add stmac read mac form eeprom

hc

2023-12-09 b22da3d8526a935aa31e086e63f60ff3246cb61c

 kernel/drivers/s390/crypto/zcrypt_api.c
..
..
@@ -1,8 +1,6 @@
1
1
 // SPDX-License-Identifier: GPL-2.0+
2
2
 /*
3
- *  zcrypt 2.1.0
4
- *
5
- *  Copyright IBM Corp. 2001, 2012
3
+ *  Copyright IBM Corp. 2001, 2018
6
4
  *  Author(s): Robert Burroughs
7
5
  *	       Eric Rossman (edrossma@us.ibm.com)
8
6
  *	       Cornelia Huck <cornelia.huck@de.ibm.com>
..
..
@@ -11,6 +9,7 @@
11
9
  *  Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com>
12
10
  *				  Ralph Wuerthner <rwuerthn@de.ibm.com>
13
11
  *  MSGTYPE restruct:		  Holger Dengler <hd@linux.vnet.ibm.com>
12
+ *  Multiple device nodes: Harald Freudenberger <freude@linux.ibm.com>
14
13
  */
15
14
 
16
15
 #include <linux/module.h>
..
..
@@ -24,6 +23,9 @@
24
23
 #include <linux/uaccess.h>
25
24
 #include <linux/hw_random.h>
26
25
 #include <linux/debugfs.h>
26
+#include <linux/cdev.h>
27
+#include <linux/ctype.h>
28
+#include <linux/capability.h>
27
29
 #include <asm/debug.h>
28
30
 
29
31
 #define CREATE_TRACE_POINTS
..
..
@@ -34,6 +36,8 @@
34
36
 
35
37
 #include "zcrypt_msgtype6.h"
36
38
 #include "zcrypt_msgtype50.h"
39
+#include "zcrypt_ccamisc.h"
40
+#include "zcrypt_ep11misc.h"
37
41
 
38
42
 /*
39
43
  * Module description.
..
..
@@ -108,6 +112,357 @@
108
112
 }
109
113
 EXPORT_SYMBOL(zcrypt_msgtype);
110
114
 
115
+/*
116
+ * Multi device nodes extension functions.
117
+ */
118
+
119
+#ifdef CONFIG_ZCRYPT_MULTIDEVNODES
120
+
121
+struct zcdn_device;
122
+
123
+static struct class *zcrypt_class;
124
+static dev_t zcrypt_devt;
125
+static struct cdev zcrypt_cdev;
126
+
127
+struct zcdn_device {
128
+	struct device device;
129
+	struct ap_perms perms;
130
+};
131
+
132
+#define to_zcdn_dev(x) container_of((x), struct zcdn_device, device)
133
+
134
+#define ZCDN_MAX_NAME 32
135
+
136
+static int zcdn_create(const char *name);
137
+static int zcdn_destroy(const char *name);
138
+
139
+/*
140
+ * Find zcdn device by name.
141
+ * Returns reference to the zcdn device which needs to be released
142
+ * with put_device() after use.
143
+ */
144
+static inline struct zcdn_device *find_zcdndev_by_name(const char *name)
145
+{
146
+	struct device *dev = class_find_device_by_name(zcrypt_class, name);
147
+
148
+	return dev ? to_zcdn_dev(dev) : NULL;
149
+}
150
+
151
+/*
152
+ * Find zcdn device by devt value.
153
+ * Returns reference to the zcdn device which needs to be released
154
+ * with put_device() after use.
155
+ */
156
+static inline struct zcdn_device *find_zcdndev_by_devt(dev_t devt)
157
+{
158
+	struct device *dev = class_find_device_by_devt(zcrypt_class, devt);
159
+
160
+	return dev ? to_zcdn_dev(dev) : NULL;
161
+}
162
+
163
+static ssize_t ioctlmask_show(struct device *dev,
164
+			      struct device_attribute *attr,
165
+			      char *buf)
166
+{
167
+	int i, rc;
168
+	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
169
+
170
+	if (mutex_lock_interruptible(&ap_perms_mutex))
171
+		return -ERESTARTSYS;
172
+
173
+	buf[0] = '0';
174
+	buf[1] = 'x';
175
+	for (i = 0; i < sizeof(zcdndev->perms.ioctlm) / sizeof(long); i++)
176
+		snprintf(buf + 2 + 2 * i * sizeof(long),
177
+			 PAGE_SIZE - 2 - 2 * i * sizeof(long),
178
+			 "%016lx", zcdndev->perms.ioctlm[i]);
179
+	buf[2 + 2 * i * sizeof(long)] = '\n';
180
+	buf[2 + 2 * i * sizeof(long) + 1] = '\0';
181
+	rc = 2 + 2 * i * sizeof(long) + 1;
182
+
183
+	mutex_unlock(&ap_perms_mutex);
184
+
185
+	return rc;
186
+}
187
+
188
+static ssize_t ioctlmask_store(struct device *dev,
189
+			       struct device_attribute *attr,
190
+			       const char *buf, size_t count)
191
+{
192
+	int rc;
193
+	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
194
+
195
+	rc = ap_parse_mask_str(buf, zcdndev->perms.ioctlm,
196
+			       AP_IOCTLS, &ap_perms_mutex);
197
+	if (rc)
198
+		return rc;
199
+
200
+	return count;
201
+}
202
+
203
+static DEVICE_ATTR_RW(ioctlmask);
204
+
205
+static ssize_t apmask_show(struct device *dev,
206
+			   struct device_attribute *attr,
207
+			   char *buf)
208
+{
209
+	int i, rc;
210
+	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
211
+
212
+	if (mutex_lock_interruptible(&ap_perms_mutex))
213
+		return -ERESTARTSYS;
214
+
215
+	buf[0] = '0';
216
+	buf[1] = 'x';
217
+	for (i = 0; i < sizeof(zcdndev->perms.apm) / sizeof(long); i++)
218
+		snprintf(buf + 2 + 2 * i * sizeof(long),
219
+			 PAGE_SIZE - 2 - 2 * i * sizeof(long),
220
+			 "%016lx", zcdndev->perms.apm[i]);
221
+	buf[2 + 2 * i * sizeof(long)] = '\n';
222
+	buf[2 + 2 * i * sizeof(long) + 1] = '\0';
223
+	rc = 2 + 2 * i * sizeof(long) + 1;
224
+
225
+	mutex_unlock(&ap_perms_mutex);
226
+
227
+	return rc;
228
+}
229
+
230
+static ssize_t apmask_store(struct device *dev,
231
+			    struct device_attribute *attr,
232
+			    const char *buf, size_t count)
233
+{
234
+	int rc;
235
+	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
236
+
237
+	rc = ap_parse_mask_str(buf, zcdndev->perms.apm,
238
+			       AP_DEVICES, &ap_perms_mutex);
239
+	if (rc)
240
+		return rc;
241
+
242
+	return count;
243
+}
244
+
245
+static DEVICE_ATTR_RW(apmask);
246
+
247
+static ssize_t aqmask_show(struct device *dev,
248
+			   struct device_attribute *attr,
249
+			   char *buf)
250
+{
251
+	int i, rc;
252
+	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
253
+
254
+	if (mutex_lock_interruptible(&ap_perms_mutex))
255
+		return -ERESTARTSYS;
256
+
257
+	buf[0] = '0';
258
+	buf[1] = 'x';
259
+	for (i = 0; i < sizeof(zcdndev->perms.aqm) / sizeof(long); i++)
260
+		snprintf(buf + 2 + 2 * i * sizeof(long),
261
+			 PAGE_SIZE - 2 - 2 * i * sizeof(long),
262
+			 "%016lx", zcdndev->perms.aqm[i]);
263
+	buf[2 + 2 * i * sizeof(long)] = '\n';
264
+	buf[2 + 2 * i * sizeof(long) + 1] = '\0';
265
+	rc = 2 + 2 * i * sizeof(long) + 1;
266
+
267
+	mutex_unlock(&ap_perms_mutex);
268
+
269
+	return rc;
270
+}
271
+
272
+static ssize_t aqmask_store(struct device *dev,
273
+			    struct device_attribute *attr,
274
+			    const char *buf, size_t count)
275
+{
276
+	int rc;
277
+	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
278
+
279
+	rc = ap_parse_mask_str(buf, zcdndev->perms.aqm,
280
+			       AP_DOMAINS, &ap_perms_mutex);
281
+	if (rc)
282
+		return rc;
283
+
284
+	return count;
285
+}
286
+
287
+static DEVICE_ATTR_RW(aqmask);
288
+
289
+static struct attribute *zcdn_dev_attrs[] = {
290
+	&dev_attr_ioctlmask.attr,
291
+	&dev_attr_apmask.attr,
292
+	&dev_attr_aqmask.attr,
293
+	NULL
294
+};
295
+
296
+static struct attribute_group zcdn_dev_attr_group = {
297
+	.attrs = zcdn_dev_attrs
298
+};
299
+
300
+static const struct attribute_group *zcdn_dev_attr_groups[] = {
301
+	&zcdn_dev_attr_group,
302
+	NULL
303
+};
304
+
305
+static ssize_t zcdn_create_store(struct class *class,
306
+				 struct class_attribute *attr,
307
+				 const char *buf, size_t count)
308
+{
309
+	int rc;
310
+	char name[ZCDN_MAX_NAME];
311
+
312
+	strncpy(name, skip_spaces(buf), sizeof(name));
313
+	name[sizeof(name) - 1] = '\0';
314
+
315
+	rc = zcdn_create(strim(name));
316
+
317
+	return rc ? rc : count;
318
+}
319
+
320
+static const struct class_attribute class_attr_zcdn_create =
321
+	__ATTR(create, 0600, NULL, zcdn_create_store);
322
+
323
+static ssize_t zcdn_destroy_store(struct class *class,
324
+				  struct class_attribute *attr,
325
+				  const char *buf, size_t count)
326
+{
327
+	int rc;
328
+	char name[ZCDN_MAX_NAME];
329
+
330
+	strncpy(name, skip_spaces(buf), sizeof(name));
331
+	name[sizeof(name) - 1] = '\0';
332
+
333
+	rc = zcdn_destroy(strim(name));
334
+
335
+	return rc ? rc : count;
336
+}
337
+
338
+static const struct class_attribute class_attr_zcdn_destroy =
339
+	__ATTR(destroy, 0600, NULL, zcdn_destroy_store);
340
+
341
+static void zcdn_device_release(struct device *dev)
342
+{
343
+	struct zcdn_device *zcdndev = to_zcdn_dev(dev);
344
+
345
+	ZCRYPT_DBF(DBF_INFO, "releasing zcdn device %d:%d\n",
346
+		   MAJOR(dev->devt), MINOR(dev->devt));
347
+
348
+	kfree(zcdndev);
349
+}
350
+
351
+static int zcdn_create(const char *name)
352
+{
353
+	dev_t devt;
354
+	int i, rc = 0;
355
+	char nodename[ZCDN_MAX_NAME];
356
+	struct zcdn_device *zcdndev;
357
+
358
+	if (mutex_lock_interruptible(&ap_perms_mutex))
359
+		return -ERESTARTSYS;
360
+
361
+	/* check if device node with this name already exists */
362
+	if (name[0]) {
363
+		zcdndev = find_zcdndev_by_name(name);
364
+		if (zcdndev) {
365
+			put_device(&zcdndev->device);
366
+			rc = -EEXIST;
367
+			goto unlockout;
368
+		}
369
+	}
370
+
371
+	/* find an unused minor number */
372
+	for (i = 0; i < ZCRYPT_MAX_MINOR_NODES; i++) {
373
+		devt = MKDEV(MAJOR(zcrypt_devt), MINOR(zcrypt_devt) + i);
374
+		zcdndev = find_zcdndev_by_devt(devt);
375
+		if (zcdndev)
376
+			put_device(&zcdndev->device);
377
+		else
378
+			break;
379
+	}
380
+	if (i == ZCRYPT_MAX_MINOR_NODES) {
381
+		rc = -ENOSPC;
382
+		goto unlockout;
383
+	}
384
+
385
+	/* alloc and prepare a new zcdn device */
386
+	zcdndev = kzalloc(sizeof(*zcdndev), GFP_KERNEL);
387
+	if (!zcdndev) {
388
+		rc = -ENOMEM;
389
+		goto unlockout;
390
+	}
391
+	zcdndev->device.release = zcdn_device_release;
392
+	zcdndev->device.class = zcrypt_class;
393
+	zcdndev->device.devt = devt;
394
+	zcdndev->device.groups = zcdn_dev_attr_groups;
395
+	if (name[0])
396
+		strncpy(nodename, name, sizeof(nodename));
397
+	else
398
+		snprintf(nodename, sizeof(nodename),
399
+			 ZCRYPT_NAME "_%d", (int) MINOR(devt));
400
+	nodename[sizeof(nodename)-1] = '\0';
401
+	if (dev_set_name(&zcdndev->device, nodename)) {
402
+		rc = -EINVAL;
403
+		goto unlockout;
404
+	}
405
+	rc = device_register(&zcdndev->device);
406
+	if (rc) {
407
+		put_device(&zcdndev->device);
408
+		goto unlockout;
409
+	}
410
+
411
+	ZCRYPT_DBF(DBF_INFO, "created zcdn device %d:%d\n",
412
+		   MAJOR(devt), MINOR(devt));
413
+
414
+unlockout:
415
+	mutex_unlock(&ap_perms_mutex);
416
+	return rc;
417
+}
418
+
419
+static int zcdn_destroy(const char *name)
420
+{
421
+	int rc = 0;
422
+	struct zcdn_device *zcdndev;
423
+
424
+	if (mutex_lock_interruptible(&ap_perms_mutex))
425
+		return -ERESTARTSYS;
426
+
427
+	/* try to find this zcdn device */
428
+	zcdndev = find_zcdndev_by_name(name);
429
+	if (!zcdndev) {
430
+		rc = -ENOENT;
431
+		goto unlockout;
432
+	}
433
+
434
+	/*
435
+	 * The zcdn device is not hard destroyed. It is subject to
436
+	 * reference counting and thus just needs to be unregistered.
437
+	 */
438
+	put_device(&zcdndev->device);
439
+	device_unregister(&zcdndev->device);
440
+
441
+unlockout:
442
+	mutex_unlock(&ap_perms_mutex);
443
+	return rc;
444
+}
445
+
446
+static void zcdn_destroy_all(void)
447
+{
448
+	int i;
449
+	dev_t devt;
450
+	struct zcdn_device *zcdndev;
451
+
452
+	mutex_lock(&ap_perms_mutex);
453
+	for (i = 0; i < ZCRYPT_MAX_MINOR_NODES; i++) {
454
+		devt = MKDEV(MAJOR(zcrypt_devt), MINOR(zcrypt_devt) + i);
455
+		zcdndev = find_zcdndev_by_devt(devt);
456
+		if (zcdndev) {
457
+			put_device(&zcdndev->device);
458
+			device_unregister(&zcdndev->device);
459
+		}
460
+	}
461
+	mutex_unlock(&ap_perms_mutex);
462
+}
463
+
464
+#endif
465
+
111
466
 /**
112
467
  * zcrypt_read (): Not supported beyond zcrypt 1.3.1.
113
468
  *
..
..
@@ -137,8 +492,25 @@
137
492
  */
138
493
 static int zcrypt_open(struct inode *inode, struct file *filp)
139
494
 {
495
+	struct ap_perms *perms = &ap_perms;
496
+
497
+#ifdef CONFIG_ZCRYPT_MULTIDEVNODES
498
+	if (filp->f_inode->i_cdev == &zcrypt_cdev) {
499
+		struct zcdn_device *zcdndev;
500
+
501
+		if (mutex_lock_interruptible(&ap_perms_mutex))
502
+			return -ERESTARTSYS;
503
+		zcdndev = find_zcdndev_by_devt(filp->f_inode->i_rdev);
504
+		/* find returns a reference, no get_device() needed */
505
+		mutex_unlock(&ap_perms_mutex);
506
+		if (zcdndev)
507
+			perms = &zcdndev->perms;
508
+	}
509
+#endif
510
+	filp->private_data = (void *) perms;
511
+
140
512
 	atomic_inc(&zcrypt_open_count);
141
-	return nonseekable_open(inode, filp);
513
+	return stream_open(inode, filp);
142
514
 }
143
515
 
144
516
 /**
..
..
@@ -148,12 +520,57 @@
148
520
  */
149
521
 static int zcrypt_release(struct inode *inode, struct file *filp)
150
522
 {
523
+#ifdef CONFIG_ZCRYPT_MULTIDEVNODES
524
+	if (filp->f_inode->i_cdev == &zcrypt_cdev) {
525
+		struct zcdn_device *zcdndev;
526
+
527
+		mutex_lock(&ap_perms_mutex);
528
+		zcdndev = find_zcdndev_by_devt(filp->f_inode->i_rdev);
529
+		mutex_unlock(&ap_perms_mutex);
530
+		if (zcdndev) {
531
+			/* 2 puts here: one for find, one for open */
532
+			put_device(&zcdndev->device);
533
+			put_device(&zcdndev->device);
534
+		}
535
+	}
536
+#endif
537
+
151
538
 	atomic_dec(&zcrypt_open_count);
152
539
 	return 0;
153
540
 }
154
541
 
542
+static inline int zcrypt_check_ioctl(struct ap_perms *perms,
543
+				     unsigned int cmd)
544
+{
545
+	int rc = -EPERM;
546
+	int ioctlnr = (cmd & _IOC_NRMASK) >> _IOC_NRSHIFT;
547
+
548
+	if (ioctlnr > 0 && ioctlnr < AP_IOCTLS) {
549
+		if (test_bit_inv(ioctlnr, perms->ioctlm))
550
+			rc = 0;
551
+	}
552
+
553
+	if (rc)
554
+		ZCRYPT_DBF(DBF_WARN,
555
+			   "ioctl check failed: ioctlnr=0x%04x rc=%d\n",
556
+			   ioctlnr, rc);
557
+
558
+	return rc;
559
+}
560
+
561
+static inline bool zcrypt_check_card(struct ap_perms *perms, int card)
562
+{
563
+	return test_bit_inv(card, perms->apm) ? true : false;
564
+}
565
+
566
+static inline bool zcrypt_check_queue(struct ap_perms *perms, int queue)
567
+{
568
+	return test_bit_inv(queue, perms->aqm) ? true : false;
569
+}
570
+
155
571
 static inline struct zcrypt_queue *zcrypt_pick_queue(struct zcrypt_card *zc,
156
572
 						     struct zcrypt_queue *zq,
573
+						     struct module **pmod,
157
574
 						     unsigned int weight)
158
575
 {
159
576
 	if (!zq || !try_module_get(zq->queue->ap_dev.drv->driver.owner))
..
..
@@ -163,15 +580,15 @@
163
580
 	atomic_add(weight, &zc->load);
164
581
 	atomic_add(weight, &zq->load);
165
582
 	zq->request_count++;
583
+	*pmod = zq->queue->ap_dev.drv->driver.owner;
166
584
 	return zq;
167
585
 }
168
586
 
169
587
 static inline void zcrypt_drop_queue(struct zcrypt_card *zc,
170
588
 				     struct zcrypt_queue *zq,
589
+				     struct module *mod,
171
590
 				     unsigned int weight)
172
591
 {
173
-	struct module *mod = zq->queue->ap_dev.drv->driver.owner;
174
-
175
592
 	zq->request_count--;
176
593
 	atomic_sub(weight, &zc->load);
177
594
 	atomic_sub(weight, &zq->load);
..
..
@@ -186,13 +603,13 @@
186
603
 				       unsigned int pref_weight)
187
604
 {
188
605
 	if (!pref_zc)
189
-		return false;
606
+		return true;
190
607
 	weight += atomic_read(&zc->load);
191
608
 	pref_weight += atomic_read(&pref_zc->load);
192
609
 	if (weight == pref_weight)
193
-		return atomic64_read(&zc->card->total_request_count) >
610
+		return atomic64_read(&zc->card->total_request_count) <
194
611
 			atomic64_read(&pref_zc->card->total_request_count);
195
-	return weight > pref_weight;
612
+	return weight < pref_weight;
196
613
 }
197
614
 
198
615
 static inline bool zcrypt_queue_compare(struct zcrypt_queue *zq,
..
..
@@ -201,27 +618,38 @@
201
618
 					unsigned int pref_weight)
202
619
 {
203
620
 	if (!pref_zq)
204
-		return false;
621
+		return true;
205
622
 	weight += atomic_read(&zq->load);
206
623
 	pref_weight += atomic_read(&pref_zq->load);
207
624
 	if (weight == pref_weight)
208
-		return zq->queue->total_request_count >
625
+		return zq->queue->total_request_count <
209
626
 			pref_zq->queue->total_request_count;
210
-	return weight > pref_weight;
627
+	return weight < pref_weight;
211
628
 }
212
629
 
213
630
 /*
214
631
  * zcrypt ioctls.
215
632
  */
216
-static long zcrypt_rsa_modexpo(struct ica_rsa_modexpo *mex)
633
+static long zcrypt_rsa_modexpo(struct ap_perms *perms,
634
+			       struct zcrypt_track *tr,
635
+			       struct ica_rsa_modexpo *mex)
217
636
 {
218
637
 	struct zcrypt_card *zc, *pref_zc;
219
638
 	struct zcrypt_queue *zq, *pref_zq;
220
-	unsigned int weight, pref_weight;
639
+	struct ap_message ap_msg;
640
+	unsigned int wgt = 0, pref_wgt = 0;
221
641
 	unsigned int func_code;
222
-	int qid = 0, rc = -ENODEV;
642
+	int cpen, qpen, qid = 0, rc = -ENODEV;
643
+	struct module *mod;
223
644
 
224
645
 	trace_s390_zcrypt_req(mex, TP_ICARSAMODEXPO);
646
+
647
+	ap_init_message(&ap_msg);
648
+
649
+#ifdef CONFIG_ZCRYPT_DEBUG
650
+	if (tr && tr->fi.cmd)
651
+		ap_msg.fi.cmd = tr->fi.cmd;
652
+#endif
225
653
 
226
654
 	if (mex->outputdatalength < mex->inputdatalength) {
227
655
 		func_code = 0;
..
..
@@ -244,30 +672,47 @@
244
672
 	pref_zq = NULL;
245
673
 	spin_lock(&zcrypt_list_lock);
246
674
 	for_each_zcrypt_card(zc) {
247
-		/* Check for online accelarator and CCA cards */
248
-		if (!zc->online || !(zc->card->functions & 0x18000000))
675
+		/* Check for useable accelarator or CCA card */
676
+		if (!zc->online || !zc->card->config ||
677
+		    !(zc->card->functions & 0x18000000))
249
678
 			continue;
250
679
 		/* Check for size limits */
251
680
 		if (zc->min_mod_size > mex->inputdatalength ||
252
681
 		    zc->max_mod_size < mex->inputdatalength)
253
682
 			continue;
683
+		/* check if device node has admission for this card */
684
+		if (!zcrypt_check_card(perms, zc->card->id))
685
+			continue;
254
686
 		/* get weight index of the card device	*/
255
-		weight = zc->speed_rating[func_code];
256
-		if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight))
687
+		wgt = zc->speed_rating[func_code];
688
+		/* penalty if this msg was previously sent via this card */
689
+		cpen = (tr && tr->again_counter && tr->last_qid &&
690
+			AP_QID_CARD(tr->last_qid) == zc->card->id) ?
691
+			TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0;
692
+		if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt))
257
693
 			continue;
258
694
 		for_each_zcrypt_queue(zq, zc) {
259
-			/* check if device is online and eligible */
260
-			if (!zq->online || !zq->ops->rsa_modexpo)
695
+			/* check if device is useable and eligible */
696
+			if (!zq->online || !zq->ops->rsa_modexpo ||
697
+			    !zq->queue->config)
261
698
 				continue;
262
-			if (zcrypt_queue_compare(zq, pref_zq,
263
-						 weight, pref_weight))
699
+			/* check if device node has admission for this queue */
700
+			if (!zcrypt_check_queue(perms,
701
+						AP_QID_QUEUE(zq->queue->qid)))
702
+				continue;
703
+			/* penalty if the msg was previously sent at this qid */
704
+			qpen = (tr && tr->again_counter && tr->last_qid &&
705
+				tr->last_qid == zq->queue->qid) ?
706
+				TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0;
707
+			if (!zcrypt_queue_compare(zq, pref_zq,
708
+						  wgt + cpen + qpen, pref_wgt))
264
709
 				continue;
265
710
 			pref_zc = zc;
266
711
 			pref_zq = zq;
267
-			pref_weight = weight;
712
+			pref_wgt = wgt + cpen + qpen;
268
713
 		}
269
714
 	}
270
-	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, weight);
715
+	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
271
716
 	spin_unlock(&zcrypt_list_lock);
272
717
 
273
718
 	if (!pref_zq) {
..
..
@@ -276,27 +721,43 @@
276
721
 	}
277
722
 
278
723
 	qid = pref_zq->queue->qid;
279
-	rc = pref_zq->ops->rsa_modexpo(pref_zq, mex);
724
+	rc = pref_zq->ops->rsa_modexpo(pref_zq, mex, &ap_msg);
280
725
 
281
726
 	spin_lock(&zcrypt_list_lock);
282
-	zcrypt_drop_queue(pref_zc, pref_zq, weight);
727
+	zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
283
728
 	spin_unlock(&zcrypt_list_lock);
284
729
 
285
730
 out:
731
+	ap_release_message(&ap_msg);
732
+	if (tr) {
733
+		tr->last_rc = rc;
734
+		tr->last_qid = qid;
735
+	}
286
736
 	trace_s390_zcrypt_rep(mex, func_code, rc,
287
737
 			      AP_QID_CARD(qid), AP_QID_QUEUE(qid));
288
738
 	return rc;
289
739
 }
290
740
 
291
-static long zcrypt_rsa_crt(struct ica_rsa_modexpo_crt *crt)
741
+static long zcrypt_rsa_crt(struct ap_perms *perms,
742
+			   struct zcrypt_track *tr,
743
+			   struct ica_rsa_modexpo_crt *crt)
292
744
 {
293
745
 	struct zcrypt_card *zc, *pref_zc;
294
746
 	struct zcrypt_queue *zq, *pref_zq;
295
-	unsigned int weight, pref_weight;
747
+	struct ap_message ap_msg;
748
+	unsigned int wgt = 0, pref_wgt = 0;
296
749
 	unsigned int func_code;
297
-	int qid = 0, rc = -ENODEV;
750
+	int cpen, qpen, qid = 0, rc = -ENODEV;
751
+	struct module *mod;
298
752
 
299
753
 	trace_s390_zcrypt_req(crt, TP_ICARSACRT);
754
+
755
+	ap_init_message(&ap_msg);
756
+
757
+#ifdef CONFIG_ZCRYPT_DEBUG
758
+	if (tr && tr->fi.cmd)
759
+		ap_msg.fi.cmd = tr->fi.cmd;
760
+#endif
300
761
 
301
762
 	if (crt->outputdatalength < crt->inputdatalength) {
302
763
 		func_code = 0;
..
..
@@ -319,30 +780,47 @@
319
780
 	pref_zq = NULL;
320
781
 	spin_lock(&zcrypt_list_lock);
321
782
 	for_each_zcrypt_card(zc) {
322
-		/* Check for online accelarator and CCA cards */
323
-		if (!zc->online || !(zc->card->functions & 0x18000000))
783
+		/* Check for useable accelarator or CCA card */
784
+		if (!zc->online || !zc->card->config ||
785
+		    !(zc->card->functions & 0x18000000))
324
786
 			continue;
325
787
 		/* Check for size limits */
326
788
 		if (zc->min_mod_size > crt->inputdatalength ||
327
789
 		    zc->max_mod_size < crt->inputdatalength)
328
790
 			continue;
791
+		/* check if device node has admission for this card */
792
+		if (!zcrypt_check_card(perms, zc->card->id))
793
+			continue;
329
794
 		/* get weight index of the card device	*/
330
-		weight = zc->speed_rating[func_code];
331
-		if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight))
795
+		wgt = zc->speed_rating[func_code];
796
+		/* penalty if this msg was previously sent via this card */
797
+		cpen = (tr && tr->again_counter && tr->last_qid &&
798
+			AP_QID_CARD(tr->last_qid) == zc->card->id) ?
799
+			TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0;
800
+		if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt))
332
801
 			continue;
333
802
 		for_each_zcrypt_queue(zq, zc) {
334
-			/* check if device is online and eligible */
335
-			if (!zq->online || !zq->ops->rsa_modexpo_crt)
803
+			/* check if device is useable and eligible */
804
+			if (!zq->online || !zq->ops->rsa_modexpo_crt ||
805
+			    !zq->queue->config)
336
806
 				continue;
337
-			if (zcrypt_queue_compare(zq, pref_zq,
338
-						 weight, pref_weight))
807
+			/* check if device node has admission for this queue */
808
+			if (!zcrypt_check_queue(perms,
809
+						AP_QID_QUEUE(zq->queue->qid)))
810
+				continue;
811
+			/* penalty if the msg was previously sent at this qid */
812
+			qpen = (tr && tr->again_counter && tr->last_qid &&
813
+				tr->last_qid == zq->queue->qid) ?
814
+				TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0;
815
+			if (!zcrypt_queue_compare(zq, pref_zq,
816
+						  wgt + cpen + qpen, pref_wgt))
339
817
 				continue;
340
818
 			pref_zc = zc;
341
819
 			pref_zq = zq;
342
-			pref_weight = weight;
820
+			pref_wgt = wgt + cpen + qpen;
343
821
 		}
344
822
 	}
345
-	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, weight);
823
+	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
346
824
 	spin_unlock(&zcrypt_list_lock);
347
825
 
348
826
 	if (!pref_zq) {
..
..
@@ -351,66 +829,114 @@
351
829
 	}
352
830
 
353
831
 	qid = pref_zq->queue->qid;
354
-	rc = pref_zq->ops->rsa_modexpo_crt(pref_zq, crt);
832
+	rc = pref_zq->ops->rsa_modexpo_crt(pref_zq, crt, &ap_msg);
355
833
 
356
834
 	spin_lock(&zcrypt_list_lock);
357
-	zcrypt_drop_queue(pref_zc, pref_zq, weight);
835
+	zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
358
836
 	spin_unlock(&zcrypt_list_lock);
359
837
 
360
838
 out:
839
+	ap_release_message(&ap_msg);
840
+	if (tr) {
841
+		tr->last_rc = rc;
842
+		tr->last_qid = qid;
843
+	}
361
844
 	trace_s390_zcrypt_rep(crt, func_code, rc,
362
845
 			      AP_QID_CARD(qid), AP_QID_QUEUE(qid));
363
846
 	return rc;
364
847
 }
365
848
 
366
-long zcrypt_send_cprb(struct ica_xcRB *xcRB)
849
+static long _zcrypt_send_cprb(bool userspace, struct ap_perms *perms,
850
+			      struct zcrypt_track *tr,
851
+			      struct ica_xcRB *xcRB)
367
852
 {
368
853
 	struct zcrypt_card *zc, *pref_zc;
369
854
 	struct zcrypt_queue *zq, *pref_zq;
370
855
 	struct ap_message ap_msg;
371
-	unsigned int weight, pref_weight;
856
+	unsigned int wgt = 0, pref_wgt = 0;
372
857
 	unsigned int func_code;
373
-	unsigned short *domain;
374
-	int qid = 0, rc = -ENODEV;
858
+	unsigned short *domain, tdom;
859
+	int cpen, qpen, qid = 0, rc = -ENODEV;
860
+	struct module *mod;
375
861
 
376
862
 	trace_s390_zcrypt_req(xcRB, TB_ZSECSENDCPRB);
377
863
 
864
+	xcRB->status = 0;
378
865
 	ap_init_message(&ap_msg);
379
-	rc = get_cprb_fc(xcRB, &ap_msg, &func_code, &domain);
866
+
867
+#ifdef CONFIG_ZCRYPT_DEBUG
868
+	if (tr && tr->fi.cmd)
869
+		ap_msg.fi.cmd = tr->fi.cmd;
870
+	if (tr && tr->fi.action == AP_FI_ACTION_CCA_AGENT_FF) {
871
+		ZCRYPT_DBF_WARN("%s fi cmd 0x%04x: forcing invalid agent_ID 'FF'\n",
872
+				__func__, tr->fi.cmd);
873
+		xcRB->agent_ID = 0x4646;
874
+	}
875
+#endif
876
+
877
+	rc = get_cprb_fc(userspace, xcRB, &ap_msg, &func_code, &domain);
380
878
 	if (rc)
381
879
 		goto out;
880
+
881
+	/*
882
+	 * If a valid target domain is set and this domain is NOT a usage
883
+	 * domain but a control only domain, use the default domain as target.
884
+	 */
885
+	tdom = *domain;
886
+	if (tdom < AP_DOMAINS &&
887
+	    !ap_test_config_usage_domain(tdom) &&
888
+	    ap_test_config_ctrl_domain(tdom) &&
889
+	    ap_domain_index >= 0)
890
+		tdom = ap_domain_index;
382
891
 
383
892
 	pref_zc = NULL;
384
893
 	pref_zq = NULL;
385
894
 	spin_lock(&zcrypt_list_lock);
386
895
 	for_each_zcrypt_card(zc) {
387
-		/* Check for online CCA cards */
388
-		if (!zc->online || !(zc->card->functions & 0x10000000))
896
+		/* Check for useable CCA card */
897
+		if (!zc->online || !zc->card->config ||
898
+		    !(zc->card->functions & 0x10000000))
389
899
 			continue;
390
900
 		/* Check for user selected CCA card */
391
901
 		if (xcRB->user_defined != AUTOSELECT &&
392
902
 		    xcRB->user_defined != zc->card->id)
393
903
 			continue;
904
+		/* check if device node has admission for this card */
905
+		if (!zcrypt_check_card(perms, zc->card->id))
906
+			continue;
394
907
 		/* get weight index of the card device	*/
395
-		weight = speed_idx_cca(func_code) * zc->speed_rating[SECKEY];
396
-		if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight))
908
+		wgt = speed_idx_cca(func_code) * zc->speed_rating[SECKEY];
909
+		/* penalty if this msg was previously sent via this card */
910
+		cpen = (tr && tr->again_counter && tr->last_qid &&
911
+			AP_QID_CARD(tr->last_qid) == zc->card->id) ?
912
+			TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0;
913
+		if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt))
397
914
 			continue;
398
915
 		for_each_zcrypt_queue(zq, zc) {
399
-			/* check if device is online and eligible */
916
+			/* check for device useable and eligible */
400
917
 			if (!zq->online ||
401
918
 			    !zq->ops->send_cprb ||
402
-			    ((*domain != (unsigned short) AUTOSELECT) &&
403
-			     (*domain != AP_QID_QUEUE(zq->queue->qid))))
919
+			    !zq->queue->config ||
920
+			    (tdom != AUTOSEL_DOM &&
921
+			     tdom != AP_QID_QUEUE(zq->queue->qid)))
404
922
 				continue;
405
-			if (zcrypt_queue_compare(zq, pref_zq,
406
-						 weight, pref_weight))
923
+			/* check if device node has admission for this queue */
924
+			if (!zcrypt_check_queue(perms,
925
+						AP_QID_QUEUE(zq->queue->qid)))
926
+				continue;
927
+			/* penalty if the msg was previously sent at this qid */
928
+			qpen = (tr && tr->again_counter && tr->last_qid &&
929
+				tr->last_qid == zq->queue->qid) ?
930
+				TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0;
931
+			if (!zcrypt_queue_compare(zq, pref_zq,
932
+						  wgt + cpen + qpen, pref_wgt))
407
933
 				continue;
408
934
 			pref_zc = zc;
409
935
 			pref_zq = zq;
410
-			pref_weight = weight;
936
+			pref_wgt = wgt + cpen + qpen;
411
937
 		}
412
938
 	}
413
-	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, weight);
939
+	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
414
940
 	spin_unlock(&zcrypt_list_lock);
415
941
 
416
942
 	if (!pref_zq) {
..
..
@@ -420,20 +946,37 @@
420
946
 
421
947
 	/* in case of auto select, provide the correct domain */
422
948
 	qid = pref_zq->queue->qid;
423
-	if (*domain == (unsigned short) AUTOSELECT)
949
+	if (*domain == AUTOSEL_DOM)
424
950
 		*domain = AP_QID_QUEUE(qid);
425
951
 
426
-	rc = pref_zq->ops->send_cprb(pref_zq, xcRB, &ap_msg);
952
+#ifdef CONFIG_ZCRYPT_DEBUG
953
+	if (tr && tr->fi.action == AP_FI_ACTION_CCA_DOM_INVAL) {
954
+		ZCRYPT_DBF_WARN("%s fi cmd 0x%04x: forcing invalid domain\n",
955
+				__func__, tr->fi.cmd);
956
+		*domain = 99;
957
+	}
958
+#endif
959
+
960
+	rc = pref_zq->ops->send_cprb(userspace, pref_zq, xcRB, &ap_msg);
427
961
 
428
962
 	spin_lock(&zcrypt_list_lock);
429
-	zcrypt_drop_queue(pref_zc, pref_zq, weight);
963
+	zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
430
964
 	spin_unlock(&zcrypt_list_lock);
431
965
 
432
966
 out:
433
967
 	ap_release_message(&ap_msg);
968
+	if (tr) {
969
+		tr->last_rc = rc;
970
+		tr->last_qid = qid;
971
+	}
434
972
 	trace_s390_zcrypt_rep(xcRB, func_code, rc,
435
973
 			      AP_QID_CARD(qid), AP_QID_QUEUE(qid));
436
974
 	return rc;
975
+}
976
+
977
+long zcrypt_send_cprb(struct ica_xcRB *xcRB)
978
+{
979
+	return _zcrypt_send_cprb(false, &ap_perms, NULL, xcRB);
437
980
 }
438
981
 EXPORT_SYMBOL(zcrypt_send_cprb);
439
982
 
..
..
@@ -442,7 +985,7 @@
442
985
 				 struct ep11_target_dev *targets)
443
986
 {
444
987
 	while (target_num-- > 0) {
445
-		if (dev_id == targets->ap_id)
988
+		if (targets->ap_id == dev_id || targets->ap_id == AUTOSEL_AP)
446
989
 			return true;
447
990
 		targets++;
448
991
 	}
..
..
@@ -453,28 +996,39 @@
453
996
 				  unsigned short target_num,
454
997
 				  struct ep11_target_dev *targets)
455
998
 {
999
+	int card = AP_QID_CARD(dev_qid), dom = AP_QID_QUEUE(dev_qid);
1000
+
456
1001
 	while (target_num-- > 0) {
457
-		if (AP_MKQID(targets->ap_id, targets->dom_id) == dev_qid)
1002
+		if ((targets->ap_id == card || targets->ap_id == AUTOSEL_AP) &&
1003
+		    (targets->dom_id == dom || targets->dom_id == AUTOSEL_DOM))
458
1004
 			return true;
459
1005
 		targets++;
460
1006
 	}
461
1007
 	return false;
462
1008
 }
463
1009
 
464
-static long zcrypt_send_ep11_cprb(struct ep11_urb *xcrb)
1010
+static long _zcrypt_send_ep11_cprb(bool userspace, struct ap_perms *perms,
1011
+				   struct zcrypt_track *tr,
1012
+				   struct ep11_urb *xcrb)
465
1013
 {
466
1014
 	struct zcrypt_card *zc, *pref_zc;
467
1015
 	struct zcrypt_queue *zq, *pref_zq;
468
1016
 	struct ep11_target_dev *targets;
469
1017
 	unsigned short target_num;
470
-	unsigned int weight, pref_weight;
1018
+	unsigned int wgt = 0, pref_wgt = 0;
471
1019
 	unsigned int func_code;
472
1020
 	struct ap_message ap_msg;
473
-	int qid = 0, rc = -ENODEV;
1021
+	int cpen, qpen, qid = 0, rc = -ENODEV;
1022
+	struct module *mod;
474
1023
 
475
1024
 	trace_s390_zcrypt_req(xcrb, TP_ZSENDEP11CPRB);
476
1025
 
477
1026
 	ap_init_message(&ap_msg);
1027
+
1028
+#ifdef CONFIG_ZCRYPT_DEBUG
1029
+	if (tr && tr->fi.cmd)
1030
+		ap_msg.fi.cmd = tr->fi.cmd;
1031
+#endif
478
1032
 
479
1033
 	target_num = (unsigned short) xcrb->targets_num;
480
1034
 
..
..
@@ -491,7 +1045,7 @@
491
1045
 		}
492
1046
 
493
1047
 		uptr = (struct ep11_target_dev __force __user *) xcrb->targets;
494
-		if (copy_from_user(targets, uptr,
1048
+		if (z_copy_from_user(userspace, targets, uptr,
495
1049
 				   target_num * sizeof(*targets))) {
496
1050
 			func_code = 0;
497
1051
 			rc = -EFAULT;
..
..
@@ -499,7 +1053,7 @@
499
1053
 		}
500
1054
 	}
501
1055
 
502
-	rc = get_ep11cprb_fc(xcrb, &ap_msg, &func_code);
1056
+	rc = get_ep11cprb_fc(userspace, xcrb, &ap_msg, &func_code);
503
1057
 	if (rc)
504
1058
 		goto out_free;
505
1059
 
..
..
@@ -507,34 +1061,51 @@
507
1061
 	pref_zq = NULL;
508
1062
 	spin_lock(&zcrypt_list_lock);
509
1063
 	for_each_zcrypt_card(zc) {
510
-		/* Check for online EP11 cards */
511
-		if (!zc->online || !(zc->card->functions & 0x04000000))
1064
+		/* Check for useable EP11 card */
1065
+		if (!zc->online || !zc->card->config ||
1066
+		    !(zc->card->functions & 0x04000000))
512
1067
 			continue;
513
1068
 		/* Check for user selected EP11 card */
514
1069
 		if (targets &&
515
1070
 		    !is_desired_ep11_card(zc->card->id, target_num, targets))
516
1071
 			continue;
1072
+		/* check if device node has admission for this card */
1073
+		if (!zcrypt_check_card(perms, zc->card->id))
1074
+			continue;
517
1075
 		/* get weight index of the card device	*/
518
-		weight = speed_idx_ep11(func_code) * zc->speed_rating[SECKEY];
519
-		if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight))
1076
+		wgt = speed_idx_ep11(func_code) * zc->speed_rating[SECKEY];
1077
+		/* penalty if this msg was previously sent via this card */
1078
+		cpen = (tr && tr->again_counter && tr->last_qid &&
1079
+			AP_QID_CARD(tr->last_qid) == zc->card->id) ?
1080
+			TRACK_AGAIN_CARD_WEIGHT_PENALTY : 0;
1081
+		if (!zcrypt_card_compare(zc, pref_zc, wgt + cpen, pref_wgt))
520
1082
 			continue;
521
1083
 		for_each_zcrypt_queue(zq, zc) {
522
-			/* check if device is online and eligible */
1084
+			/* check if device is useable and eligible */
523
1085
 			if (!zq->online ||
524
1086
 			    !zq->ops->send_ep11_cprb ||
1087
+			    !zq->queue->config ||
525
1088
 			    (targets &&
526
1089
 			     !is_desired_ep11_queue(zq->queue->qid,
527
1090
 						    target_num, targets)))
528
1091
 				continue;
529
-			if (zcrypt_queue_compare(zq, pref_zq,
530
-						 weight, pref_weight))
1092
+			/* check if device node has admission for this queue */
1093
+			if (!zcrypt_check_queue(perms,
1094
+						AP_QID_QUEUE(zq->queue->qid)))
1095
+				continue;
1096
+			/* penalty if the msg was previously sent at this qid */
1097
+			qpen = (tr && tr->again_counter && tr->last_qid &&
1098
+				tr->last_qid == zq->queue->qid) ?
1099
+				TRACK_AGAIN_QUEUE_WEIGHT_PENALTY : 0;
1100
+			if (!zcrypt_queue_compare(zq, pref_zq,
1101
+						  wgt + cpen + qpen, pref_wgt))
531
1102
 				continue;
532
1103
 			pref_zc = zc;
533
1104
 			pref_zq = zq;
534
-			pref_weight = weight;
1105
+			pref_wgt = wgt + cpen + qpen;
535
1106
 		}
536
1107
 	}
537
-	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, weight);
1108
+	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
538
1109
 	spin_unlock(&zcrypt_list_lock);
539
1110
 
540
1111
 	if (!pref_zq) {
..
..
@@ -543,30 +1114,41 @@
543
1114
 	}
544
1115
 
545
1116
 	qid = pref_zq->queue->qid;
546
-	rc = pref_zq->ops->send_ep11_cprb(pref_zq, xcrb, &ap_msg);
1117
+	rc = pref_zq->ops->send_ep11_cprb(userspace, pref_zq, xcrb, &ap_msg);
547
1118
 
548
1119
 	spin_lock(&zcrypt_list_lock);
549
-	zcrypt_drop_queue(pref_zc, pref_zq, weight);
1120
+	zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
550
1121
 	spin_unlock(&zcrypt_list_lock);
551
1122
 
552
1123
 out_free:
553
1124
 	kfree(targets);
554
1125
 out:
555
1126
 	ap_release_message(&ap_msg);
1127
+	if (tr) {
1128
+		tr->last_rc = rc;
1129
+		tr->last_qid = qid;
1130
+	}
556
1131
 	trace_s390_zcrypt_rep(xcrb, func_code, rc,
557
1132
 			      AP_QID_CARD(qid), AP_QID_QUEUE(qid));
558
1133
 	return rc;
559
1134
 }
560
1135
 
1136
+long zcrypt_send_ep11_cprb(struct ep11_urb *xcrb)
1137
+{
1138
+	return _zcrypt_send_ep11_cprb(false, &ap_perms, NULL, xcrb);
1139
+}
1140
+EXPORT_SYMBOL(zcrypt_send_ep11_cprb);
1141
+
561
1142
 static long zcrypt_rng(char *buffer)
562
1143
 {
563
1144
 	struct zcrypt_card *zc, *pref_zc;
564
1145
 	struct zcrypt_queue *zq, *pref_zq;
565
-	unsigned int weight, pref_weight;
1146
+	unsigned int wgt = 0, pref_wgt = 0;
566
1147
 	unsigned int func_code;
567
1148
 	struct ap_message ap_msg;
568
1149
 	unsigned int domain;
569
1150
 	int qid = 0, rc = -ENODEV;
1151
+	struct module *mod;
570
1152
 
571
1153
 	trace_s390_zcrypt_req(buffer, TP_HWRNGCPRB);
572
1154
 
..
..
@@ -579,26 +1161,27 @@
579
1161
 	pref_zq = NULL;
580
1162
 	spin_lock(&zcrypt_list_lock);
581
1163
 	for_each_zcrypt_card(zc) {
582
-		/* Check for online CCA cards */
583
-		if (!zc->online || !(zc->card->functions & 0x10000000))
1164
+		/* Check for useable CCA card */
1165
+		if (!zc->online || !zc->card->config ||
1166
+		    !(zc->card->functions & 0x10000000))
584
1167
 			continue;
585
1168
 		/* get weight index of the card device	*/
586
-		weight = zc->speed_rating[func_code];
587
-		if (zcrypt_card_compare(zc, pref_zc, weight, pref_weight))
1169
+		wgt = zc->speed_rating[func_code];
1170
+		if (!zcrypt_card_compare(zc, pref_zc, wgt, pref_wgt))
588
1171
 			continue;
589
1172
 		for_each_zcrypt_queue(zq, zc) {
590
-			/* check if device is online and eligible */
591
-			if (!zq->online || !zq->ops->rng)
1173
+			/* check if device is useable and eligible */
1174
+			if (!zq->online || !zq->ops->rng ||
1175
+			    !zq->queue->config)
592
1176
 				continue;
593
-			if (zcrypt_queue_compare(zq, pref_zq,
594
-						 weight, pref_weight))
1177
+			if (!zcrypt_queue_compare(zq, pref_zq, wgt, pref_wgt))
595
1178
 				continue;
596
1179
 			pref_zc = zc;
597
1180
 			pref_zq = zq;
598
-			pref_weight = weight;
1181
+			pref_wgt = wgt;
599
1182
 		}
600
1183
 	}
601
-	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, weight);
1184
+	pref_zq = zcrypt_pick_queue(pref_zc, pref_zq, &mod, wgt);
602
1185
 	spin_unlock(&zcrypt_list_lock);
603
1186
 
604
1187
 	if (!pref_zq) {
..
..
@@ -610,7 +1193,7 @@
610
1193
 	rc = pref_zq->ops->rng(pref_zq, buffer, &ap_msg);
611
1194
 
612
1195
 	spin_lock(&zcrypt_list_lock);
613
-	zcrypt_drop_queue(pref_zc, pref_zq, weight);
1196
+	zcrypt_drop_queue(pref_zc, pref_zq, mod, wgt);
614
1197
 	spin_unlock(&zcrypt_list_lock);
615
1198
 
616
1199
 out:
..
..
@@ -672,6 +1255,34 @@
672
1255
 	spin_unlock(&zcrypt_list_lock);
673
1256
 }
674
1257
 EXPORT_SYMBOL(zcrypt_device_status_mask_ext);
1258
+
1259
+int zcrypt_device_status_ext(int card, int queue,
1260
+			     struct zcrypt_device_status_ext *devstat)
1261
+{
1262
+	struct zcrypt_card *zc;
1263
+	struct zcrypt_queue *zq;
1264
+
1265
+	memset(devstat, 0, sizeof(*devstat));
1266
+
1267
+	spin_lock(&zcrypt_list_lock);
1268
+	for_each_zcrypt_card(zc) {
1269
+		for_each_zcrypt_queue(zq, zc) {
1270
+			if (card == AP_QID_CARD(zq->queue->qid) &&
1271
+			    queue == AP_QID_QUEUE(zq->queue->qid)) {
1272
+				devstat->hwtype = zc->card->ap_dev.device_type;
1273
+				devstat->functions = zc->card->functions >> 26;
1274
+				devstat->qid = zq->queue->qid;
1275
+				devstat->online = zq->online ? 0x01 : 0x00;
1276
+				spin_unlock(&zcrypt_list_lock);
1277
+				return 0;
1278
+			}
1279
+		}
1280
+	}
1281
+	spin_unlock(&zcrypt_list_lock);
1282
+
1283
+	return -ENODEV;
1284
+}
1285
+EXPORT_SYMBOL(zcrypt_device_status_ext);
675
1286
 
676
1287
 static void zcrypt_status_mask(char status[], size_t max_adapters)
677
1288
 {
..
..
@@ -791,92 +1402,207 @@
791
1402
 	return requestq_count;
792
1403
 }
793
1404
 
1405
+static int icarsamodexpo_ioctl(struct ap_perms *perms, unsigned long arg)
1406
+{
1407
+	int rc;
1408
+	struct zcrypt_track tr;
1409
+	struct ica_rsa_modexpo mex;
1410
+	struct ica_rsa_modexpo __user *umex = (void __user *) arg;
1411
+
1412
+	memset(&tr, 0, sizeof(tr));
1413
+	if (copy_from_user(&mex, umex, sizeof(mex)))
1414
+		return -EFAULT;
1415
+
1416
+#ifdef CONFIG_ZCRYPT_DEBUG
1417
+	if (mex.inputdatalength & (1U << 31)) {
1418
+		if (!capable(CAP_SYS_ADMIN))
1419
+			return -EPERM;
1420
+		tr.fi.cmd = (u16)(mex.inputdatalength >> 16);
1421
+	}
1422
+	mex.inputdatalength &= 0x0000FFFF;
1423
+#endif
1424
+
1425
+	do {
1426
+		rc = zcrypt_rsa_modexpo(perms, &tr, &mex);
1427
+		if (rc == -EAGAIN)
1428
+			tr.again_counter++;
1429
+#ifdef CONFIG_ZCRYPT_DEBUG
1430
+		if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY))
1431
+			break;
1432
+#endif
1433
+	} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1434
+	/* on failure: retry once again after a requested rescan */
1435
+	if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1436
+		do {
1437
+			rc = zcrypt_rsa_modexpo(perms, &tr, &mex);
1438
+			if (rc == -EAGAIN)
1439
+				tr.again_counter++;
1440
+		} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1441
+	if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1442
+		rc = -EIO;
1443
+	if (rc) {
1444
+		ZCRYPT_DBF(DBF_DEBUG, "ioctl ICARSAMODEXPO rc=%d\n", rc);
1445
+		return rc;
1446
+	}
1447
+	return put_user(mex.outputdatalength, &umex->outputdatalength);
1448
+}
1449
+
1450
+static int icarsacrt_ioctl(struct ap_perms *perms, unsigned long arg)
1451
+{
1452
+	int rc;
1453
+	struct zcrypt_track tr;
1454
+	struct ica_rsa_modexpo_crt crt;
1455
+	struct ica_rsa_modexpo_crt __user *ucrt = (void __user *) arg;
1456
+
1457
+	memset(&tr, 0, sizeof(tr));
1458
+	if (copy_from_user(&crt, ucrt, sizeof(crt)))
1459
+		return -EFAULT;
1460
+
1461
+#ifdef CONFIG_ZCRYPT_DEBUG
1462
+	if (crt.inputdatalength & (1U << 31)) {
1463
+		if (!capable(CAP_SYS_ADMIN))
1464
+			return -EPERM;
1465
+		tr.fi.cmd = (u16)(crt.inputdatalength >> 16);
1466
+	}
1467
+	crt.inputdatalength &= 0x0000FFFF;
1468
+#endif
1469
+
1470
+	do {
1471
+		rc = zcrypt_rsa_crt(perms, &tr, &crt);
1472
+		if (rc == -EAGAIN)
1473
+			tr.again_counter++;
1474
+#ifdef CONFIG_ZCRYPT_DEBUG
1475
+		if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY))
1476
+			break;
1477
+#endif
1478
+	} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1479
+	/* on failure: retry once again after a requested rescan */
1480
+	if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1481
+		do {
1482
+			rc = zcrypt_rsa_crt(perms, &tr, &crt);
1483
+			if (rc == -EAGAIN)
1484
+				tr.again_counter++;
1485
+		} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1486
+	if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1487
+		rc = -EIO;
1488
+	if (rc) {
1489
+		ZCRYPT_DBF(DBF_DEBUG, "ioctl ICARSACRT rc=%d\n", rc);
1490
+		return rc;
1491
+	}
1492
+	return put_user(crt.outputdatalength, &ucrt->outputdatalength);
1493
+}
1494
+
1495
+static int zsecsendcprb_ioctl(struct ap_perms *perms, unsigned long arg)
1496
+{
1497
+	int rc;
1498
+	struct ica_xcRB xcRB;
1499
+	struct zcrypt_track tr;
1500
+	struct ica_xcRB __user *uxcRB = (void __user *) arg;
1501
+
1502
+	memset(&tr, 0, sizeof(tr));
1503
+	if (copy_from_user(&xcRB, uxcRB, sizeof(xcRB)))
1504
+		return -EFAULT;
1505
+
1506
+#ifdef CONFIG_ZCRYPT_DEBUG
1507
+	if (xcRB.status & (1U << 31)) {
1508
+		if (!capable(CAP_SYS_ADMIN))
1509
+			return -EPERM;
1510
+		tr.fi.cmd = (u16)(xcRB.status >> 16);
1511
+	}
1512
+	xcRB.status &= 0x0000FFFF;
1513
+#endif
1514
+
1515
+	do {
1516
+		rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB);
1517
+		if (rc == -EAGAIN)
1518
+			tr.again_counter++;
1519
+#ifdef CONFIG_ZCRYPT_DEBUG
1520
+		if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY))
1521
+			break;
1522
+#endif
1523
+	} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1524
+	/* on failure: retry once again after a requested rescan */
1525
+	if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1526
+		do {
1527
+			rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB);
1528
+			if (rc == -EAGAIN)
1529
+				tr.again_counter++;
1530
+		} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1531
+	if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1532
+		rc = -EIO;
1533
+	if (rc)
1534
+		ZCRYPT_DBF(DBF_DEBUG, "ioctl ZSENDCPRB rc=%d status=0x%x\n",
1535
+			   rc, xcRB.status);
1536
+	if (copy_to_user(uxcRB, &xcRB, sizeof(xcRB)))
1537
+		return -EFAULT;
1538
+	return rc;
1539
+}
1540
+
1541
+static int zsendep11cprb_ioctl(struct ap_perms *perms, unsigned long arg)
1542
+{
1543
+	int rc;
1544
+	struct ep11_urb xcrb;
1545
+	struct zcrypt_track tr;
1546
+	struct ep11_urb __user *uxcrb = (void __user *)arg;
1547
+
1548
+	memset(&tr, 0, sizeof(tr));
1549
+	if (copy_from_user(&xcrb, uxcrb, sizeof(xcrb)))
1550
+		return -EFAULT;
1551
+
1552
+#ifdef CONFIG_ZCRYPT_DEBUG
1553
+	if (xcrb.req_len & (1ULL << 63)) {
1554
+		if (!capable(CAP_SYS_ADMIN))
1555
+			return -EPERM;
1556
+		tr.fi.cmd = (u16)(xcrb.req_len >> 48);
1557
+	}
1558
+	xcrb.req_len &= 0x0000FFFFFFFFFFFFULL;
1559
+#endif
1560
+
1561
+	do {
1562
+		rc = _zcrypt_send_ep11_cprb(true, perms, &tr, &xcrb);
1563
+		if (rc == -EAGAIN)
1564
+			tr.again_counter++;
1565
+#ifdef CONFIG_ZCRYPT_DEBUG
1566
+		if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY))
1567
+			break;
1568
+#endif
1569
+	} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1570
+	/* on failure: retry once again after a requested rescan */
1571
+	if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1572
+		do {
1573
+			rc = _zcrypt_send_ep11_cprb(true, perms, &tr, &xcrb);
1574
+			if (rc == -EAGAIN)
1575
+				tr.again_counter++;
1576
+		} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1577
+	if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1578
+		rc = -EIO;
1579
+	if (rc)
1580
+		ZCRYPT_DBF(DBF_DEBUG, "ioctl ZSENDEP11CPRB rc=%d\n", rc);
1581
+	if (copy_to_user(uxcrb, &xcrb, sizeof(xcrb)))
1582
+		return -EFAULT;
1583
+	return rc;
1584
+}
1585
+
794
1586
 static long zcrypt_unlocked_ioctl(struct file *filp, unsigned int cmd,
795
1587
 				  unsigned long arg)
796
1588
 {
797
-	int rc = 0;
1589
+	int rc;
1590
+	struct ap_perms *perms =
1591
+		(struct ap_perms *) filp->private_data;
1592
+
1593
+	rc = zcrypt_check_ioctl(perms, cmd);
1594
+	if (rc)
1595
+		return rc;
798
1596
 
799
1597
 	switch (cmd) {
800
-	case ICARSAMODEXPO: {
801
-		struct ica_rsa_modexpo __user *umex = (void __user *) arg;
802
-		struct ica_rsa_modexpo mex;
803
-
804
-		if (copy_from_user(&mex, umex, sizeof(mex)))
805
-			return -EFAULT;
806
-		do {
807
-			rc = zcrypt_rsa_modexpo(&mex);
808
-		} while (rc == -EAGAIN);
809
-		/* on failure: retry once again after a requested rescan */
810
-		if ((rc == -ENODEV) && (zcrypt_process_rescan()))
811
-			do {
812
-				rc = zcrypt_rsa_modexpo(&mex);
813
-			} while (rc == -EAGAIN);
814
-		if (rc) {
815
-			ZCRYPT_DBF(DBF_DEBUG, "ioctl ICARSAMODEXPO rc=%d\n", rc);
816
-			return rc;
817
-		}
818
-		return put_user(mex.outputdatalength, &umex->outputdatalength);
819
-	}
820
-	case ICARSACRT: {
821
-		struct ica_rsa_modexpo_crt __user *ucrt = (void __user *) arg;
822
-		struct ica_rsa_modexpo_crt crt;
823
-
824
-		if (copy_from_user(&crt, ucrt, sizeof(crt)))
825
-			return -EFAULT;
826
-		do {
827
-			rc = zcrypt_rsa_crt(&crt);
828
-		} while (rc == -EAGAIN);
829
-		/* on failure: retry once again after a requested rescan */
830
-		if ((rc == -ENODEV) && (zcrypt_process_rescan()))
831
-			do {
832
-				rc = zcrypt_rsa_crt(&crt);
833
-			} while (rc == -EAGAIN);
834
-		if (rc) {
835
-			ZCRYPT_DBF(DBF_DEBUG, "ioctl ICARSACRT rc=%d\n", rc);
836
-			return rc;
837
-		}
838
-		return put_user(crt.outputdatalength, &ucrt->outputdatalength);
839
-	}
840
-	case ZSECSENDCPRB: {
841
-		struct ica_xcRB __user *uxcRB = (void __user *) arg;
842
-		struct ica_xcRB xcRB;
843
-
844
-		if (copy_from_user(&xcRB, uxcRB, sizeof(xcRB)))
845
-			return -EFAULT;
846
-		do {
847
-			rc = zcrypt_send_cprb(&xcRB);
848
-		} while (rc == -EAGAIN);
849
-		/* on failure: retry once again after a requested rescan */
850
-		if ((rc == -ENODEV) && (zcrypt_process_rescan()))
851
-			do {
852
-				rc = zcrypt_send_cprb(&xcRB);
853
-			} while (rc == -EAGAIN);
854
-		if (rc)
855
-			ZCRYPT_DBF(DBF_DEBUG, "ioctl ZSENDCPRB rc=%d\n", rc);
856
-		if (copy_to_user(uxcRB, &xcRB, sizeof(xcRB)))
857
-			return -EFAULT;
858
-		return rc;
859
-	}
860
-	case ZSENDEP11CPRB: {
861
-		struct ep11_urb __user *uxcrb = (void __user *)arg;
862
-		struct ep11_urb xcrb;
863
-
864
-		if (copy_from_user(&xcrb, uxcrb, sizeof(xcrb)))
865
-			return -EFAULT;
866
-		do {
867
-			rc = zcrypt_send_ep11_cprb(&xcrb);
868
-		} while (rc == -EAGAIN);
869
-		/* on failure: retry once again after a requested rescan */
870
-		if ((rc == -ENODEV) && (zcrypt_process_rescan()))
871
-			do {
872
-				rc = zcrypt_send_ep11_cprb(&xcrb);
873
-			} while (rc == -EAGAIN);
874
-		if (rc)
875
-			ZCRYPT_DBF(DBF_DEBUG, "ioctl ZSENDEP11CPRB rc=%d\n", rc);
876
-		if (copy_to_user(uxcrb, &xcrb, sizeof(xcrb)))
877
-			return -EFAULT;
878
-		return rc;
879
-	}
1598
+	case ICARSAMODEXPO:
1599
+		return icarsamodexpo_ioctl(perms, arg);
1600
+	case ICARSACRT:
1601
+		return icarsacrt_ioctl(perms, arg);
1602
+	case ZSECSENDCPRB:
1603
+		return zsecsendcprb_ioctl(perms, arg);
1604
+	case ZSENDEP11CPRB:
1605
+		return zsendep11cprb_ioctl(perms, arg);
880
1606
 	case ZCRYPT_DEVICE_STATUS: {
881
1607
 		struct zcrypt_device_status_ext *device_status;
882
1608
 		size_t total_size = MAX_ZDEV_ENTRIES_EXT
..
..
@@ -996,14 +1722,16 @@
996
1722
 	compat_uptr_t	n_modulus;
997
1723
 };
998
1724
 
999
-static long trans_modexpo32(struct file *filp, unsigned int cmd,
1000
-			    unsigned long arg)
1725
+static long trans_modexpo32(struct ap_perms *perms, struct file *filp,
1726
+			    unsigned int cmd, unsigned long arg)
1001
1727
 {
1002
1728
 	struct compat_ica_rsa_modexpo __user *umex32 = compat_ptr(arg);
1003
1729
 	struct compat_ica_rsa_modexpo mex32;
1004
1730
 	struct ica_rsa_modexpo mex64;
1731
+	struct zcrypt_track tr;
1005
1732
 	long rc;
1006
1733
 
1734
+	memset(&tr, 0, sizeof(tr));
1007
1735
 	if (copy_from_user(&mex32, umex32, sizeof(mex32)))
1008
1736
 		return -EFAULT;
1009
1737
 	mex64.inputdata = compat_ptr(mex32.inputdata);
..
..
@@ -1013,13 +1741,19 @@
1013
1741
 	mex64.b_key = compat_ptr(mex32.b_key);
1014
1742
 	mex64.n_modulus = compat_ptr(mex32.n_modulus);
1015
1743
 	do {
1016
-		rc = zcrypt_rsa_modexpo(&mex64);
1017
-	} while (rc == -EAGAIN);
1744
+		rc = zcrypt_rsa_modexpo(perms, &tr, &mex64);
1745
+		if (rc == -EAGAIN)
1746
+			tr.again_counter++;
1747
+	} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1018
1748
 	/* on failure: retry once again after a requested rescan */
1019
1749
 	if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1020
1750
 		do {
1021
-			rc = zcrypt_rsa_modexpo(&mex64);
1022
-		} while (rc == -EAGAIN);
1751
+			rc = zcrypt_rsa_modexpo(perms, &tr, &mex64);
1752
+			if (rc == -EAGAIN)
1753
+				tr.again_counter++;
1754
+		} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1755
+	if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1756
+		rc = -EIO;
1023
1757
 	if (rc)
1024
1758
 		return rc;
1025
1759
 	return put_user(mex64.outputdatalength,
..
..
@@ -1038,14 +1772,16 @@
1038
1772
 	compat_uptr_t	u_mult_inv;
1039
1773
 };
1040
1774
 
1041
-static long trans_modexpo_crt32(struct file *filp, unsigned int cmd,
1042
-				unsigned long arg)
1775
+static long trans_modexpo_crt32(struct ap_perms *perms, struct file *filp,
1776
+				unsigned int cmd, unsigned long arg)
1043
1777
 {
1044
1778
 	struct compat_ica_rsa_modexpo_crt __user *ucrt32 = compat_ptr(arg);
1045
1779
 	struct compat_ica_rsa_modexpo_crt crt32;
1046
1780
 	struct ica_rsa_modexpo_crt crt64;
1781
+	struct zcrypt_track tr;
1047
1782
 	long rc;
1048
1783
 
1784
+	memset(&tr, 0, sizeof(tr));
1049
1785
 	if (copy_from_user(&crt32, ucrt32, sizeof(crt32)))
1050
1786
 		return -EFAULT;
1051
1787
 	crt64.inputdata = compat_ptr(crt32.inputdata);
..
..
@@ -1058,13 +1794,19 @@
1058
1794
 	crt64.nq_prime = compat_ptr(crt32.nq_prime);
1059
1795
 	crt64.u_mult_inv = compat_ptr(crt32.u_mult_inv);
1060
1796
 	do {
1061
-		rc = zcrypt_rsa_crt(&crt64);
1062
-	} while (rc == -EAGAIN);
1797
+		rc = zcrypt_rsa_crt(perms, &tr, &crt64);
1798
+		if (rc == -EAGAIN)
1799
+			tr.again_counter++;
1800
+	} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1063
1801
 	/* on failure: retry once again after a requested rescan */
1064
1802
 	if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1065
1803
 		do {
1066
-			rc = zcrypt_rsa_crt(&crt64);
1067
-		} while (rc == -EAGAIN);
1804
+			rc = zcrypt_rsa_crt(perms, &tr, &crt64);
1805
+			if (rc == -EAGAIN)
1806
+				tr.again_counter++;
1807
+		} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1808
+	if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1809
+		rc = -EIO;
1068
1810
 	if (rc)
1069
1811
 		return rc;
1070
1812
 	return put_user(crt64.outputdatalength,
..
..
@@ -1091,14 +1833,16 @@
1091
1833
 	unsigned int	status;
1092
1834
 } __packed;
1093
1835
 
1094
-static long trans_xcRB32(struct file *filp, unsigned int cmd,
1095
-			 unsigned long arg)
1836
+static long trans_xcRB32(struct ap_perms *perms, struct file *filp,
1837
+			 unsigned int cmd, unsigned long arg)
1096
1838
 {
1097
1839
 	struct compat_ica_xcRB __user *uxcRB32 = compat_ptr(arg);
1098
1840
 	struct compat_ica_xcRB xcRB32;
1841
+	struct zcrypt_track tr;
1099
1842
 	struct ica_xcRB xcRB64;
1100
1843
 	long rc;
1101
1844
 
1845
+	memset(&tr, 0, sizeof(tr));
1102
1846
 	if (copy_from_user(&xcRB32, uxcRB32, sizeof(xcRB32)))
1103
1847
 		return -EFAULT;
1104
1848
 	xcRB64.agent_ID = xcRB32.agent_ID;
..
..
@@ -1122,13 +1866,19 @@
1122
1866
 	xcRB64.priority_window = xcRB32.priority_window;
1123
1867
 	xcRB64.status = xcRB32.status;
1124
1868
 	do {
1125
-		rc = zcrypt_send_cprb(&xcRB64);
1126
-	} while (rc == -EAGAIN);
1869
+		rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB64);
1870
+		if (rc == -EAGAIN)
1871
+			tr.again_counter++;
1872
+	} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1127
1873
 	/* on failure: retry once again after a requested rescan */
1128
1874
 	if ((rc == -ENODEV) && (zcrypt_process_rescan()))
1129
1875
 		do {
1130
-			rc = zcrypt_send_cprb(&xcRB64);
1131
-		} while (rc == -EAGAIN);
1876
+			rc = _zcrypt_send_cprb(true, perms, &tr, &xcRB64);
1877
+			if (rc == -EAGAIN)
1878
+				tr.again_counter++;
1879
+		} while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX);
1880
+	if (rc == -EAGAIN && tr.again_counter >= TRACK_AGAIN_MAX)
1881
+		rc = -EIO;
1132
1882
 	xcRB32.reply_control_blk_length = xcRB64.reply_control_blk_length;
1133
1883
 	xcRB32.reply_data_length = xcRB64.reply_data_length;
1134
1884
 	xcRB32.status = xcRB64.status;
..
..
@@ -1140,12 +1890,20 @@
1140
1890
 static long zcrypt_compat_ioctl(struct file *filp, unsigned int cmd,
1141
1891
 			 unsigned long arg)
1142
1892
 {
1893
+	int rc;
1894
+	struct ap_perms *perms =
1895
+		(struct ap_perms *) filp->private_data;
1896
+
1897
+	rc = zcrypt_check_ioctl(perms, cmd);
1898
+	if (rc)
1899
+		return rc;
1900
+
1143
1901
 	if (cmd == ICARSAMODEXPO)
1144
-		return trans_modexpo32(filp, cmd, arg);
1902
+		return trans_modexpo32(perms, filp, cmd, arg);
1145
1903
 	if (cmd == ICARSACRT)
1146
-		return trans_modexpo_crt32(filp, cmd, arg);
1904
+		return trans_modexpo_crt32(perms, filp, cmd, arg);
1147
1905
 	if (cmd == ZSECSENDCPRB)
1148
-		return trans_xcRB32(filp, cmd, arg);
1906
+		return trans_xcRB32(perms, filp, cmd, arg);
1149
1907
 	return zcrypt_unlocked_ioctl(filp, cmd, arg);
1150
1908
 }
1151
1909
 #endif
..
..
@@ -1263,6 +2021,67 @@
1263
2021
 	debug_unregister(zcrypt_dbf_info);
1264
2022
 }
1265
2023
 
2024
+#ifdef CONFIG_ZCRYPT_MULTIDEVNODES
2025
+
2026
+static int __init zcdn_init(void)
2027
+{
2028
+	int rc;
2029
+
2030
+	/* create a new class 'zcrypt' */
2031
+	zcrypt_class = class_create(THIS_MODULE, ZCRYPT_NAME);
2032
+	if (IS_ERR(zcrypt_class)) {
2033
+		rc = PTR_ERR(zcrypt_class);
2034
+		goto out_class_create_failed;
2035
+	}
2036
+	zcrypt_class->dev_release = zcdn_device_release;
2037
+
2038
+	/* alloc device minor range */
2039
+	rc = alloc_chrdev_region(&zcrypt_devt,
2040
+				 0, ZCRYPT_MAX_MINOR_NODES,
2041
+				 ZCRYPT_NAME);
2042
+	if (rc)
2043
+		goto out_alloc_chrdev_failed;
2044
+
2045
+	cdev_init(&zcrypt_cdev, &zcrypt_fops);
2046
+	zcrypt_cdev.owner = THIS_MODULE;
2047
+	rc = cdev_add(&zcrypt_cdev, zcrypt_devt, ZCRYPT_MAX_MINOR_NODES);
2048
+	if (rc)
2049
+		goto out_cdev_add_failed;
2050
+
2051
+	/* need some class specific sysfs attributes */
2052
+	rc = class_create_file(zcrypt_class, &class_attr_zcdn_create);
2053
+	if (rc)
2054
+		goto out_class_create_file_1_failed;
2055
+	rc = class_create_file(zcrypt_class, &class_attr_zcdn_destroy);
2056
+	if (rc)
2057
+		goto out_class_create_file_2_failed;
2058
+
2059
+	return 0;
2060
+
2061
+out_class_create_file_2_failed:
2062
+	class_remove_file(zcrypt_class, &class_attr_zcdn_create);
2063
+out_class_create_file_1_failed:
2064
+	cdev_del(&zcrypt_cdev);
2065
+out_cdev_add_failed:
2066
+	unregister_chrdev_region(zcrypt_devt, ZCRYPT_MAX_MINOR_NODES);
2067
+out_alloc_chrdev_failed:
2068
+	class_destroy(zcrypt_class);
2069
+out_class_create_failed:
2070
+	return rc;
2071
+}
2072
+
2073
+static void zcdn_exit(void)
2074
+{
2075
+	class_remove_file(zcrypt_class, &class_attr_zcdn_create);
2076
+	class_remove_file(zcrypt_class, &class_attr_zcdn_destroy);
2077
+	zcdn_destroy_all();
2078
+	cdev_del(&zcrypt_cdev);
2079
+	unregister_chrdev_region(zcrypt_devt, ZCRYPT_MAX_MINOR_NODES);
2080
+	class_destroy(zcrypt_class);
2081
+}
2082
+
2083
+#endif
2084
+
1266
2085
 /**
1267
2086
  * zcrypt_api_init(): Module initialization.
1268
2087
  *
..
..
@@ -1276,15 +2095,27 @@
1276
2095
 	if (rc)
1277
2096
 		goto out;
1278
2097
 
2098
+#ifdef CONFIG_ZCRYPT_MULTIDEVNODES
2099
+	rc = zcdn_init();
2100
+	if (rc)
2101
+		goto out;
2102
+#endif
2103
+
1279
2104
 	/* Register the request sprayer. */
1280
2105
 	rc = misc_register(&zcrypt_misc_device);
1281
2106
 	if (rc < 0)
1282
-		goto out;
2107
+		goto out_misc_register_failed;
1283
2108
 
1284
2109
 	zcrypt_msgtype6_init();
1285
2110
 	zcrypt_msgtype50_init();
2111
+
1286
2112
 	return 0;
1287
2113
 
2114
+out_misc_register_failed:
2115
+#ifdef CONFIG_ZCRYPT_MULTIDEVNODES
2116
+	zcdn_exit();
2117
+#endif
2118
+	zcrypt_debug_exit();
1288
2119
 out:
1289
2120
 	return rc;
1290
2121
 }
..
..
@@ -1296,9 +2127,14 @@
1296
2127
  */
1297
2128
 void __exit zcrypt_api_exit(void)
1298
2129
 {
2130
+#ifdef CONFIG_ZCRYPT_MULTIDEVNODES
2131
+	zcdn_exit();
2132
+#endif
1299
2133
 	misc_deregister(&zcrypt_misc_device);
1300
2134
 	zcrypt_msgtype6_exit();
1301
2135
 	zcrypt_msgtype50_exit();
2136
+	zcrypt_ccamisc_exit();
2137
+	zcrypt_ep11misc_exit();
1302
2138
 	zcrypt_debug_exit();
1303
2139
 }
1304
2140