summaryrefslogtreecommitdiff
path: root/drivers/s390/crypto
AgeCommit message (Collapse)Author
2015-07-01s390/zcrypt: enable s390 hwrng to seed kernel entropyIngo Tuchscherer
Set the 'quality' property in the zcrypt rng device structure to enable the zcrypt hwrng device to take part in the kernel entropy seeding process. A module parameter named hwrng_seed will be introduced to disable the participation. By default this parameter is set to 1 (enabled). Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@de.ibm.com> Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2015-06-25s390/zcrypt: Fixed reset and interrupt handling of AP queuesIngo Tuchscherer
In case of request timeouts an AP queue reset will be triggered to recover and reinitialize the AP queue. The previous behavior was an immediate reset execution regardless of current/pending requests. Due to newly changed firmware behavior the reset may be delayed, based on the priority of pending request. The device driver's waiting time frame was limited, hence it did not received the reset response. As a consequence interrupts would not be enabled afterwards. The RAPQ (queue reset) and AQIC (interrupt control) commands will be treated fully asynchronous now. The device driver will check the reset and interrupt states periodically, thus it can handle the reinitialization properly. Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2015-06-18s390/zcrypt: remove obsolete __constantVaishali Thakkar
__constant_cpu_to_le16 converted to cpu_to_le16 Signed-off-by: Vaishali Thakkar <vthakkar1994@gmail.com> Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2015-05-13s390/zcrypt: Fix invalid domain handling during ap module unloadIngo Tuchscherer
Added domain checking to prevent reset failures caused by invalid domains. Corrected removal sequence of bus attributes and device. Reviewed-by: Harald Freudenberger <freude@linux.vnet.ibm.com> Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2015-04-30s390/zcrypt: fixed ap poll timer behaviorIngo Tuchscherer
The ap poll timer restart condition was wrong. Hence the poll timer was not restarted reliable when setting a new time interval via the poll_timeout sysfs attribute. Added missing timer locking. Reported-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2015-03-25s390: remove test_facility(2) (== z/Architecture mode active) checksHeiko Carstens
Given that the kernel now always runs in 64 bit mode, it is pointless to check if the z/Architecture mode is active. Remove the checks. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2015-03-25s390: remove 31 bit supportHeiko Carstens
Remove the 31 bit support in order to reduce maintenance cost and effectively remove dead code. Since a couple of years there is no distribution left that comes with a 31 bit kernel. The 31 bit kernel also has been broken since more than a year before anybody noticed. In addition I added a removal warning to the kernel shown at ipl for 5 minutes: a960062e5826 ("s390: add 31 bit warning message") which let everybody know about the plan to remove 31 bit code. We didn't get any response. Given that the last 31 bit only machine was introduced in 1999 let's remove the code. Anybody with 31 bit user space code can still use the compat mode. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2015-02-04s390/zcrypt: fixed domain scanning problem (again)Ingo Tuchscherer
Older machines with more then 16 domains need a special check before PQAP instructions can be processed. With commit 5bc334bff9a6e189 this check was reverted by accident. This patch re-establishes the additional code needed for checking the extended domains for older machines. Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2015-01-23s390/zcrypt: Add support for new crypto express (CEX5S) adapter.Ingo Tuchscherer
Extends the generic cryptographic device driver (zcrypt) to support the Crypto Express 5S adapter. Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2015-01-23s390/zcrypt: Number of supported ap domains is not retrievable.Ingo Tuchscherer
Upcoming versions of secure key management facilities (CCA and EP11) require information about the maximum number of supported ap domains in order to service TKE requests properly. With IBM z13 the number of available domains (so far 16) has increased up to 85. This number varies depending on machine types and models. Therefore the new sysfs attribute 'ap_max_domain_id' provides this limit of supported ap domains. Upcoming releases for CCA and EP11 will use this new information. Without this problem fix it is not possible to retrieve reliable information about the maximum number of supported ap domains. Thus, customers are not able to perform key management for CCA and EP11 coprocessor adapters. Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@de.ibm.com> Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2014-12-18s390/zcrypt: kernel oops at insmod of the z90crypt device driverHarald Freudenberger
Kernel oops caused by invalid parameter at TAPQ instruction: On older systems where the QCI instruction is not available all possible domains are probed via TAPQ instruction. The range for the probe has been extended with the > 16 domain support now leading to a possible specification exception when this instruction is called for probing higher values within the new range. This may happen during insmod and/or ap bus reset only on machines without a QCI instruction (z10, z196, z114), zEC12 and newer systems are not affected. The fix modifies the domain checking function to limit the allowed range if no QCI info is available. Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2014-11-24crypto: prefix module autoloading with "crypto-"Kees Cook
This prefixes all crypto module loading with "crypto-" so we never run the risk of exposing module auto-loading to userspace via a crypto API, as demonstrated by Mathias Krause: https://lkml.org/lkml/2013/3/4/70 Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-10-09s390/zcrypt: Toleration of new crypto hardwareIngo Tuchscherer
The zcrypt device driver will accept the new crypto adapter in toleration mode. A new sysfs attribute 'raw_hwtype' will expose the raw hardware type. Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@de.ibm.com> Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
2014-09-25s390/zcrypt: Fixed possible race condition in zcrypt module handlingIngo Tuchscherer
Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2014-09-25s390/zcrypt: support for extended number of ap domainsIngo Tuchscherer
Extends the number of ap domains within the zcrypt device driver up to 256. AP domains in the range 00..255 will be detected. Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2014-07-16s390/zcrypt: improve device probing for zcrypt adapter cardsIngo Tuchscherer
Improve device probing process for zcrypt adapters to transmit service request during registration process. Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2014-06-11s390: avoid format strings leaking into namesKees Cook
This makes sure format strings can't accidentally leak into kernel interface names. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2014-06-10s390/ap_bus: Make modules parameters visible in sysfsMichael Veigel
Change the visibility of the module parameters ap_domain_index and ap_thread_flag for the owner and the members of the owners group in sysfs. Previously the parameters where invisible due to a value of zero as permissions parameter in the module_param_named macro. Signed-off-by: Michael Veigel <veigel@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2014-05-07Merge branch 'sched/urgent' into sched/core, to avoid conflictsIngo Molnar
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2014-04-18sched, treewide: Replace hardcoded nice values with MIN_NICE/MAX_NICEDongsheng Yang
Replace various -20/+19 hardcoded nice values with MIN_NICE/MAX_NICE. Signed-off-by: Dongsheng Yang <yangds.fnst@cn.fujitsu.com> Acked-by: Tejun Heo <tj@kernel.org> Signed-off-by: Peter Zijlstra <peterz@infradead.org> Link: http://lkml.kernel.org/r/ff13819fd09b7a5dba5ab5ae797f2e7019bdfa17.1394532288.git.yangds.fnst@cn.fujitsu.com Cc: devel@driverdev.osuosl.org Cc: devicetree@vger.kernel.org Cc: fcoe-devel@open-fcoe.org Cc: linux390@de.ibm.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org Cc: linux-s390@vger.kernel.org Cc: linux-scsi@vger.kernel.org Cc: nbd-general@lists.sourceforge.net Cc: ocfs2-devel@oss.oracle.com Cc: openipmi-developer@lists.sourceforge.net Cc: qla2xxx-upstream@qlogic.com Cc: linux-arch@vger.kernel.org [ Consolidated the patches, twiddled the changelog. ] Signed-off-by: Ingo Molnar <mingo@kernel.org>
2014-04-01s390/zcrypt: add length check for aligned data to avoid overflow in msg-type 6Ingo Tuchscherer
Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2014-02-12s390/zcrypt: additional check to avoid overflow in msg-type 6 requestsIngo Tuchscherer
Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2014-01-16s390: Fix misspellings using 'codespell' toolHendrik Brueckner
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2013-12-18s390/zcrypt: add support for EP11 coprocessor cardsIngo Tuchscherer
This feature extends the generic cryptographic device driver (zcrypt) with a new capability to service EP11 requests for the Crypto Express4S card in EP11 (Enterprise PKCS#11 mode) coprocessor mode. Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2013-10-24s390/s390dbf: use debug_level_enabled() where applicableHendrik Brueckner
Refactor direct debug level comparisons with the (internal) s390db->level member. Use the debug_level_enabled() function instead. Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2013-09-07s390/ap_bus: use and-mask instead of a castHeiko Carstens
Let's get rid of another sparse false positive: drivers/s390/crypto/ap_bus.c:416:64: warning: cast truncates bits from constant value (102030405060708 becomes 5060708) So instead of using a cast let's use an and-mask. That way sparse remains silent and one doesn't always have to check if this is a valid warning/bug or just a false positive. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2013-07-19s390/zcrypt: Alias for new zcrypt device driver base moduleIngo Tuchscherer
The zcrypt device driver has been split into base/bus module, api-module, card modules and message type modules. The base module has been renamed from z90crypt to ap. A module alias (with the well-known z90crypt identifier) will be introduced that enable users to use their existing way to load the zcrypt device driver. Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2013-06-26s390/airq: simplify adapter interrupt codeMartin Schwidefsky
There are three users of adapter interrupts: AP, QDIO and PCI. Each registers a single adapter interrupt with independent ISCs. Define a "struct airq" with the interrupt handler, a pointer and a mask for the local summary indicator and the ISC for the adapter interrupt source. Convert the indicator array with its fixed number of adapter interrupt sources per ISE to an array of hlists. This removes the limitation to 32 adapter interrupts per ISC and allows for arbitrary memory locations for the local summary indicator. Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2013-06-26s390/ap_bus: Cocci spatch "ptr_ret.spatch"Thomas Meyer
Signed-off-by: Thomas Meyer <thomas@m3y3r.de> Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2013-05-02s390/zcrypt: ap bus rescan problem when toggle crypto adapters on/offIngo Tuchscherer
The bus rescan process was called simultaneously on every device failure. This finally leads into race conditions (double device add/remove actions). This patch protects the rescan area by mutual exclusion and improves ap_config_timer handling Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2013-01-08s390/irq: remove split irq fields from /proc/statHeiko Carstens
Now that irq sum accounting for /proc/stat's "intr" line works again we have the oddity that the sum field (first field) contains only the sum of the second (external irqs) and third field (I/O interrupts). The reason for that is that these two fields are already sums of all other fields. So if we would sum up everything we would count every interrupt twice. This is broken since the split interrupt accounting was merged two years ago: 052ff461c8427629aee887ccc27478fc7373237c "[S390] irq: have detailed statistics for interrupt types". To fix this remove the split interrupt fields from /proc/stat's "intr" line again and only have them in /proc/interrupts. This restores the old behaviour, seems to be the only sane fix and mimics a behaviour from other architectures where /proc/interrupts also contains more than /proc/stat's "intr" line does. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2012-11-23s390/zcrypt: msgType50 (RSA-CRT) fixIngo Tuchscherer
The message request handling (type50 - clear key) for RSA operations (in CRT format) are now handled correctly with respect to the crb format container. Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2012-10-09s390/zcrypt: remove duplicated include from zcrypt_pcixcc.cWei Yongjun
Remove duplicated include. dpatch engine is used to auto generate this patch. (https://github.com/weiyj/dpatch) Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2012-09-26s390/ap_bus: add missing ifdefHeiko Carstens
Get rid of this compile warning for CONFIG_32BIT: drivers/s390/crypto/ap_bus.c:168:12: warning: ‘ap_configuration_available’ defined but not used [-Wunused-function] Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2012-09-26s390/zcryt: Handle AP configuration changesHolger Dengler
Detect external AP bus configuration changes and request an AP device rescan. Signed-off-by: Holger Dengler <hd@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2012-09-26s390/zcrypt: Add support for CEX4 crypto cardHolger Dengler
New zcrypt module supports IBM CryptoExpress 4 cards. Signed-off-by: Holger Dengler <hd@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2012-09-26s390/zcrypt: Separate msgtype implementation from card modules.Holger Dengler
Msgtype implementations are now separated from card specific modules and can be dynamically registered. Existing msgtype implementations are restructured in modules. Signed-off-by: Holger Dengler <hd@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2012-09-26s390/ap: Add functiton facility information as AP device attribute.Holger Dengler
Add the function facility information as new ap_device and sysfs attribute. Also make the number of requests in device queue and in device driver queue accessible in sysfs. Reviewed-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com> Signed-off-by: Holger Dengler <hd@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2012-09-26s390/ap: configuration information exploitationHolger Dengler
Query AP configuration information. Improve performance of AP bus scans by skipping AP device probing, if the AP deviec is not configured. Reviewed-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com> Signed-off-by: Holger Dengler <hd@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2012-07-20s390/comments: unify copyright messages and remove file namesHeiko Carstens
Remove the file name from the comment at top of many files. In most cases the file name was wrong anyway, so it's rather pointless. Also unify the IBM copyright statement. We did have a lot of sightly different statements and wanted to change them one after another whenever a file gets touched. However that never happened. Instead people start to take the old/"wrong" statements to use as a template for new files. So unify all of them in one go. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2012-07-16s390/ap: resend enable adapter interrupt request.Holger Dengler
The adapter interrupt for an APQN must be re-enabled after a reset. This patch sends the interrupt enablement request again, if the APQN is busy or the reset is still in progress. Signed-off-by: Holger Dengler <hd@linux.vnet.ibm.com> Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2012-05-16s390/ap: Fix wrong or missing commentsHolger Dengler
Fix wrong or missing comments of ap inline assemblies. Signed-off-by: Holger Dengler <hd@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2012-05-16s390/ap: move receive callback to message structHolger Dengler
Move the receive callback from zdev_driver to ap_message structure to get a more flexible asynchronous ap message handling. Signed-off-by: Holger Dengler <hd@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2012-03-28Remove all #inclusions of asm/system.hDavid Howells
Remove all #inclusions of asm/system.h preparatory to splitting and killing it. Performed with the following command: perl -p -i -e 's!^#\s*include\s*<asm/system[.]h>.*\n!!' `grep -Irl '^#\s*include\s*<asm/system[.]h>' *` Signed-off-by: David Howells <dhowells@redhat.com>
2012-03-28Disintegrate asm/system.h for S390David Howells
Disintegrate asm/system.h for S390. Signed-off-by: David Howells <dhowells@redhat.com> cc: linux-s390@vger.kernel.org
2012-03-11[S390] Remove monolithic build option for zcrypt driver.Holger Dengler
Remove the option to build a single module z90crypt that contains ap bus, request router and card drivers. Signed-off-by: Holger Dengler <hd@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2011-12-27[S390] zcrypt: Fix error return codes.Holger Dengler
Return EINVAL instead of EFAULT for invalid input parameter. Signed-off-by: Holger Dengler <hd@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2011-12-27[S390] zcrypt: Rework length parameter checking.Holger Dengler
Fix length checking of the expected reply and remove re-adjustment of expected control block length. Signed-off-by: Holger Dengler <hd@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2011-12-01[S390] ap: Setup timer for sending messages after reset.Holger Dengler
Setup timer for processing messages in request queue after a successful AP bus device reset. Signed-off-by: Holger Dengler <hd@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2011-11-14[S390] ap: Setup processing for messages in request queue.Holger Dengler
Setup timer for processing messages in request queue, if sending an AP message returns with reason code AP_RESPONSE_RESET_IN_PROGRESS. Signed-off-by: Holger Dengler <hd@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>