARSAMODEXPO: {
801
-		struct ica_rsa_modexpo __user *umex = (void __user *) arg;
802
-		struct ica_rsa_modexpo mex;
803
-
804
-		if (copy_from_user(&mex, umex, sizeof(mex)))
805
-			return -EFAULT;
806
-		do {
807
-			rc = zcrypt_rsa_modexpo(&mex);
808
-		} while (rc == -EAGAIN);
809
-		/* on failure: retry once again after a requested rescan */
810
-		if ((rc == -ENODEV) && (zcrypt_process_rescan()))
811
-			do {
812
-				rc = zcrypt_rsa_modexpo(&mex);
813
-			} while (rc == -EAGAIN);
814
-		if (rc) {
815
-			ZCRYPT_DBF(DBF_DEBUG, "ioctl ICARSAMODEXPO rc=%d\n", rc);
816
-			return rc;
817
-		}
818
-		return put_user(mex.outputdatalength, &umex->outputdatalength);
819
-	}
820
-	case ICARSACRT: {
821
-		struct ica_rsa_modexpo_crt __user *ucrt = (void __user *) arg;
822
-		struct ica_rsa_modexpo_crt crt;
823
-
824
-		if (copy_from_user(&crt, ucrt, sizeof(crt)))
825
-			return -EFAULT;
826
-		do {
827
-			rc = zcrypt_rsa_crt(&crt);
828
-		} while (rc == -EAGAIN);
829
-		/* on failure: retry once again after a requested rescan */
830
-		if ((rc == -ENODEV) && (zcrypt_process_rescan()))
831
-			do {
832
-				rc = zcrypt_rsa_crt(&crt);
833
-			} while (rc == -EAGAIN);
834
-		if (rc) {
835
-			ZCRYPT_DBF(DBF_DEBUG, "ioctl ICARSACRT rc=%d\n", rc);
836
-			return rc;
837
-		}
838
-		return put_user(crt.outputdatalength, &ucrt->outputdatalength);
839
-	}
840
-	case ZSECSENDCPRB: {
841
-		struct ica_xcRB __user *uxcRB = (void __user *) arg;
842
-		struct ica_xcRB xcRB;
843
-
844
-		if (copy_from_user(&xcRB, uxcRB, sizeof(xcRB)))
845
-			return -EFAULT;
846
-		do {
847
-			rc = zcrypt_send_cprb(&xcRB);
848
-		} while (rc == -EAGAIN);
849
-		/* on failure: retry once again after a requested rescan */
850
-		if ((rc == -ENODEV) && (zcrypt_process_rescan()))
851
-			do {
852
-				rc = zcrypt_send_cprb(&xcRB);
853
-			} while (rc == -EAGAIN);
854
-		if (rc)
855
-			ZCRYPT_DBF(DBF_DEBUG, "ioctl ZSENDCPRB rc=%d\n", rc);
856
-		if (copy_to_user(uxcRB, &xcRB, sizeof(xcRB)))
857
-			return -EFAULT;
858
-		return rc;
859
-	}
860
-	case ZSENDEP11CPRB: {
861
-		struct ep11_urb __user *uxcrb = (void __user *)arg;
862
-		struct ep11_urb xcrb;
863
-
864
-		if (copy_from_user(&xcrb, uxcrb, sizeof(xcrb)))
865
-			return -EFAULT;
866
-		do {
867
-			rc = zcrypt_send_ep11_cprb(&xcrb);
868
-		} while (rc == -EAGAIN);
869
-		/* on failure: retry once again after a requested rescan */
870
-		if ((rc == -ENODEV) && (zcrypt_process_rescan()))
871
-			do {
872
-				rc = zcrypt_send_ep11_cprb(&xcrb);
873
-			} while (rc == -EAGAIN);
874
-		if (rc)
875
-			ZCRYPT_DBF(DBF_DEBUG, "ioctl ZSENDEP11CPRB rc=%d\n", rc);
876
-		if (copy_to_user(uxcrb, &xcrb, sizeof(xcrb)))
877
-			return -EFAULT;
878
-		return rc;
879
-	}
1599
+	case ICARSAMODEXPO:
1600
+		return icarsamodexpo_ioctl(perms, arg);
1601
+	case ICARSACRT:
1602
+		return icarsacrt_ioctl(perms, arg);
1603
+	case ZSECSENDCPRB:
1604
+		return zsecsendcprb_ioctl(perms, arg);
1605
+	case ZSENDEP11CPRB:
1606
+		return zsendep11cprb_ioctl(perms, arg);
880
1607
 	case ZCRYPT_DEVICE_STATUS: {
881
1608
 		struct zcrypt_device_status_ext *device_status;
882
1609
 		size_t total_size = MAX_ZDEV_ENTRIES_EXT
..
..
@@ -996,14 +1723,16 @@
996
1723
 	compat_uptr_t	n_modulus;
997
1724
 };
998
1725
 
999
-static long trans_modexpo32(struct file *filp, unsigned int cmd,
1000
-			    unsigned long arg)
1726
+static long trans_modexpo32(struct ap_perms *perms, struct file *filp,
1727
+			    unsigned int cmd, unsigned long arg)
1001
1728
 {
1002
1729
 	struct compat_ica_rsa_modexpo __user *umex32 = compat_ptr(arg);
1003
1730
 	struct compat_ica_rsa_modexpo mex32;
1004
1731
 	struct ica_rsa_modexpo mex64;
1732
+	struct zcrypt_track tr;
1005
1733
 	long rc;
1006
1734
 
1735
+	memset(&tr, 0, sizeof(tr));
1007
1736
 	if (copy_from_user(&mex32, umex32, sizeof(mex32)))
1008
1737
 		return -EFAULT;
1009
1738
 	mex64.inputdata = compat_ptr(mex32.inputdata);
..
..
@@ -1013,13 +1742,19 @@
1013
1742
 	mex64.b_key = compat_ptr(mex32.b_key);
1014
1743
 	mex64.n_modulus = compat_ptr(mex32.n_modulus);
1015
1744
 	do {
1016
-		rc = zcrypt_rsa_modexpo(&mex64);
1017
-	} while (rc == -EAGAIN);
1745
+		rc = zcrypt_rsa_modexpo(perms, &tr, &mex64);
1746
+		if (rc == -EAGAIN)
1747
+			tr.again_counter++;
1748
+	} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1018
1749
 	/* on failure: retry once again after a requested rescan */
1019
1750
 	if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1020
1751
 		do {
1021
-			rc = zcrypt_rsa_modexpo(&mex64);
1022
-		} while (rc == -EAGAIN);
1752
+			rc = zcrypt_rsa_modexpo(perms, &tr, &mex64);
1753
+			if (rc == -EAGAIN)
1754
+				tr.again_counter++;
1755
+		} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1756
+	if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1757
+		rc = -EIO;
1023
1758
 	if (rc)
1024
1759
 		return rc;
1025
1760
 	return put_user(mex64.outputdatalength,
..
..
@@ -1038,14 +1773,16 @@
1038
1773
 	compat_uptr_t	u_mult_inv;
1039
1774
 };
1040
1775
 
1041
-static long trans_modexpo_crt32(struct file *filp, unsigned int cmd,
1042
-				unsigned long arg)
1776
+static long trans_modexpo_crt32(struct ap_perms *perms, struct file *filp,
1777
+				unsigned int cmd, unsigned long arg)
1043
1778
 {
1044
1779
 	struct compat_ica_rsa_modexpo_crt __user *ucrt32 = compat_ptr(arg);
1045
1780
 	struct compat_ica_rsa_modexpo_crt crt32;
1046
1781
 	struct ica_rsa_modexpo_crt crt64;
1782
+	struct zcrypt_track tr;
1047
1783
 	long rc;
1048
1784
 
1785
+	memset(&tr, 0, sizeof(tr));
1049
1786
 	if (copy_from_user(&crt32, ucrt32, sizeof(crt32)))
1050
1787
 		return -EFAULT;
1051
1788
 	crt64.inputdata = compat_ptr(crt32.inputdata);
..
..
@@ -1058,13 +1795,19 @@
1058
1795
 	crt64.nq_prime = compat_ptr(crt32.nq_prime);
1059
1796
 	crt64.u_mult_inv = compat_ptr(crt32.u_mult_inv);
1060
1797
 	do {
1061
-		rc = zcrypt_rsa_crt(&crt64);
1062
-	} while (rc == -EAGAIN);
1798
+		rc = zcrypt_rsa_crt(perms, &tr, &crt64);
1799
+		if (rc == -EAGAIN)
1800
+			tr.again_counter++;
1801
+	} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1063
1802
 	/* on failure: retry once again after a requested rescan */
1064
1803
 	if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1065
1804
 		do {
1066
-			rc = zcrypt_rsa_crt(&crt64);
1067
-		} while (rc == -EAGAIN);
1805
+			rc = zcrypt_rsa_crt(perms, &tr, &crt64);
1806
+			if (rc == -EAGAIN)
1807
+				tr.again_counter++;
1808
+		} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1809
+	if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1810
+		rc = -EIO;
1068
1811
 	if (rc)
1069
1812
 		return rc;
1070
1813
 	return put_user(crt64.outputdatalength,
..
..
@@ -1091,14 +1834,16 @@
1091
1834
 	unsigned int	status;
1092
1835
 } __packed;
1093
1836
 
1094
-static long trans_xcRB32(struct file *filp, unsigned int cmd,
1095
-			 unsigned long arg)
1837
+static long trans_xcRB32(struct ap_perms *perms, struct file *filp,
1838
+			 unsigned int cmd, unsigned long arg)
1096
1839
 {
1097
1840
 	struct compat_ica_xcRB __user *uxcRB32 = compat_ptr(arg);
1098
1841
 	struct compat_ica_xcRB xcRB32;
1842
+	struct zcrypt_track tr;
1099
1843
 	struct ica_xcRB xcRB64;
1100
1844
 	long rc;
1101
1845
 
1846
+	memset(&tr, 0, sizeof(tr));
1102
1847
 	if (copy_from_user(&xcRB32, uxcRB32, sizeof(xcRB32)))
1103
1848
 		return -EFAULT;
1104
1849
 	xcRB64.agent_ID = xcRB32.agent_ID;
..
..
@@ -1122,13 +1867,19 @@
1122
1867
 	xcRB64.priority_window = xcRB32.priority_window;
1123
1868
 	xcRB64.status = xcRB32.status;
1124
1869
 	do {
1125
-		rc = zcrypt_send_cprb(&xcRB64);
1126
-	} while (rc == -EAGAIN);
1870
+		rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB64);
1871
+		if (rc == -EAGAIN)
1872
+			tr.again_counter++;
1873
+	} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1127
1874
 	/* on failure: retry once again after a requested rescan */
1128
1875
 	if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1129
1876
 		do {
1130
-			rc = zcrypt_send_cprb(&xcRB64);
1131
-		} while (rc == -EAGAIN);
1877
+			rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB64);
1878
+			if (rc == -EAGAIN)
1879
+				tr.again_counter++;
1880
+		} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1881
+	if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1882
+		rc = -EIO;
1132
1883
 	xcRB32.reply_control_blk_length = xcRB64.reply_control_blk_length;
1133
1884
 	xcRB32.reply_data_length = xcRB64.reply_data_length;
1134
1885
 	xcRB32.status = xcRB64.status;
..
..
@@ -1140,12 +1891,20 @@
1140
1891
 static long zcrypt_compat_ioctl(struct file *filp, unsigned int cmd,
1141
1892
 			 unsigned long arg)
1142
1893
 {
1894
+	int rc;
1895
+	struct ap_perms *perms =
1896
+		(struct ap_perms *) filp->private_data;
1897
+
1898
+	rc = zcrypt_check_ioctl(perms, cmd);
1899
+	if (rc)
1900
+		return rc;
1901
+
1143
1902
 	if (cmd == ICARSAMODEXPO)
1144
-		return trans_modexpo32(filp, cmd, arg);
1903
+		return trans_modexpo32(perms, filp, cmd, arg);
1145
1904
 	if (cmd == ICARSACRT)
1146
-		return trans_modexpo_crt32(filp, cmd, arg);
1905
+		return trans_modexpo_crt32(perms, filp, cmd, arg);
1147
1906
 	if (cmd == ZSECSENDCPRB)
1148
-		return trans_xcRB32(filp, cmd, arg);
1907
+		return trans_xcRB32(perms, filp, cmd, arg);
1149
1908
 	return zcrypt_unlocked_ioctl(filp, cmd, arg);
1150
1909
 }
1151
1910
 #endif
..
..
@@ -1263,6 +2022,67 @@
1263
2022
 	debug_unregister(zcrypt_dbf_info);
1264
2023
 }
1265
2024
 
2025
+#ifdef CONFIG_ZCRYPT_MULTIDEVNODES
2026
+
2027
+static int __init zcdn_init(void)
2028
+{
2029
+	int rc;
2030
+
2031
+	/* create a new class 'zcrypt' */
2032
+	zcrypt_class = class_create(THIS_MODULE, ZCRYPT_NAME);
2033
+	if (IS_ERR(zcrypt_class)) {
2034
+		rc = PTR_ERR(zcrypt_class);
2035
+		goto out_class_create_failed;
2036
+	}
2037
+	zcrypt_class->dev_release = zcdn_device_release;
2038
+
2039
+	/* alloc device minor range */
2040
+	rc = alloc_chrdev_region(&zcrypt_devt,
2041
+				 0, ZCRYPT_MAX_MINOR_NODES,
2042
+				 ZCRYPT_NAME);
2043
+	if (rc)
2044
+		goto out_alloc_chrdev_failed;
2045
+
2046
+	cdev_init(&zcrypt_cdev, &zcrypt_fops);
2047
+	zcrypt_cdev.owner = THIS_MODULE;
2048
+	rc = cdev_add(&zcrypt_cdev, zcrypt_devt, ZCRYPT_MAX_MINOR_NODES);
2049
+	if (rc)
2050
+		goto out_cdev_add_failed;
2051
+
2052
+	/* need some class specific sysfs attributes */
2053
+	rc = class_create_file(zcrypt_class, &class_attr_zcdn_create);
2054
+	if (rc)
2055
+		goto out_class_create_file_1_failed;
2056
+	rc = class_create_file(zcrypt_class, &class_attr_zcdn_destroy);
2057
+	if (rc)
2058
+		goto out_class_create_file_2_failed;
2059
+
2060
+	return 0;
2061
+
2062
+out_class_create_file_2_failed:
2063
+	class_remove_file(zcrypt_class, &class_attr_zcdn_create);
2064
+out_class_create_file_1_failed:
2065
+	cdev_del(&zcrypt_cdev);
2066
+out_cdev_add_failed:
2067
+	unregister_chrdev_region(zcrypt_devt, ZCRYPT_MAX_MINOR_NODES);
2068
+out_alloc_chrdev_failed:
2069
+	class_destroy(zcrypt_class);
2070
+out_class_create_failed:
2071
+	return rc;
2072
+}
2073
+
2074
+static void zcdn_exit(void)
2075
+{
2076
+	class_remove_file(zcrypt_class, &class_attr_zcdn_create);
2077
+	class_remove_file(zcrypt_class, &class_attr_zcdn_destroy);
2078
+	zcdn_destroy_all();
2079
+	cdev_del(&zcrypt_cdev);
2080
+	unregister_chrdev_region(zcrypt_devt, ZCRYPT_MAX_MINOR_NODES);
2081
+	class_destroy(zcrypt_class);
2082
+}
2083
+
2084
+#endif
2085
+
1266
2086
 /**
1267
2087
  * zcrypt_api_init(): Module initialization.
1268
2088
  *
..
..
@@ -1276,15 +2096,27 @@
1276
2096
 	if (rc)
1277
2097
 		goto out;
1278
2098
 
2099
+#ifdef CONFIG_ZCRYPT_MULTIDEVNODES
2100
+	rc = zcdn_init();
2101
+	if (rc)
2102
+		goto out;
2103
+#endif
2104
+
1279
2105
 	/* Register the request sprayer. */
1280
2106
 	rc = misc_register(&zcrypt_misc_device);
1281
2107
 	if (rc < 0)
1282
-		goto out;
2108
+		goto out_misc_register_failed;
1283
2109
 
1284
2110
 	zcrypt_msgtype6_init();
1285
2111
 	zcrypt_msgtype50_init();
2112
+
1286
2113
 	return 0;
1287
2114
 
2115
+out_misc_register_failed:
2116
+#ifdef CONFIG_ZCRYPT_MULTIDEVNODES
2117
+	zcdn_exit();
2118
+#endif
2119
+	zcrypt_debug_exit();
1288
2120
 out:
1289
2121
 	return rc;
1290
2122
 }
..
..
@@ -1296,9 +2128,14 @@
1296
2128
  */
1297
2129
 void __exit zcrypt_api_exit(void)
1298
2130
 {
2131
+#ifdef CONFIG_ZCRYPT_MULTIDEVNODES
2132
+	zcdn_exit();
2133
+#endif
1299
2134
 	misc_deregister(&zcrypt_misc_device);
1300
2135
 	zcrypt_msgtype6_exit();
1301
2136
 	zcrypt_msgtype50_exit();
2137
+	zcrypt_ccamisc_exit();
2138
+	zcrypt_ep11misc_exit();
1302
2139
 	zcrypt_debug_exit();
1303
2140
 }
1304
2141