2017-11-14 17:38:01 +00:00
|
|
|
// SPDX-License-Identifier: GPL-2.0+
|
2006-09-20 13:58:25 +00:00
|
|
|
/*
|
2021-05-11 13:01:18 +00:00
|
|
|
* Copyright IBM Corp. 2006, 2021
|
2006-09-20 13:58:25 +00:00
|
|
|
* Author(s): Cornelia Huck <cornelia.huck@de.ibm.com>
|
|
|
|
* Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
|
|
* Ralph Wuerthner <rwuerthn@de.ibm.com>
|
2008-12-25 12:38:41 +00:00
|
|
|
* Felix Beck <felix.beck@de.ibm.com>
|
2011-07-24 08:48:25 +00:00
|
|
|
* Holger Dengler <hd@linux.vnet.ibm.com>
|
2020-08-31 08:16:26 +00:00
|
|
|
* Harald Freudenberger <freude@linux.ibm.com>
|
2006-09-20 13:58:25 +00:00
|
|
|
*
|
|
|
|
* Adjunct processor bus.
|
|
|
|
*/
|
|
|
|
|
2008-12-25 12:39:46 +00:00
|
|
|
#define KMSG_COMPONENT "ap"
|
|
|
|
#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
|
|
|
|
|
2011-01-05 11:47:38 +00:00
|
|
|
#include <linux/kernel_stat.h>
|
2017-02-09 14:48:10 +00:00
|
|
|
#include <linux/moduleparam.h>
|
2006-09-20 13:58:25 +00:00
|
|
|
#include <linux/init.h>
|
|
|
|
#include <linux/delay.h>
|
|
|
|
#include <linux/err.h>
|
2020-03-24 16:30:39 +00:00
|
|
|
#include <linux/freezer.h>
|
2006-09-20 13:58:25 +00:00
|
|
|
#include <linux/interrupt.h>
|
|
|
|
#include <linux/workqueue.h>
|
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 08:04:11 +00:00
|
|
|
#include <linux/slab.h>
|
2006-09-20 13:58:25 +00:00
|
|
|
#include <linux/notifier.h>
|
|
|
|
#include <linux/kthread.h>
|
|
|
|
#include <linux/mutex.h>
|
2008-12-25 12:38:41 +00:00
|
|
|
#include <asm/airq.h>
|
2011-07-26 23:09:06 +00:00
|
|
|
#include <linux/atomic.h>
|
2008-12-25 12:38:41 +00:00
|
|
|
#include <asm/isc.h>
|
2008-07-14 07:59:08 +00:00
|
|
|
#include <linux/hrtimer.h>
|
|
|
|
#include <linux/ktime.h>
|
2012-03-28 17:30:02 +00:00
|
|
|
#include <asm/facility.h>
|
2014-11-21 01:05:53 +00:00
|
|
|
#include <linux/crypto.h>
|
2016-08-25 09:16:03 +00:00
|
|
|
#include <linux/mod_devicetable.h>
|
2016-11-24 05:45:21 +00:00
|
|
|
#include <linux/debugfs.h>
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
#include <linux/ctype.h>
|
2006-09-20 13:58:25 +00:00
|
|
|
|
|
|
|
#include "ap_bus.h"
|
2016-11-24 05:45:21 +00:00
|
|
|
#include "ap_debug.h"
|
2006-09-20 13:58:25 +00:00
|
|
|
|
2008-04-17 05:46:28 +00:00
|
|
|
/*
|
2017-02-09 14:48:10 +00:00
|
|
|
* Module parameters; note though this file itself isn't modular.
|
2006-09-20 13:58:25 +00:00
|
|
|
*/
|
|
|
|
int ap_domain_index = -1; /* Adjunct Processor Domain Index */
|
2016-08-25 09:11:30 +00:00
|
|
|
static DEFINE_SPINLOCK(ap_domain_lock);
|
2018-08-17 10:36:01 +00:00
|
|
|
module_param_named(domain, ap_domain_index, int, 0440);
|
2006-09-20 13:58:25 +00:00
|
|
|
MODULE_PARM_DESC(domain, "domain index for ap devices");
|
|
|
|
EXPORT_SYMBOL(ap_domain_index);
|
|
|
|
|
2018-08-17 10:36:01 +00:00
|
|
|
static int ap_thread_flag;
|
|
|
|
module_param_named(poll_thread, ap_thread_flag, int, 0440);
|
2008-02-09 17:24:30 +00:00
|
|
|
MODULE_PARM_DESC(poll_thread, "Turn on/off poll thread, default is 0 (off).");
|
2006-09-20 13:58:25 +00:00
|
|
|
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
static char *apm_str;
|
|
|
|
module_param_named(apmask, apm_str, charp, 0440);
|
|
|
|
MODULE_PARM_DESC(apmask, "AP bus adapter mask.");
|
|
|
|
|
|
|
|
static char *aqm_str;
|
|
|
|
module_param_named(aqmask, aqm_str, charp, 0440);
|
|
|
|
MODULE_PARM_DESC(aqmask, "AP bus domain mask.");
|
|
|
|
|
2021-06-25 10:29:46 +00:00
|
|
|
atomic_t ap_max_msg_size = ATOMIC_INIT(AP_DEFAULT_MAX_MSG_SIZE);
|
|
|
|
EXPORT_SYMBOL(ap_max_msg_size);
|
|
|
|
|
2016-08-25 09:16:03 +00:00
|
|
|
static struct device *ap_root_device;
|
|
|
|
|
2020-05-08 13:51:19 +00:00
|
|
|
/* Hashtable of all queue devices on the AP bus */
|
|
|
|
DEFINE_HASHTABLE(ap_queues, 8);
|
|
|
|
/* lock used for the ap_queues hashtable */
|
|
|
|
DEFINE_SPINLOCK(ap_queues_lock);
|
2016-08-25 09:16:03 +00:00
|
|
|
|
s390/zcrypt: multiple zcrypt device nodes support
This patch is an extension to the zcrypt device driver to provide,
support and maintain multiple zcrypt device nodes. The individual
zcrypt device nodes can be restricted in terms of crypto cards,
domains and available ioctls. Such a device node can be used as a
base for container solutions like docker to control and restrict
the access to crypto resources.
The handling is done with a new sysfs subdir /sys/class/zcrypt.
Echoing a name (or an empty sting) into the attribute "create" creates
a new zcrypt device node. In /sys/class/zcrypt a new link will appear
which points to the sysfs device tree of this new device. The
attribute files "ioctlmask", "apmask" and "aqmask" in this directory
are used to customize this new zcrypt device node instance. Finally
the zcrypt device node can be destroyed by echoing the name into
/sys/class/zcrypt/destroy. The internal structs holding the device
info are reference counted - so a destroy will not hard remove a
device but only marks it as removable when the reference counter drops
to zero.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
* Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
* Relative format - a concatenation (done with ',') of the
terms +<bitnr>[-<bitnr>] or -<bitnr>[-<bitnr>]. <bitnr> may be any
valid number (hex, decimal or octal) in the range 0...255. Here are
some examples:
"+0-15,+32,-128,-0xFF"
"-0-255,+1-16,+0x128"
"+1,+2,+3,+4,-5,-7-10"
A simple usage examples:
# create new zcrypt device 'my_zcrypt':
echo "my_zcrypt" >/sys/class/zcrypt/create
# go into the device dir of this new device
echo "my_zcrypt" >create
cd my_zcrypt/
ls -l
total 0
-rw-r--r-- 1 root root 4096 Jul 20 15:23 apmask
-rw-r--r-- 1 root root 4096 Jul 20 15:23 aqmask
-r--r--r-- 1 root root 4096 Jul 20 15:23 dev
-rw-r--r-- 1 root root 4096 Jul 20 15:23 ioctlmask
lrwxrwxrwx 1 root root 0 Jul 20 15:23 subsystem -> ../../../../class/zcrypt
...
# customize this zcrypt node clone
# enable only adapter 0 and 2
echo "0xa0" >apmask
# enable only domain 6
echo "+6" >aqmask
# enable all 256 ioctls
echo "+0-255" >ioctls
# now the /dev/my_zcrypt may be used
# finally destroy it
echo "my_zcrypt" >/sys/class/zcrypt/destroy
Please note that a very similar 'filtering behavior' also applies to
the parent z90crypt device. The two mask attributes apmask and aqmask
in /sys/bus/ap act the very same for the z90crypt device node. However
the implementation here is totally different as the ap bus acts on
bind/unbind of queue devices and associated drivers but the effect is
still the same. So there are two filters active for each additional
zcrypt device node: The adapter/domain needs to be enabled on the ap
bus level and it needs to be active on the zcrypt device node level.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-09-17 14:18:41 +00:00
|
|
|
/* Default permissions (ioctl, card and domain masking) */
|
|
|
|
struct ap_perms ap_perms;
|
|
|
|
EXPORT_SYMBOL(ap_perms);
|
|
|
|
DEFINE_MUTEX(ap_perms_mutex);
|
|
|
|
EXPORT_SYMBOL(ap_perms_mutex);
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
|
2020-08-31 08:16:26 +00:00
|
|
|
/* # of bus scans since init */
|
|
|
|
static atomic64_t ap_scan_bus_count;
|
|
|
|
|
2021-05-11 13:01:18 +00:00
|
|
|
/* # of bindings complete since init */
|
|
|
|
static atomic64_t ap_bindings_complete_count = ATOMIC64_INIT(0);
|
|
|
|
|
2020-08-31 08:16:26 +00:00
|
|
|
/* completion for initial APQN bindings complete */
|
|
|
|
static DECLARE_COMPLETION(ap_init_apqn_bindings_complete);
|
|
|
|
|
2020-07-01 10:40:39 +00:00
|
|
|
static struct ap_config_info *ap_qci_info;
|
2006-09-20 13:58:25 +00:00
|
|
|
|
2016-11-24 05:45:21 +00:00
|
|
|
/*
|
|
|
|
* AP bus related debug feature things.
|
|
|
|
*/
|
|
|
|
debug_info_t *ap_dbf_info;
|
|
|
|
|
2008-04-17 05:46:28 +00:00
|
|
|
/*
|
2015-07-27 10:47:40 +00:00
|
|
|
* Workqueue timer for bus rescan.
|
2006-09-20 13:58:25 +00:00
|
|
|
*/
|
|
|
|
static struct timer_list ap_config_timer;
|
|
|
|
static int ap_config_time = AP_CONFIG_TIME;
|
2015-09-14 15:01:23 +00:00
|
|
|
static void ap_scan_bus(struct work_struct *);
|
2015-07-27 10:47:40 +00:00
|
|
|
static DECLARE_WORK(ap_scan_work, ap_scan_bus);
|
2006-09-20 13:58:25 +00:00
|
|
|
|
2008-04-17 05:46:28 +00:00
|
|
|
/*
|
2008-12-25 12:38:41 +00:00
|
|
|
* Tasklet & timer for AP request polling and interrupts
|
2006-09-20 13:58:25 +00:00
|
|
|
*/
|
2015-09-14 15:01:23 +00:00
|
|
|
static void ap_tasklet_fn(unsigned long);
|
2020-07-13 22:01:26 +00:00
|
|
|
static DECLARE_TASKLET_OLD(ap_tasklet, ap_tasklet_fn);
|
2006-09-20 13:58:25 +00:00
|
|
|
static DECLARE_WAIT_QUEUE_HEAD(ap_poll_wait);
|
2018-08-17 10:36:01 +00:00
|
|
|
static struct task_struct *ap_poll_kthread;
|
2006-09-20 13:58:25 +00:00
|
|
|
static DEFINE_MUTEX(ap_poll_thread_mutex);
|
2009-12-07 11:52:00 +00:00
|
|
|
static DEFINE_SPINLOCK(ap_poll_timer_lock);
|
2008-07-14 07:59:08 +00:00
|
|
|
static struct hrtimer ap_poll_timer;
|
2018-08-17 10:36:01 +00:00
|
|
|
/*
|
|
|
|
* In LPAR poll with 4kHz frequency. Poll every 250000 nanoseconds.
|
|
|
|
* If z/VM change to 1500000 nanoseconds to adjust to z/VM polling.
|
|
|
|
*/
|
2008-07-14 07:59:08 +00:00
|
|
|
static unsigned long long poll_timeout = 250000;
|
2006-09-20 13:58:25 +00:00
|
|
|
|
2020-07-01 10:40:39 +00:00
|
|
|
/* Maximum domain id, if not given via qci */
|
|
|
|
static int ap_max_domain_id = 15;
|
|
|
|
/* Maximum adapter id, if not given via qci */
|
|
|
|
static int ap_max_adapter_id = 63;
|
2020-03-24 16:30:39 +00:00
|
|
|
|
2009-06-22 10:08:16 +00:00
|
|
|
static struct bus_type ap_bus_type;
|
|
|
|
|
2013-06-24 08:30:41 +00:00
|
|
|
/* Adapter interrupt definitions */
|
2018-10-28 10:51:56 +00:00
|
|
|
static void ap_interrupt_handler(struct airq_struct *airq, bool floating);
|
2015-09-14 15:01:23 +00:00
|
|
|
|
2013-06-24 08:30:41 +00:00
|
|
|
static int ap_airq_flag;
|
|
|
|
|
|
|
|
static struct airq_struct ap_airq = {
|
|
|
|
.handler = ap_interrupt_handler,
|
|
|
|
.isc = AP_ISC,
|
|
|
|
};
|
|
|
|
|
2008-12-25 12:38:41 +00:00
|
|
|
/**
|
|
|
|
* ap_using_interrupts() - Returns non-zero if interrupt support is
|
|
|
|
* available.
|
|
|
|
*/
|
|
|
|
static inline int ap_using_interrupts(void)
|
|
|
|
{
|
2013-06-24 08:30:41 +00:00
|
|
|
return ap_airq_flag;
|
2008-12-25 12:38:41 +00:00
|
|
|
}
|
|
|
|
|
2016-08-25 09:16:03 +00:00
|
|
|
/**
|
|
|
|
* ap_airq_ptr() - Get the address of the adapter interrupt indicator
|
|
|
|
*
|
|
|
|
* Returns the address of the local-summary-indicator of the adapter
|
|
|
|
* interrupt handler for AP, or NULL if adapter interrupts are not
|
|
|
|
* available.
|
|
|
|
*/
|
|
|
|
void *ap_airq_ptr(void)
|
|
|
|
{
|
|
|
|
if (ap_using_interrupts())
|
|
|
|
return ap_airq.lsi_ptr;
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2008-12-25 12:38:41 +00:00
|
|
|
/**
|
|
|
|
* ap_interrupts_available(): Test if AP interrupts are available.
|
|
|
|
*
|
|
|
|
* Returns 1 if AP interrupts are available.
|
|
|
|
*/
|
|
|
|
static int ap_interrupts_available(void)
|
|
|
|
{
|
2015-02-14 10:23:21 +00:00
|
|
|
return test_facility(65);
|
2008-12-25 12:38:41 +00:00
|
|
|
}
|
|
|
|
|
2012-08-28 14:41:50 +00:00
|
|
|
/**
|
2020-07-01 10:40:39 +00:00
|
|
|
* ap_qci_available(): Test if AP configuration
|
|
|
|
* information can be queried via QCI subfunction.
|
2012-08-28 14:41:50 +00:00
|
|
|
*
|
2020-07-01 10:40:39 +00:00
|
|
|
* Returns 1 if subfunction PQAP(QCI) is available.
|
2012-08-28 14:41:50 +00:00
|
|
|
*/
|
2020-07-01 10:40:39 +00:00
|
|
|
static int ap_qci_available(void)
|
2012-08-28 14:41:50 +00:00
|
|
|
{
|
2015-02-14 10:23:21 +00:00
|
|
|
return test_facility(12);
|
2012-08-28 14:41:50 +00:00
|
|
|
}
|
|
|
|
|
2016-11-08 06:09:13 +00:00
|
|
|
/**
|
|
|
|
* ap_apft_available(): Test if AP facilities test (APFT)
|
|
|
|
* facility is available.
|
|
|
|
*
|
|
|
|
* Returns 1 if APFT is is available.
|
|
|
|
*/
|
|
|
|
static int ap_apft_available(void)
|
|
|
|
{
|
|
|
|
return test_facility(15);
|
|
|
|
}
|
|
|
|
|
2017-10-16 10:28:35 +00:00
|
|
|
/*
|
|
|
|
* ap_qact_available(): Test if the PQAP(QACT) subfunction is available.
|
|
|
|
*
|
|
|
|
* Returns 1 if the QACT subfunction is available.
|
|
|
|
*/
|
|
|
|
static inline int ap_qact_available(void)
|
|
|
|
{
|
2020-07-01 10:40:39 +00:00
|
|
|
if (ap_qci_info)
|
|
|
|
return ap_qci_info->qact;
|
2017-10-16 10:28:35 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2016-11-08 10:54:28 +00:00
|
|
|
/*
|
2020-07-01 10:40:39 +00:00
|
|
|
* ap_fetch_qci_info(): Fetch cryptographic config info
|
2016-11-08 10:54:28 +00:00
|
|
|
*
|
|
|
|
* Returns the ap configuration info fetched via PQAP(QCI).
|
|
|
|
* On success 0 is returned, on failure a negative errno
|
|
|
|
* is returned, e.g. if the PQAP(QCI) instruction is not
|
|
|
|
* available, the return value will be -EOPNOTSUPP.
|
|
|
|
*/
|
2020-07-01 10:40:39 +00:00
|
|
|
static inline int ap_fetch_qci_info(struct ap_config_info *info)
|
2016-06-20 12:00:27 +00:00
|
|
|
{
|
2020-07-01 10:40:39 +00:00
|
|
|
if (!ap_qci_available())
|
2016-06-20 12:00:27 +00:00
|
|
|
return -EOPNOTSUPP;
|
2016-11-08 10:54:28 +00:00
|
|
|
if (!info)
|
|
|
|
return -EINVAL;
|
|
|
|
return ap_qci(info);
|
2016-06-20 12:00:27 +00:00
|
|
|
}
|
|
|
|
|
2015-06-26 14:55:35 +00:00
|
|
|
/**
|
2020-07-01 10:40:39 +00:00
|
|
|
* ap_init_qci_info(): Allocate and query qci config info.
|
|
|
|
* Does also update the static variables ap_max_domain_id
|
|
|
|
* and ap_max_adapter_id if this info is available.
|
|
|
|
|
2015-06-26 14:55:35 +00:00
|
|
|
*/
|
2020-07-01 10:40:39 +00:00
|
|
|
static void __init ap_init_qci_info(void)
|
2015-06-26 14:55:35 +00:00
|
|
|
{
|
2020-07-01 10:40:39 +00:00
|
|
|
if (!ap_qci_available()) {
|
2020-07-02 13:56:15 +00:00
|
|
|
AP_DBF_INFO("%s QCI not supported\n", __func__);
|
2015-06-26 14:55:35 +00:00
|
|
|
return;
|
2020-07-01 10:40:39 +00:00
|
|
|
}
|
2015-06-26 14:55:35 +00:00
|
|
|
|
2020-07-01 10:40:39 +00:00
|
|
|
ap_qci_info = kzalloc(sizeof(*ap_qci_info), GFP_KERNEL);
|
|
|
|
if (!ap_qci_info)
|
2015-06-26 14:55:35 +00:00
|
|
|
return;
|
2020-07-01 10:40:39 +00:00
|
|
|
if (ap_fetch_qci_info(ap_qci_info) != 0) {
|
|
|
|
kfree(ap_qci_info);
|
|
|
|
ap_qci_info = NULL;
|
2015-06-26 14:55:35 +00:00
|
|
|
return;
|
|
|
|
}
|
2020-07-02 13:56:15 +00:00
|
|
|
AP_DBF_INFO("%s successful fetched initial qci info\n", __func__);
|
2020-07-01 10:40:39 +00:00
|
|
|
|
|
|
|
if (ap_qci_info->apxa) {
|
|
|
|
if (ap_qci_info->Na) {
|
|
|
|
ap_max_adapter_id = ap_qci_info->Na;
|
2020-07-02 13:56:15 +00:00
|
|
|
AP_DBF_INFO("%s new ap_max_adapter_id is %d\n",
|
|
|
|
__func__, ap_max_adapter_id);
|
2020-07-01 10:40:39 +00:00
|
|
|
}
|
|
|
|
if (ap_qci_info->Nd) {
|
|
|
|
ap_max_domain_id = ap_qci_info->Nd;
|
2020-07-02 13:56:15 +00:00
|
|
|
AP_DBF_INFO("%s new ap_max_domain_id is %d\n",
|
|
|
|
__func__, ap_max_domain_id);
|
2020-07-01 10:40:39 +00:00
|
|
|
}
|
|
|
|
}
|
2015-06-26 14:55:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* ap_test_config(): helper function to extract the nrth bit
|
|
|
|
* within the unsigned int array field.
|
|
|
|
*/
|
|
|
|
static inline int ap_test_config(unsigned int *field, unsigned int nr)
|
|
|
|
{
|
|
|
|
return ap_test_bit((field + (nr >> 5)), (nr & 0x1f));
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* ap_test_config_card_id(): Test, whether an AP card ID is configured.
|
|
|
|
*
|
|
|
|
* Returns 0 if the card is not configured
|
|
|
|
* 1 if the card is configured or
|
|
|
|
* if the configuration information is not available
|
|
|
|
*/
|
|
|
|
static inline int ap_test_config_card_id(unsigned int id)
|
|
|
|
{
|
2020-07-01 10:40:39 +00:00
|
|
|
if (id > ap_max_adapter_id)
|
|
|
|
return 0;
|
|
|
|
if (ap_qci_info)
|
|
|
|
return ap_test_config(ap_qci_info->apm, id);
|
|
|
|
return 1;
|
2015-06-26 14:55:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2019-05-21 11:50:09 +00:00
|
|
|
* ap_test_config_usage_domain(): Test, whether an AP usage domain
|
|
|
|
* is configured.
|
2015-06-26 14:55:35 +00:00
|
|
|
*
|
|
|
|
* Returns 0 if the usage domain is not configured
|
|
|
|
* 1 if the usage domain is configured or
|
|
|
|
* if the configuration information is not available
|
|
|
|
*/
|
2019-05-21 11:50:09 +00:00
|
|
|
int ap_test_config_usage_domain(unsigned int domain)
|
2015-06-26 14:55:35 +00:00
|
|
|
{
|
2020-07-01 10:40:39 +00:00
|
|
|
if (domain > ap_max_domain_id)
|
|
|
|
return 0;
|
|
|
|
if (ap_qci_info)
|
|
|
|
return ap_test_config(ap_qci_info->aqm, domain);
|
|
|
|
return 1;
|
2015-06-26 14:55:35 +00:00
|
|
|
}
|
2019-05-21 11:50:09 +00:00
|
|
|
EXPORT_SYMBOL(ap_test_config_usage_domain);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* ap_test_config_ctrl_domain(): Test, whether an AP control domain
|
|
|
|
* is configured.
|
|
|
|
* @domain AP control domain ID
|
|
|
|
*
|
|
|
|
* Returns 1 if the control domain is configured
|
|
|
|
* 0 in all other cases
|
|
|
|
*/
|
|
|
|
int ap_test_config_ctrl_domain(unsigned int domain)
|
|
|
|
{
|
2020-07-01 10:40:39 +00:00
|
|
|
if (!ap_qci_info || domain > ap_max_domain_id)
|
2019-05-21 11:50:09 +00:00
|
|
|
return 0;
|
2020-07-01 10:40:39 +00:00
|
|
|
return ap_test_config(ap_qci_info->adm, domain);
|
2019-05-21 11:50:09 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(ap_test_config_ctrl_domain);
|
2015-06-26 14:55:35 +00:00
|
|
|
|
2020-07-01 10:40:39 +00:00
|
|
|
/*
|
|
|
|
* ap_queue_info(): Check and get AP queue info.
|
|
|
|
* Returns true if TAPQ succeeded and the info is filled or
|
|
|
|
* false otherwise.
|
2006-09-20 13:58:25 +00:00
|
|
|
*/
|
2021-06-25 10:29:46 +00:00
|
|
|
static bool ap_queue_info(ap_qid_t qid, int *q_type, unsigned int *q_fac,
|
|
|
|
int *q_depth, int *q_ml, bool *q_decfg)
|
2006-09-20 13:58:25 +00:00
|
|
|
{
|
|
|
|
struct ap_queue_status status;
|
2021-06-25 10:29:46 +00:00
|
|
|
union {
|
|
|
|
unsigned long value;
|
|
|
|
struct {
|
|
|
|
unsigned int fac : 32; /* facility bits */
|
|
|
|
unsigned int at : 8; /* ap type */
|
|
|
|
unsigned int _res1 : 8;
|
|
|
|
unsigned int _res2 : 4;
|
|
|
|
unsigned int ml : 4; /* apxl ml */
|
|
|
|
unsigned int _res3 : 4;
|
|
|
|
unsigned int qd : 4; /* queue depth */
|
|
|
|
} tapq_gr2;
|
|
|
|
} tapq_info;
|
|
|
|
|
|
|
|
tapq_info.value = 0;
|
2015-06-26 14:55:35 +00:00
|
|
|
|
2020-07-01 10:40:39 +00:00
|
|
|
/* make sure we don't run into a specifiation exception */
|
|
|
|
if (AP_QID_CARD(qid) > ap_max_adapter_id ||
|
|
|
|
AP_QID_QUEUE(qid) > ap_max_domain_id)
|
|
|
|
return false;
|
2006-09-20 13:58:25 +00:00
|
|
|
|
2020-07-01 10:40:39 +00:00
|
|
|
/* call TAPQ on this APQN */
|
2021-06-25 10:29:46 +00:00
|
|
|
status = ap_test_queue(qid, ap_apft_available(), &tapq_info.value);
|
2015-06-17 14:19:15 +00:00
|
|
|
switch (status.response_code) {
|
|
|
|
case AP_RESPONSE_NORMAL:
|
2020-07-01 10:40:39 +00:00
|
|
|
case AP_RESPONSE_RESET_IN_PROGRESS:
|
2020-07-02 14:57:00 +00:00
|
|
|
case AP_RESPONSE_DECONFIGURED:
|
|
|
|
case AP_RESPONSE_CHECKSTOPPED:
|
|
|
|
case AP_RESPONSE_BUSY:
|
2020-07-01 10:40:39 +00:00
|
|
|
/*
|
|
|
|
* According to the architecture in all these cases the
|
|
|
|
* info should be filled. All bits 0 is not possible as
|
|
|
|
* there is at least one of the mode bits set.
|
|
|
|
*/
|
2021-06-25 10:29:46 +00:00
|
|
|
if (WARN_ON_ONCE(!tapq_info.value))
|
2020-07-01 10:40:39 +00:00
|
|
|
return false;
|
2021-06-25 10:29:46 +00:00
|
|
|
*q_type = tapq_info.tapq_gr2.at;
|
|
|
|
*q_fac = tapq_info.tapq_gr2.fac;
|
|
|
|
*q_depth = tapq_info.tapq_gr2.qd;
|
|
|
|
*q_ml = tapq_info.tapq_gr2.ml;
|
2020-07-02 14:57:00 +00:00
|
|
|
*q_decfg = status.response_code == AP_RESPONSE_DECONFIGURED;
|
2020-07-01 10:40:39 +00:00
|
|
|
switch (*q_type) {
|
2016-10-27 06:57:39 +00:00
|
|
|
/* For CEX2 and CEX3 the available functions
|
2018-11-29 10:50:16 +00:00
|
|
|
* are not reflected by the facilities bits.
|
2016-10-27 06:57:39 +00:00
|
|
|
* Instead it is coded into the type. So here
|
|
|
|
* modify the function bits based on the type.
|
|
|
|
*/
|
|
|
|
case AP_DEVICE_TYPE_CEX2A:
|
|
|
|
case AP_DEVICE_TYPE_CEX3A:
|
2020-07-01 10:40:39 +00:00
|
|
|
*q_fac |= 0x08000000;
|
2016-10-27 06:57:39 +00:00
|
|
|
break;
|
|
|
|
case AP_DEVICE_TYPE_CEX2C:
|
|
|
|
case AP_DEVICE_TYPE_CEX3C:
|
2020-07-01 10:40:39 +00:00
|
|
|
*q_fac |= 0x10000000;
|
2016-10-27 06:57:39 +00:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
2020-07-01 10:40:39 +00:00
|
|
|
return true;
|
2015-06-17 14:19:15 +00:00
|
|
|
default:
|
2020-07-01 10:40:39 +00:00
|
|
|
/*
|
|
|
|
* A response code which indicates, there is no info available.
|
|
|
|
*/
|
|
|
|
return false;
|
2006-09-20 13:58:25 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-05-26 08:49:33 +00:00
|
|
|
void ap_wait(enum ap_sm_wait wait)
|
2015-09-14 15:01:23 +00:00
|
|
|
{
|
|
|
|
ktime_t hr_time;
|
|
|
|
|
|
|
|
switch (wait) {
|
2020-05-26 08:49:33 +00:00
|
|
|
case AP_SM_WAIT_AGAIN:
|
|
|
|
case AP_SM_WAIT_INTERRUPT:
|
2015-09-14 15:01:23 +00:00
|
|
|
if (ap_using_interrupts())
|
|
|
|
break;
|
|
|
|
if (ap_poll_kthread) {
|
|
|
|
wake_up(&ap_poll_wait);
|
|
|
|
break;
|
|
|
|
}
|
2020-03-10 20:39:51 +00:00
|
|
|
fallthrough;
|
2020-05-26 08:49:33 +00:00
|
|
|
case AP_SM_WAIT_TIMEOUT:
|
2015-09-14 15:01:23 +00:00
|
|
|
spin_lock_bh(&ap_poll_timer_lock);
|
|
|
|
if (!hrtimer_is_queued(&ap_poll_timer)) {
|
2016-12-25 11:30:41 +00:00
|
|
|
hr_time = poll_timeout;
|
2015-09-14 15:01:23 +00:00
|
|
|
hrtimer_forward_now(&ap_poll_timer, hr_time);
|
|
|
|
hrtimer_restart(&ap_poll_timer);
|
|
|
|
}
|
|
|
|
spin_unlock_bh(&ap_poll_timer_lock);
|
|
|
|
break;
|
2020-05-26 08:49:33 +00:00
|
|
|
case AP_SM_WAIT_NONE:
|
2015-09-14 15:01:23 +00:00
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ap_request_timeout(): Handling of request timeouts
|
2017-10-25 10:27:37 +00:00
|
|
|
* @t: timer making this callback
|
2015-09-14 15:01:23 +00:00
|
|
|
*
|
|
|
|
* Handles request timeouts.
|
|
|
|
*/
|
2017-10-25 10:27:37 +00:00
|
|
|
void ap_request_timeout(struct timer_list *t)
|
2015-09-14 15:01:23 +00:00
|
|
|
{
|
2017-10-25 10:27:37 +00:00
|
|
|
struct ap_queue *aq = from_timer(aq, t, timeout);
|
2015-09-14 15:01:23 +00:00
|
|
|
|
2016-08-25 09:16:03 +00:00
|
|
|
spin_lock_bh(&aq->lock);
|
2020-05-26 08:49:33 +00:00
|
|
|
ap_wait(ap_sm_event(aq, AP_SM_EVENT_TIMEOUT));
|
2016-08-25 09:16:03 +00:00
|
|
|
spin_unlock_bh(&aq->lock);
|
2015-09-14 15:01:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ap_poll_timeout(): AP receive polling for finished AP requests.
|
|
|
|
* @unused: Unused pointer.
|
|
|
|
*
|
|
|
|
* Schedules the AP tasklet using a high resolution timer.
|
|
|
|
*/
|
|
|
|
static enum hrtimer_restart ap_poll_timeout(struct hrtimer *unused)
|
|
|
|
{
|
2020-03-24 16:30:39 +00:00
|
|
|
tasklet_schedule(&ap_tasklet);
|
2015-09-14 15:01:23 +00:00
|
|
|
return HRTIMER_NORESTART;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ap_interrupt_handler() - Schedule ap_tasklet on interrupt
|
|
|
|
* @airq: pointer to adapter interrupt descriptor
|
|
|
|
*/
|
2018-10-28 10:51:56 +00:00
|
|
|
static void ap_interrupt_handler(struct airq_struct *airq, bool floating)
|
2015-09-14 15:01:23 +00:00
|
|
|
{
|
|
|
|
inc_irq_stat(IRQIO_APB);
|
2020-03-24 16:30:39 +00:00
|
|
|
tasklet_schedule(&ap_tasklet);
|
2015-09-14 15:01:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ap_tasklet_fn(): Tasklet to poll all AP devices.
|
|
|
|
* @dummy: Unused variable
|
|
|
|
*
|
|
|
|
* Poll all AP devices on the bus.
|
|
|
|
*/
|
|
|
|
static void ap_tasklet_fn(unsigned long dummy)
|
|
|
|
{
|
2020-05-08 13:51:19 +00:00
|
|
|
int bkt;
|
2016-08-25 09:16:03 +00:00
|
|
|
struct ap_queue *aq;
|
2020-05-26 08:49:33 +00:00
|
|
|
enum ap_sm_wait wait = AP_SM_WAIT_NONE;
|
2015-09-14 15:01:23 +00:00
|
|
|
|
|
|
|
/* Reset the indicator if interrupts are used. Thus new interrupts can
|
|
|
|
* be received. Doing it in the beginning of the tasklet is therefor
|
|
|
|
* important that no requests on any AP get lost.
|
|
|
|
*/
|
|
|
|
if (ap_using_interrupts())
|
|
|
|
xchg(ap_airq.lsi_ptr, 0);
|
|
|
|
|
2020-05-08 13:51:19 +00:00
|
|
|
spin_lock_bh(&ap_queues_lock);
|
|
|
|
hash_for_each(ap_queues, bkt, aq, hnode) {
|
|
|
|
spin_lock_bh(&aq->lock);
|
2020-05-26 08:49:33 +00:00
|
|
|
wait = min(wait, ap_sm_event_loop(aq, AP_SM_EVENT_POLL));
|
2020-05-08 13:51:19 +00:00
|
|
|
spin_unlock_bh(&aq->lock);
|
2015-09-14 15:01:23 +00:00
|
|
|
}
|
2020-05-08 13:51:19 +00:00
|
|
|
spin_unlock_bh(&ap_queues_lock);
|
2016-08-25 09:16:03 +00:00
|
|
|
|
|
|
|
ap_wait(wait);
|
2007-07-10 09:24:19 +00:00
|
|
|
}
|
|
|
|
|
2016-09-21 12:12:53 +00:00
|
|
|
static int ap_pending_requests(void)
|
|
|
|
{
|
2020-05-08 13:51:19 +00:00
|
|
|
int bkt;
|
2016-08-25 09:16:03 +00:00
|
|
|
struct ap_queue *aq;
|
|
|
|
|
2020-05-08 13:51:19 +00:00
|
|
|
spin_lock_bh(&ap_queues_lock);
|
|
|
|
hash_for_each(ap_queues, bkt, aq, hnode) {
|
|
|
|
if (aq->queue_count == 0)
|
|
|
|
continue;
|
|
|
|
spin_unlock_bh(&ap_queues_lock);
|
|
|
|
return 1;
|
2016-09-21 12:12:53 +00:00
|
|
|
}
|
2020-05-08 13:51:19 +00:00
|
|
|
spin_unlock_bh(&ap_queues_lock);
|
2016-08-25 09:16:03 +00:00
|
|
|
return 0;
|
2016-09-21 12:12:53 +00:00
|
|
|
}
|
|
|
|
|
2015-07-17 11:43:18 +00:00
|
|
|
/**
|
|
|
|
* ap_poll_thread(): Thread that polls for finished requests.
|
|
|
|
* @data: Unused pointer
|
|
|
|
*
|
|
|
|
* AP bus poll thread. The purpose of this thread is to poll for
|
|
|
|
* finished requests in a loop if there is a "free" cpu - that is
|
|
|
|
* a cpu that doesn't have anything better to do. The polling stops
|
|
|
|
* as soon as there is another task or if all messages have been
|
|
|
|
* delivered.
|
|
|
|
*/
|
|
|
|
static int ap_poll_thread(void *data)
|
|
|
|
{
|
|
|
|
DECLARE_WAITQUEUE(wait, current);
|
|
|
|
|
|
|
|
set_user_nice(current, MAX_NICE);
|
|
|
|
set_freezable();
|
|
|
|
while (!kthread_should_stop()) {
|
|
|
|
add_wait_queue(&ap_poll_wait, &wait);
|
|
|
|
set_current_state(TASK_INTERRUPTIBLE);
|
2020-03-24 16:30:39 +00:00
|
|
|
if (!ap_pending_requests()) {
|
2015-07-17 11:43:18 +00:00
|
|
|
schedule();
|
|
|
|
try_to_freeze();
|
|
|
|
}
|
|
|
|
set_current_state(TASK_RUNNING);
|
|
|
|
remove_wait_queue(&ap_poll_wait, &wait);
|
|
|
|
if (need_resched()) {
|
|
|
|
schedule();
|
|
|
|
try_to_freeze();
|
|
|
|
continue;
|
|
|
|
}
|
2015-09-14 15:01:23 +00:00
|
|
|
ap_tasklet_fn(0);
|
2016-09-21 12:12:53 +00:00
|
|
|
}
|
|
|
|
|
2015-07-17 11:43:18 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int ap_poll_thread_start(void)
|
|
|
|
{
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
if (ap_using_interrupts() || ap_poll_kthread)
|
|
|
|
return 0;
|
|
|
|
mutex_lock(&ap_poll_thread_mutex);
|
|
|
|
ap_poll_kthread = kthread_run(ap_poll_thread, NULL, "appoll");
|
2018-07-19 04:42:05 +00:00
|
|
|
rc = PTR_ERR_OR_ZERO(ap_poll_kthread);
|
2015-07-17 11:43:18 +00:00
|
|
|
if (rc)
|
|
|
|
ap_poll_kthread = NULL;
|
|
|
|
mutex_unlock(&ap_poll_thread_mutex);
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ap_poll_thread_stop(void)
|
|
|
|
{
|
|
|
|
if (!ap_poll_kthread)
|
|
|
|
return;
|
|
|
|
mutex_lock(&ap_poll_thread_mutex);
|
|
|
|
kthread_stop(ap_poll_kthread);
|
|
|
|
ap_poll_kthread = NULL;
|
|
|
|
mutex_unlock(&ap_poll_thread_mutex);
|
|
|
|
}
|
|
|
|
|
2016-08-25 09:16:03 +00:00
|
|
|
#define is_card_dev(x) ((x)->parent == ap_root_device)
|
|
|
|
#define is_queue_dev(x) ((x)->parent != ap_root_device)
|
2006-09-20 13:58:25 +00:00
|
|
|
|
|
|
|
/**
|
2008-04-17 05:46:28 +00:00
|
|
|
* ap_bus_match()
|
|
|
|
* @dev: Pointer to device
|
|
|
|
* @drv: Pointer to device_driver
|
|
|
|
*
|
2006-09-20 13:58:25 +00:00
|
|
|
* AP bus driver registration/unregistration.
|
|
|
|
*/
|
|
|
|
static int ap_bus_match(struct device *dev, struct device_driver *drv)
|
|
|
|
{
|
|
|
|
struct ap_driver *ap_drv = to_ap_drv(drv);
|
|
|
|
struct ap_device_id *id;
|
|
|
|
|
2008-04-17 05:46:28 +00:00
|
|
|
/*
|
2006-09-20 13:58:25 +00:00
|
|
|
* Compare device type of the device with the list of
|
|
|
|
* supported types of the device_driver.
|
|
|
|
*/
|
|
|
|
for (id = ap_drv->ids; id->match_flags; id++) {
|
2016-08-25 09:16:03 +00:00
|
|
|
if (is_card_dev(dev) &&
|
|
|
|
id->match_flags & AP_DEVICE_ID_MATCH_CARD_TYPE &&
|
|
|
|
id->dev_type == to_ap_dev(dev)->device_type)
|
|
|
|
return 1;
|
|
|
|
if (is_queue_dev(dev) &&
|
|
|
|
id->match_flags & AP_DEVICE_ID_MATCH_QUEUE_TYPE &&
|
|
|
|
id->dev_type == to_ap_dev(dev)->device_type)
|
|
|
|
return 1;
|
2006-09-20 13:58:25 +00:00
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2008-04-17 05:46:28 +00:00
|
|
|
* ap_uevent(): Uevent function for AP devices.
|
|
|
|
* @dev: Pointer to device
|
|
|
|
* @env: Pointer to kobj_uevent_env
|
|
|
|
*
|
|
|
|
* It sets up a single environment variable DEV_TYPE which contains the
|
|
|
|
* hardware device type.
|
2006-09-20 13:58:25 +00:00
|
|
|
*/
|
2018-08-17 10:36:01 +00:00
|
|
|
static int ap_uevent(struct device *dev, struct kobj_uevent_env *env)
|
2006-09-20 13:58:25 +00:00
|
|
|
{
|
2021-04-13 16:11:09 +00:00
|
|
|
int rc = 0;
|
2006-09-20 13:58:25 +00:00
|
|
|
struct ap_device *ap_dev = to_ap_dev(dev);
|
|
|
|
|
2020-08-31 08:16:26 +00:00
|
|
|
/* Uevents from ap bus core don't need extensions to the env */
|
|
|
|
if (dev == ap_root_device)
|
|
|
|
return 0;
|
2006-09-20 13:58:25 +00:00
|
|
|
|
2021-04-13 16:11:09 +00:00
|
|
|
if (is_card_dev(dev)) {
|
|
|
|
struct ap_card *ac = to_ap_card(&ap_dev->device);
|
2007-03-31 05:23:12 +00:00
|
|
|
|
2021-04-13 16:11:09 +00:00
|
|
|
/* Set up DEV_TYPE environment variable. */
|
|
|
|
rc = add_uevent_var(env, "DEV_TYPE=%04X", ap_dev->device_type);
|
|
|
|
if (rc)
|
|
|
|
return rc;
|
|
|
|
/* Add MODALIAS= */
|
|
|
|
rc = add_uevent_var(env, "MODALIAS=ap:t%02X", ap_dev->device_type);
|
|
|
|
if (rc)
|
|
|
|
return rc;
|
|
|
|
|
|
|
|
/* Add MODE=<accel|cca|ep11> */
|
|
|
|
if (ap_test_bit(&ac->functions, AP_FUNC_ACCEL))
|
|
|
|
rc = add_uevent_var(env, "MODE=accel");
|
|
|
|
else if (ap_test_bit(&ac->functions, AP_FUNC_COPRO))
|
|
|
|
rc = add_uevent_var(env, "MODE=cca");
|
|
|
|
else if (ap_test_bit(&ac->functions, AP_FUNC_EP11))
|
|
|
|
rc = add_uevent_var(env, "MODE=ep11");
|
|
|
|
if (rc)
|
|
|
|
return rc;
|
|
|
|
} else {
|
|
|
|
struct ap_queue *aq = to_ap_queue(&ap_dev->device);
|
|
|
|
|
|
|
|
/* Add MODE=<accel|cca|ep11> */
|
|
|
|
if (ap_test_bit(&aq->card->functions, AP_FUNC_ACCEL))
|
|
|
|
rc = add_uevent_var(env, "MODE=accel");
|
|
|
|
else if (ap_test_bit(&aq->card->functions, AP_FUNC_COPRO))
|
|
|
|
rc = add_uevent_var(env, "MODE=cca");
|
|
|
|
else if (ap_test_bit(&aq->card->functions, AP_FUNC_EP11))
|
|
|
|
rc = add_uevent_var(env, "MODE=ep11");
|
|
|
|
if (rc)
|
|
|
|
return rc;
|
|
|
|
}
|
2020-08-31 08:16:26 +00:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ap_send_init_scan_done_uevent(void)
|
|
|
|
{
|
|
|
|
char *envp[] = { "INITSCAN=done", NULL };
|
|
|
|
|
|
|
|
kobject_uevent_env(&ap_root_device->kobj, KOBJ_CHANGE, envp);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ap_send_bindings_complete_uevent(void)
|
|
|
|
{
|
2021-05-11 13:01:18 +00:00
|
|
|
char buf[32];
|
|
|
|
char *envp[] = { "BINDINGS=complete", buf, NULL };
|
2020-08-31 08:16:26 +00:00
|
|
|
|
2021-05-11 13:01:18 +00:00
|
|
|
snprintf(buf, sizeof(buf), "COMPLETECOUNT=%llu",
|
|
|
|
atomic64_inc_return(&ap_bindings_complete_count));
|
2020-08-31 08:16:26 +00:00
|
|
|
kobject_uevent_env(&ap_root_device->kobj, KOBJ_CHANGE, envp);
|
|
|
|
}
|
|
|
|
|
2021-04-13 16:11:09 +00:00
|
|
|
void ap_send_config_uevent(struct ap_device *ap_dev, bool cfg)
|
|
|
|
{
|
|
|
|
char buf[16];
|
|
|
|
char *envp[] = { buf, NULL };
|
|
|
|
|
|
|
|
snprintf(buf, sizeof(buf), "CONFIG=%d", cfg ? 1 : 0);
|
|
|
|
|
|
|
|
kobject_uevent_env(&ap_dev->device.kobj, KOBJ_CHANGE, envp);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(ap_send_config_uevent);
|
|
|
|
|
|
|
|
void ap_send_online_uevent(struct ap_device *ap_dev, int online)
|
|
|
|
{
|
|
|
|
char buf[16];
|
|
|
|
char *envp[] = { buf, NULL };
|
|
|
|
|
|
|
|
snprintf(buf, sizeof(buf), "ONLINE=%d", online ? 1 : 0);
|
|
|
|
|
|
|
|
kobject_uevent_env(&ap_dev->device.kobj, KOBJ_CHANGE, envp);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(ap_send_online_uevent);
|
|
|
|
|
2020-08-31 08:16:26 +00:00
|
|
|
/*
|
|
|
|
* calc # of bound APQNs
|
|
|
|
*/
|
|
|
|
|
|
|
|
struct __ap_calc_ctrs {
|
|
|
|
unsigned int apqns;
|
|
|
|
unsigned int bound;
|
|
|
|
};
|
|
|
|
|
|
|
|
static int __ap_calc_helper(struct device *dev, void *arg)
|
|
|
|
{
|
|
|
|
struct __ap_calc_ctrs *pctrs = (struct __ap_calc_ctrs *) arg;
|
|
|
|
|
|
|
|
if (is_queue_dev(dev)) {
|
|
|
|
pctrs->apqns++;
|
|
|
|
if ((to_ap_dev(dev))->drv)
|
|
|
|
pctrs->bound++;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ap_calc_bound_apqns(unsigned int *apqns, unsigned int *bound)
|
|
|
|
{
|
|
|
|
struct __ap_calc_ctrs ctrs;
|
|
|
|
|
|
|
|
memset(&ctrs, 0, sizeof(ctrs));
|
|
|
|
bus_for_each_dev(&ap_bus_type, NULL, (void *) &ctrs, __ap_calc_helper);
|
2007-03-31 05:23:12 +00:00
|
|
|
|
2020-08-31 08:16:26 +00:00
|
|
|
*apqns = ctrs.apqns;
|
|
|
|
*bound = ctrs.bound;
|
2006-09-20 13:58:25 +00:00
|
|
|
}
|
|
|
|
|
2020-08-31 08:16:26 +00:00
|
|
|
/*
|
|
|
|
* After initial ap bus scan do check if all existing APQNs are
|
|
|
|
* bound to device drivers.
|
|
|
|
*/
|
|
|
|
static void ap_check_bindings_complete(void)
|
|
|
|
{
|
|
|
|
unsigned int apqns, bound;
|
|
|
|
|
|
|
|
if (atomic64_read(&ap_scan_bus_count) >= 1) {
|
|
|
|
ap_calc_bound_apqns(&apqns, &bound);
|
|
|
|
if (bound == apqns) {
|
|
|
|
if (!completion_done(&ap_init_apqn_bindings_complete)) {
|
|
|
|
complete_all(&ap_init_apqn_bindings_complete);
|
|
|
|
AP_DBF(DBF_INFO, "%s complete\n", __func__);
|
|
|
|
}
|
|
|
|
ap_send_bindings_complete_uevent();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Interface to wait for the AP bus to have done one initial ap bus
|
|
|
|
* scan and all detected APQNs have been bound to device drivers.
|
|
|
|
* If these both conditions are not fulfilled, this function blocks
|
|
|
|
* on a condition with wait_for_completion_interruptible_timeout().
|
|
|
|
* If these both conditions are fulfilled (before the timeout hits)
|
|
|
|
* the return value is 0. If the timeout (in jiffies) hits instead
|
|
|
|
* -ETIME is returned. On failures negative return values are
|
|
|
|
* returned to the caller.
|
|
|
|
*/
|
|
|
|
int ap_wait_init_apqn_bindings_complete(unsigned long timeout)
|
|
|
|
{
|
|
|
|
long l;
|
|
|
|
|
|
|
|
if (completion_done(&ap_init_apqn_bindings_complete))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (timeout)
|
|
|
|
l = wait_for_completion_interruptible_timeout(
|
|
|
|
&ap_init_apqn_bindings_complete, timeout);
|
|
|
|
else
|
|
|
|
l = wait_for_completion_interruptible(
|
|
|
|
&ap_init_apqn_bindings_complete);
|
|
|
|
if (l < 0)
|
|
|
|
return l == -ERESTARTSYS ? -EINTR : l;
|
|
|
|
else if (l == 0 && timeout)
|
|
|
|
return -ETIME;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(ap_wait_init_apqn_bindings_complete);
|
|
|
|
|
2016-08-25 09:16:03 +00:00
|
|
|
static int __ap_queue_devices_with_id_unregister(struct device *dev, void *data)
|
2015-07-17 11:43:18 +00:00
|
|
|
{
|
2016-08-25 09:16:03 +00:00
|
|
|
if (is_queue_dev(dev) &&
|
|
|
|
AP_QID_CARD(to_ap_queue(dev)->qid) == (int)(long) data)
|
|
|
|
device_unregister(dev);
|
2015-07-17 11:43:18 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
static int __ap_revise_reserved(struct device *dev, void *dummy)
|
|
|
|
{
|
|
|
|
int rc, card, queue, devres, drvres;
|
|
|
|
|
|
|
|
if (is_queue_dev(dev)) {
|
|
|
|
card = AP_QID_CARD(to_ap_queue(dev)->qid);
|
|
|
|
queue = AP_QID_QUEUE(to_ap_queue(dev)->qid);
|
|
|
|
mutex_lock(&ap_perms_mutex);
|
|
|
|
devres = test_bit_inv(card, ap_perms.apm)
|
|
|
|
&& test_bit_inv(queue, ap_perms.aqm);
|
|
|
|
mutex_unlock(&ap_perms_mutex);
|
|
|
|
drvres = to_ap_drv(dev->driver)->flags
|
|
|
|
& AP_DRIVER_FLAG_DEFAULT;
|
|
|
|
if (!!devres != !!drvres) {
|
2020-07-02 13:56:15 +00:00
|
|
|
AP_DBF_DBG("reprobing queue=%02x.%04x\n",
|
|
|
|
card, queue);
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
rc = device_reprobe(dev);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ap_bus_revise_bindings(void)
|
|
|
|
{
|
|
|
|
bus_for_each_dev(&ap_bus_type, NULL, NULL, __ap_revise_reserved);
|
|
|
|
}
|
|
|
|
|
|
|
|
int ap_owned_by_def_drv(int card, int queue)
|
|
|
|
{
|
|
|
|
int rc = 0;
|
|
|
|
|
|
|
|
if (card < 0 || card >= AP_DEVICES || queue < 0 || queue >= AP_DOMAINS)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
mutex_lock(&ap_perms_mutex);
|
|
|
|
|
|
|
|
if (test_bit_inv(card, ap_perms.apm)
|
|
|
|
&& test_bit_inv(queue, ap_perms.aqm))
|
|
|
|
rc = 1;
|
|
|
|
|
|
|
|
mutex_unlock(&ap_perms_mutex);
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(ap_owned_by_def_drv);
|
|
|
|
|
|
|
|
int ap_apqn_in_matrix_owned_by_def_drv(unsigned long *apm,
|
|
|
|
unsigned long *aqm)
|
|
|
|
{
|
|
|
|
int card, queue, rc = 0;
|
|
|
|
|
|
|
|
mutex_lock(&ap_perms_mutex);
|
|
|
|
|
|
|
|
for (card = 0; !rc && card < AP_DEVICES; card++)
|
|
|
|
if (test_bit_inv(card, apm) &&
|
|
|
|
test_bit_inv(card, ap_perms.apm))
|
|
|
|
for (queue = 0; !rc && queue < AP_DOMAINS; queue++)
|
|
|
|
if (test_bit_inv(queue, aqm) &&
|
|
|
|
test_bit_inv(queue, ap_perms.aqm))
|
|
|
|
rc = 1;
|
|
|
|
|
|
|
|
mutex_unlock(&ap_perms_mutex);
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(ap_apqn_in_matrix_owned_by_def_drv);
|
|
|
|
|
2006-09-20 13:58:25 +00:00
|
|
|
static int ap_device_probe(struct device *dev)
|
|
|
|
{
|
|
|
|
struct ap_device *ap_dev = to_ap_dev(dev);
|
2015-09-14 15:01:23 +00:00
|
|
|
struct ap_driver *ap_drv = to_ap_drv(dev->driver);
|
2020-10-20 10:20:30 +00:00
|
|
|
int card, queue, devres, drvres, rc = -ENODEV;
|
|
|
|
|
|
|
|
if (!get_device(dev))
|
|
|
|
return rc;
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
|
|
|
|
if (is_queue_dev(dev)) {
|
|
|
|
/*
|
|
|
|
* If the apqn is marked as reserved/used by ap bus and
|
|
|
|
* default drivers, only probe with drivers with the default
|
|
|
|
* flag set. If it is not marked, only probe with drivers
|
|
|
|
* with the default flag not set.
|
|
|
|
*/
|
|
|
|
card = AP_QID_CARD(to_ap_queue(dev)->qid);
|
|
|
|
queue = AP_QID_QUEUE(to_ap_queue(dev)->qid);
|
|
|
|
mutex_lock(&ap_perms_mutex);
|
|
|
|
devres = test_bit_inv(card, ap_perms.apm)
|
|
|
|
&& test_bit_inv(queue, ap_perms.aqm);
|
|
|
|
mutex_unlock(&ap_perms_mutex);
|
|
|
|
drvres = ap_drv->flags & AP_DRIVER_FLAG_DEFAULT;
|
|
|
|
if (!!devres != !!drvres)
|
2020-10-20 10:20:30 +00:00
|
|
|
goto out;
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
}
|
2014-07-14 17:11:48 +00:00
|
|
|
|
2017-05-24 08:26:29 +00:00
|
|
|
/* Add queue/card to list of active queues/cards */
|
2020-05-08 13:51:19 +00:00
|
|
|
spin_lock_bh(&ap_queues_lock);
|
|
|
|
if (is_queue_dev(dev))
|
|
|
|
hash_add(ap_queues, &to_ap_queue(dev)->hnode,
|
|
|
|
to_ap_queue(dev)->qid);
|
|
|
|
spin_unlock_bh(&ap_queues_lock);
|
2017-05-24 08:26:29 +00:00
|
|
|
|
2015-09-14 15:01:23 +00:00
|
|
|
ap_dev->drv = ap_drv;
|
2006-09-20 13:58:25 +00:00
|
|
|
rc = ap_drv->probe ? ap_drv->probe(ap_dev) : -ENODEV;
|
2017-05-24 08:26:29 +00:00
|
|
|
|
|
|
|
if (rc) {
|
2020-05-08 13:51:19 +00:00
|
|
|
spin_lock_bh(&ap_queues_lock);
|
|
|
|
if (is_queue_dev(dev))
|
|
|
|
hash_del(&to_ap_queue(dev)->hnode);
|
|
|
|
spin_unlock_bh(&ap_queues_lock);
|
2015-09-14 15:01:23 +00:00
|
|
|
ap_dev->drv = NULL;
|
2020-08-31 08:16:26 +00:00
|
|
|
} else
|
|
|
|
ap_check_bindings_complete();
|
2017-05-24 08:26:29 +00:00
|
|
|
|
2020-10-20 10:20:30 +00:00
|
|
|
out:
|
|
|
|
if (rc)
|
|
|
|
put_device(dev);
|
2006-09-20 13:58:25 +00:00
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int ap_device_remove(struct device *dev)
|
|
|
|
{
|
|
|
|
struct ap_device *ap_dev = to_ap_dev(dev);
|
|
|
|
struct ap_driver *ap_drv = ap_dev->drv;
|
|
|
|
|
2019-02-22 16:24:11 +00:00
|
|
|
/* prepare ap queue device removal */
|
2018-11-09 13:59:24 +00:00
|
|
|
if (is_queue_dev(dev))
|
2019-02-22 16:24:11 +00:00
|
|
|
ap_queue_prepare_remove(to_ap_queue(dev));
|
|
|
|
|
|
|
|
/* driver's chance to clean up gracefully */
|
2017-05-24 08:26:29 +00:00
|
|
|
if (ap_drv->remove)
|
|
|
|
ap_drv->remove(ap_dev);
|
|
|
|
|
2019-02-22 16:24:11 +00:00
|
|
|
/* now do the ap queue device remove */
|
|
|
|
if (is_queue_dev(dev))
|
|
|
|
ap_queue_remove(to_ap_queue(dev));
|
|
|
|
|
2017-05-24 08:26:29 +00:00
|
|
|
/* Remove queue/card from list of active queues/cards */
|
2020-05-08 13:51:19 +00:00
|
|
|
spin_lock_bh(&ap_queues_lock);
|
|
|
|
if (is_queue_dev(dev))
|
|
|
|
hash_del(&to_ap_queue(dev)->hnode);
|
|
|
|
spin_unlock_bh(&ap_queues_lock);
|
2020-08-31 08:16:26 +00:00
|
|
|
ap_dev->drv = NULL;
|
2017-05-24 08:26:29 +00:00
|
|
|
|
2020-10-20 10:20:30 +00:00
|
|
|
put_device(dev);
|
|
|
|
|
2006-09-20 13:58:25 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2020-05-08 13:51:19 +00:00
|
|
|
struct ap_queue *ap_get_qdev(ap_qid_t qid)
|
|
|
|
{
|
|
|
|
int bkt;
|
|
|
|
struct ap_queue *aq;
|
|
|
|
|
|
|
|
spin_lock_bh(&ap_queues_lock);
|
|
|
|
hash_for_each(ap_queues, bkt, aq, hnode) {
|
|
|
|
if (aq->qid == qid) {
|
|
|
|
get_device(&aq->ap_dev.device);
|
|
|
|
spin_unlock_bh(&ap_queues_lock);
|
|
|
|
return aq;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
spin_unlock_bh(&ap_queues_lock);
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(ap_get_qdev);
|
|
|
|
|
2006-09-20 13:58:25 +00:00
|
|
|
int ap_driver_register(struct ap_driver *ap_drv, struct module *owner,
|
|
|
|
char *name)
|
|
|
|
{
|
|
|
|
struct device_driver *drv = &ap_drv->driver;
|
|
|
|
|
|
|
|
drv->bus = &ap_bus_type;
|
|
|
|
drv->owner = owner;
|
|
|
|
drv->name = name;
|
|
|
|
return driver_register(drv);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(ap_driver_register);
|
|
|
|
|
|
|
|
void ap_driver_unregister(struct ap_driver *ap_drv)
|
|
|
|
{
|
|
|
|
driver_unregister(&ap_drv->driver);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(ap_driver_unregister);
|
|
|
|
|
2012-09-10 19:34:26 +00:00
|
|
|
void ap_bus_force_rescan(void)
|
|
|
|
{
|
2013-04-12 15:52:08 +00:00
|
|
|
/* processing a asynchronous bus rescan */
|
2015-07-23 08:55:59 +00:00
|
|
|
del_timer(&ap_config_timer);
|
2015-07-27 10:47:40 +00:00
|
|
|
queue_work(system_long_wq, &ap_scan_work);
|
|
|
|
flush_work(&ap_scan_work);
|
2012-09-10 19:34:26 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(ap_bus_force_rescan);
|
|
|
|
|
2019-02-18 17:01:35 +00:00
|
|
|
/*
|
|
|
|
* A config change has happened, force an ap bus rescan.
|
|
|
|
*/
|
|
|
|
void ap_bus_cfg_chg(void)
|
|
|
|
{
|
2020-07-02 13:56:15 +00:00
|
|
|
AP_DBF_DBG("%s config change, forcing bus rescan\n", __func__);
|
2019-02-18 17:01:35 +00:00
|
|
|
|
|
|
|
ap_bus_force_rescan();
|
|
|
|
}
|
|
|
|
|
2008-04-17 05:46:28 +00:00
|
|
|
/*
|
2018-08-20 13:27:45 +00:00
|
|
|
* hex2bitmap() - parse hex mask string and set bitmap.
|
|
|
|
* Valid strings are "0x012345678" with at least one valid hex number.
|
|
|
|
* Rest of the bitmap to the right is padded with 0. No spaces allowed
|
|
|
|
* within the string, the leading 0x may be omitted.
|
|
|
|
* Returns the bitmask with exactly the bits set as given by the hex
|
|
|
|
* string (both in big endian order).
|
2006-09-20 13:58:25 +00:00
|
|
|
*/
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
static int hex2bitmap(const char *str, unsigned long *bitmap, int bits)
|
|
|
|
{
|
|
|
|
int i, n, b;
|
|
|
|
|
|
|
|
/* bits needs to be a multiple of 8 */
|
|
|
|
if (bits & 0x07)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
if (str[0] == '0' && str[1] == 'x')
|
|
|
|
str++;
|
|
|
|
if (*str == 'x')
|
|
|
|
str++;
|
|
|
|
|
|
|
|
for (i = 0; isxdigit(*str) && i < bits; str++) {
|
|
|
|
b = hex_to_bin(*str);
|
|
|
|
for (n = 0; n < 4; n++)
|
|
|
|
if (b & (0x08 >> n))
|
|
|
|
set_bit_inv(i + n, bitmap);
|
|
|
|
i += 4;
|
|
|
|
}
|
|
|
|
|
2018-08-20 13:27:45 +00:00
|
|
|
if (*str == '\n')
|
|
|
|
str++;
|
|
|
|
if (*str)
|
|
|
|
return -EINVAL;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2018-09-05 05:45:11 +00:00
|
|
|
* modify_bitmap() - parse bitmask argument and modify an existing
|
|
|
|
* bit mask accordingly. A concatenation (done with ',') of these
|
|
|
|
* terms is recognized:
|
2018-08-20 13:27:45 +00:00
|
|
|
* +<bitnr>[-<bitnr>] or -<bitnr>[-<bitnr>]
|
|
|
|
* <bitnr> may be any valid number (hex, decimal or octal) in the range
|
|
|
|
* 0...bits-1; the leading + or - is required. Here are some examples:
|
|
|
|
* +0-15,+32,-128,-0xFF
|
|
|
|
* -0-255,+1-16,+0x128
|
|
|
|
* +1,+2,+3,+4,-5,-7-10
|
2018-09-05 05:45:11 +00:00
|
|
|
* Returns the new bitmap after all changes have been applied. Every
|
|
|
|
* positive value in the string will set a bit and every negative value
|
|
|
|
* in the string will clear a bit. As a bit may be touched more than once,
|
|
|
|
* the last 'operation' wins:
|
|
|
|
* +0-255,-128 = first bits 0-255 will be set, then bit 128 will be
|
|
|
|
* cleared again. All other bits are unmodified.
|
2018-08-20 13:27:45 +00:00
|
|
|
*/
|
2018-09-05 05:45:11 +00:00
|
|
|
static int modify_bitmap(const char *str, unsigned long *bitmap, int bits)
|
2018-08-20 13:27:45 +00:00
|
|
|
{
|
|
|
|
int a, i, z;
|
|
|
|
char *np, sign;
|
|
|
|
|
|
|
|
/* bits needs to be a multiple of 8 */
|
|
|
|
if (bits & 0x07)
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
return -EINVAL;
|
|
|
|
|
2018-08-20 13:27:45 +00:00
|
|
|
while (*str) {
|
|
|
|
sign = *str++;
|
|
|
|
if (sign != '+' && sign != '-')
|
|
|
|
return -EINVAL;
|
|
|
|
a = z = simple_strtoul(str, &np, 0);
|
|
|
|
if (str == np || a >= bits)
|
|
|
|
return -EINVAL;
|
|
|
|
str = np;
|
|
|
|
if (*str == '-') {
|
|
|
|
z = simple_strtoul(++str, &np, 0);
|
|
|
|
if (str == np || a > z || z >= bits)
|
|
|
|
return -EINVAL;
|
|
|
|
str = np;
|
|
|
|
}
|
|
|
|
for (i = a; i <= z; i++)
|
2018-09-05 05:45:11 +00:00
|
|
|
if (sign == '+')
|
|
|
|
set_bit_inv(i, bitmap);
|
|
|
|
else
|
|
|
|
clear_bit_inv(i, bitmap);
|
2018-08-20 13:27:45 +00:00
|
|
|
while (*str == ',' || *str == '\n')
|
|
|
|
str++;
|
|
|
|
}
|
|
|
|
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
s390/zcrypt: multiple zcrypt device nodes support
This patch is an extension to the zcrypt device driver to provide,
support and maintain multiple zcrypt device nodes. The individual
zcrypt device nodes can be restricted in terms of crypto cards,
domains and available ioctls. Such a device node can be used as a
base for container solutions like docker to control and restrict
the access to crypto resources.
The handling is done with a new sysfs subdir /sys/class/zcrypt.
Echoing a name (or an empty sting) into the attribute "create" creates
a new zcrypt device node. In /sys/class/zcrypt a new link will appear
which points to the sysfs device tree of this new device. The
attribute files "ioctlmask", "apmask" and "aqmask" in this directory
are used to customize this new zcrypt device node instance. Finally
the zcrypt device node can be destroyed by echoing the name into
/sys/class/zcrypt/destroy. The internal structs holding the device
info are reference counted - so a destroy will not hard remove a
device but only marks it as removable when the reference counter drops
to zero.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
* Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
* Relative format - a concatenation (done with ',') of the
terms +<bitnr>[-<bitnr>] or -<bitnr>[-<bitnr>]. <bitnr> may be any
valid number (hex, decimal or octal) in the range 0...255. Here are
some examples:
"+0-15,+32,-128,-0xFF"
"-0-255,+1-16,+0x128"
"+1,+2,+3,+4,-5,-7-10"
A simple usage examples:
# create new zcrypt device 'my_zcrypt':
echo "my_zcrypt" >/sys/class/zcrypt/create
# go into the device dir of this new device
echo "my_zcrypt" >create
cd my_zcrypt/
ls -l
total 0
-rw-r--r-- 1 root root 4096 Jul 20 15:23 apmask
-rw-r--r-- 1 root root 4096 Jul 20 15:23 aqmask
-r--r--r-- 1 root root 4096 Jul 20 15:23 dev
-rw-r--r-- 1 root root 4096 Jul 20 15:23 ioctlmask
lrwxrwxrwx 1 root root 0 Jul 20 15:23 subsystem -> ../../../../class/zcrypt
...
# customize this zcrypt node clone
# enable only adapter 0 and 2
echo "0xa0" >apmask
# enable only domain 6
echo "+6" >aqmask
# enable all 256 ioctls
echo "+0-255" >ioctls
# now the /dev/my_zcrypt may be used
# finally destroy it
echo "my_zcrypt" >/sys/class/zcrypt/destroy
Please note that a very similar 'filtering behavior' also applies to
the parent z90crypt device. The two mask attributes apmask and aqmask
in /sys/bus/ap act the very same for the z90crypt device node. However
the implementation here is totally different as the ap bus acts on
bind/unbind of queue devices and associated drivers but the effect is
still the same. So there are two filters active for each additional
zcrypt device node: The adapter/domain needs to be enabled on the ap
bus level and it needs to be active on the zcrypt device node level.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-09-17 14:18:41 +00:00
|
|
|
int ap_parse_mask_str(const char *str,
|
|
|
|
unsigned long *bitmap, int bits,
|
|
|
|
struct mutex *lock)
|
2018-08-20 13:27:45 +00:00
|
|
|
{
|
2018-09-05 05:45:11 +00:00
|
|
|
unsigned long *newmap, size;
|
|
|
|
int rc;
|
2018-08-20 13:27:45 +00:00
|
|
|
|
|
|
|
/* bits needs to be a multiple of 8 */
|
|
|
|
if (bits & 0x07)
|
|
|
|
return -EINVAL;
|
|
|
|
|
2018-09-05 05:45:11 +00:00
|
|
|
size = BITS_TO_LONGS(bits)*sizeof(unsigned long);
|
|
|
|
newmap = kmalloc(size, GFP_KERNEL);
|
|
|
|
if (!newmap)
|
|
|
|
return -ENOMEM;
|
|
|
|
if (mutex_lock_interruptible(lock)) {
|
|
|
|
kfree(newmap);
|
|
|
|
return -ERESTARTSYS;
|
|
|
|
}
|
|
|
|
|
2018-08-20 13:27:45 +00:00
|
|
|
if (*str == '+' || *str == '-') {
|
2018-09-05 05:45:11 +00:00
|
|
|
memcpy(newmap, bitmap, size);
|
|
|
|
rc = modify_bitmap(str, newmap, bits);
|
2018-08-20 13:27:45 +00:00
|
|
|
} else {
|
2018-09-05 05:45:11 +00:00
|
|
|
memset(newmap, 0, size);
|
|
|
|
rc = hex2bitmap(str, newmap, bits);
|
2018-08-20 13:27:45 +00:00
|
|
|
}
|
2018-09-05 05:45:11 +00:00
|
|
|
if (rc == 0)
|
|
|
|
memcpy(bitmap, newmap, size);
|
2018-08-20 13:27:45 +00:00
|
|
|
mutex_unlock(lock);
|
2018-09-05 05:45:11 +00:00
|
|
|
kfree(newmap);
|
|
|
|
return rc;
|
2018-08-20 13:27:45 +00:00
|
|
|
}
|
s390/zcrypt: multiple zcrypt device nodes support
This patch is an extension to the zcrypt device driver to provide,
support and maintain multiple zcrypt device nodes. The individual
zcrypt device nodes can be restricted in terms of crypto cards,
domains and available ioctls. Such a device node can be used as a
base for container solutions like docker to control and restrict
the access to crypto resources.
The handling is done with a new sysfs subdir /sys/class/zcrypt.
Echoing a name (or an empty sting) into the attribute "create" creates
a new zcrypt device node. In /sys/class/zcrypt a new link will appear
which points to the sysfs device tree of this new device. The
attribute files "ioctlmask", "apmask" and "aqmask" in this directory
are used to customize this new zcrypt device node instance. Finally
the zcrypt device node can be destroyed by echoing the name into
/sys/class/zcrypt/destroy. The internal structs holding the device
info are reference counted - so a destroy will not hard remove a
device but only marks it as removable when the reference counter drops
to zero.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
* Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
* Relative format - a concatenation (done with ',') of the
terms +<bitnr>[-<bitnr>] or -<bitnr>[-<bitnr>]. <bitnr> may be any
valid number (hex, decimal or octal) in the range 0...255. Here are
some examples:
"+0-15,+32,-128,-0xFF"
"-0-255,+1-16,+0x128"
"+1,+2,+3,+4,-5,-7-10"
A simple usage examples:
# create new zcrypt device 'my_zcrypt':
echo "my_zcrypt" >/sys/class/zcrypt/create
# go into the device dir of this new device
echo "my_zcrypt" >create
cd my_zcrypt/
ls -l
total 0
-rw-r--r-- 1 root root 4096 Jul 20 15:23 apmask
-rw-r--r-- 1 root root 4096 Jul 20 15:23 aqmask
-r--r--r-- 1 root root 4096 Jul 20 15:23 dev
-rw-r--r-- 1 root root 4096 Jul 20 15:23 ioctlmask
lrwxrwxrwx 1 root root 0 Jul 20 15:23 subsystem -> ../../../../class/zcrypt
...
# customize this zcrypt node clone
# enable only adapter 0 and 2
echo "0xa0" >apmask
# enable only domain 6
echo "+6" >aqmask
# enable all 256 ioctls
echo "+0-255" >ioctls
# now the /dev/my_zcrypt may be used
# finally destroy it
echo "my_zcrypt" >/sys/class/zcrypt/destroy
Please note that a very similar 'filtering behavior' also applies to
the parent z90crypt device. The two mask attributes apmask and aqmask
in /sys/bus/ap act the very same for the z90crypt device node. However
the implementation here is totally different as the ap bus acts on
bind/unbind of queue devices and associated drivers but the effect is
still the same. So there are two filters active for each additional
zcrypt device node: The adapter/domain needs to be enabled on the ap
bus level and it needs to be active on the zcrypt device node level.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-09-17 14:18:41 +00:00
|
|
|
EXPORT_SYMBOL(ap_parse_mask_str);
|
2018-08-20 13:27:45 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* AP bus attributes.
|
|
|
|
*/
|
|
|
|
|
2006-09-20 13:58:25 +00:00
|
|
|
static ssize_t ap_domain_show(struct bus_type *bus, char *buf)
|
|
|
|
{
|
2020-03-12 10:19:55 +00:00
|
|
|
return scnprintf(buf, PAGE_SIZE, "%d\n", ap_domain_index);
|
2006-09-20 13:58:25 +00:00
|
|
|
}
|
|
|
|
|
2016-08-25 09:11:30 +00:00
|
|
|
static ssize_t ap_domain_store(struct bus_type *bus,
|
|
|
|
const char *buf, size_t count)
|
|
|
|
{
|
|
|
|
int domain;
|
|
|
|
|
|
|
|
if (sscanf(buf, "%i\n", &domain) != 1 ||
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
domain < 0 || domain > ap_max_domain_id ||
|
|
|
|
!test_bit_inv(domain, ap_perms.aqm))
|
2016-08-25 09:11:30 +00:00
|
|
|
return -EINVAL;
|
2020-07-01 10:40:39 +00:00
|
|
|
|
2016-08-25 09:11:30 +00:00
|
|
|
spin_lock_bh(&ap_domain_lock);
|
|
|
|
ap_domain_index = domain;
|
|
|
|
spin_unlock_bh(&ap_domain_lock);
|
2016-11-24 05:45:21 +00:00
|
|
|
|
2020-07-02 13:56:15 +00:00
|
|
|
AP_DBF_INFO("stored new default domain=%d\n", domain);
|
2016-11-24 05:45:21 +00:00
|
|
|
|
2016-08-25 09:11:30 +00:00
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
2018-08-17 10:36:01 +00:00
|
|
|
static BUS_ATTR_RW(ap_domain);
|
2006-09-20 13:58:25 +00:00
|
|
|
|
2013-11-20 09:47:13 +00:00
|
|
|
static ssize_t ap_control_domain_mask_show(struct bus_type *bus, char *buf)
|
|
|
|
{
|
2020-07-01 10:40:39 +00:00
|
|
|
if (!ap_qci_info) /* QCI not supported */
|
2020-03-12 10:19:55 +00:00
|
|
|
return scnprintf(buf, PAGE_SIZE, "not supported\n");
|
|
|
|
|
|
|
|
return scnprintf(buf, PAGE_SIZE,
|
|
|
|
"0x%08x%08x%08x%08x%08x%08x%08x%08x\n",
|
2020-07-01 10:40:39 +00:00
|
|
|
ap_qci_info->adm[0], ap_qci_info->adm[1],
|
|
|
|
ap_qci_info->adm[2], ap_qci_info->adm[3],
|
|
|
|
ap_qci_info->adm[4], ap_qci_info->adm[5],
|
|
|
|
ap_qci_info->adm[6], ap_qci_info->adm[7]);
|
2013-11-20 09:47:13 +00:00
|
|
|
}
|
|
|
|
|
2018-08-17 10:36:01 +00:00
|
|
|
static BUS_ATTR_RO(ap_control_domain_mask);
|
2013-11-20 09:47:13 +00:00
|
|
|
|
2016-08-25 09:16:03 +00:00
|
|
|
static ssize_t ap_usage_domain_mask_show(struct bus_type *bus, char *buf)
|
|
|
|
{
|
2020-07-01 10:40:39 +00:00
|
|
|
if (!ap_qci_info) /* QCI not supported */
|
2020-03-12 10:19:55 +00:00
|
|
|
return scnprintf(buf, PAGE_SIZE, "not supported\n");
|
|
|
|
|
|
|
|
return scnprintf(buf, PAGE_SIZE,
|
|
|
|
"0x%08x%08x%08x%08x%08x%08x%08x%08x\n",
|
2020-07-01 10:40:39 +00:00
|
|
|
ap_qci_info->aqm[0], ap_qci_info->aqm[1],
|
|
|
|
ap_qci_info->aqm[2], ap_qci_info->aqm[3],
|
|
|
|
ap_qci_info->aqm[4], ap_qci_info->aqm[5],
|
|
|
|
ap_qci_info->aqm[6], ap_qci_info->aqm[7]);
|
2016-08-25 09:16:03 +00:00
|
|
|
}
|
|
|
|
|
2018-08-17 10:36:01 +00:00
|
|
|
static BUS_ATTR_RO(ap_usage_domain_mask);
|
2006-09-20 13:58:25 +00:00
|
|
|
|
2018-10-01 13:29:01 +00:00
|
|
|
static ssize_t ap_adapter_mask_show(struct bus_type *bus, char *buf)
|
|
|
|
{
|
2020-07-01 10:40:39 +00:00
|
|
|
if (!ap_qci_info) /* QCI not supported */
|
2020-03-12 10:19:55 +00:00
|
|
|
return scnprintf(buf, PAGE_SIZE, "not supported\n");
|
|
|
|
|
|
|
|
return scnprintf(buf, PAGE_SIZE,
|
|
|
|
"0x%08x%08x%08x%08x%08x%08x%08x%08x\n",
|
2020-07-01 10:40:39 +00:00
|
|
|
ap_qci_info->apm[0], ap_qci_info->apm[1],
|
|
|
|
ap_qci_info->apm[2], ap_qci_info->apm[3],
|
|
|
|
ap_qci_info->apm[4], ap_qci_info->apm[5],
|
|
|
|
ap_qci_info->apm[6], ap_qci_info->apm[7]);
|
2018-10-01 13:29:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static BUS_ATTR_RO(ap_adapter_mask);
|
|
|
|
|
2008-12-25 12:38:41 +00:00
|
|
|
static ssize_t ap_interrupts_show(struct bus_type *bus, char *buf)
|
|
|
|
{
|
2020-03-12 10:19:55 +00:00
|
|
|
return scnprintf(buf, PAGE_SIZE, "%d\n",
|
|
|
|
ap_using_interrupts() ? 1 : 0);
|
2008-12-25 12:38:41 +00:00
|
|
|
}
|
|
|
|
|
2018-08-17 10:36:01 +00:00
|
|
|
static BUS_ATTR_RO(ap_interrupts);
|
|
|
|
|
|
|
|
static ssize_t config_time_show(struct bus_type *bus, char *buf)
|
|
|
|
{
|
2020-03-12 10:19:55 +00:00
|
|
|
return scnprintf(buf, PAGE_SIZE, "%d\n", ap_config_time);
|
2018-08-17 10:36:01 +00:00
|
|
|
}
|
2008-12-25 12:38:41 +00:00
|
|
|
|
2018-08-17 10:36:01 +00:00
|
|
|
static ssize_t config_time_store(struct bus_type *bus,
|
|
|
|
const char *buf, size_t count)
|
2006-09-20 13:58:25 +00:00
|
|
|
{
|
|
|
|
int time;
|
|
|
|
|
|
|
|
if (sscanf(buf, "%d\n", &time) != 1 || time < 5 || time > 120)
|
|
|
|
return -EINVAL;
|
|
|
|
ap_config_time = time;
|
2015-07-23 08:55:59 +00:00
|
|
|
mod_timer(&ap_config_timer, jiffies + ap_config_time * HZ);
|
2006-09-20 13:58:25 +00:00
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
2018-08-17 10:36:01 +00:00
|
|
|
static BUS_ATTR_RW(config_time);
|
2006-09-20 13:58:25 +00:00
|
|
|
|
2018-08-17 10:36:01 +00:00
|
|
|
static ssize_t poll_thread_show(struct bus_type *bus, char *buf)
|
2006-09-20 13:58:25 +00:00
|
|
|
{
|
2020-03-12 10:19:55 +00:00
|
|
|
return scnprintf(buf, PAGE_SIZE, "%d\n", ap_poll_kthread ? 1 : 0);
|
2006-09-20 13:58:25 +00:00
|
|
|
}
|
|
|
|
|
2018-08-17 10:36:01 +00:00
|
|
|
static ssize_t poll_thread_store(struct bus_type *bus,
|
|
|
|
const char *buf, size_t count)
|
2006-09-20 13:58:25 +00:00
|
|
|
{
|
|
|
|
int flag, rc;
|
|
|
|
|
|
|
|
if (sscanf(buf, "%d\n", &flag) != 1)
|
|
|
|
return -EINVAL;
|
|
|
|
if (flag) {
|
|
|
|
rc = ap_poll_thread_start();
|
|
|
|
if (rc)
|
2015-07-17 11:43:18 +00:00
|
|
|
count = rc;
|
|
|
|
} else
|
2006-09-20 13:58:25 +00:00
|
|
|
ap_poll_thread_stop();
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
2018-08-17 10:36:01 +00:00
|
|
|
static BUS_ATTR_RW(poll_thread);
|
2006-09-20 13:58:25 +00:00
|
|
|
|
2008-07-14 07:59:08 +00:00
|
|
|
static ssize_t poll_timeout_show(struct bus_type *bus, char *buf)
|
|
|
|
{
|
2020-03-12 10:19:55 +00:00
|
|
|
return scnprintf(buf, PAGE_SIZE, "%llu\n", poll_timeout);
|
2008-07-14 07:59:08 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static ssize_t poll_timeout_store(struct bus_type *bus, const char *buf,
|
|
|
|
size_t count)
|
|
|
|
{
|
|
|
|
unsigned long long time;
|
|
|
|
ktime_t hr_time;
|
|
|
|
|
|
|
|
/* 120 seconds = maximum poll interval */
|
2008-12-25 12:38:41 +00:00
|
|
|
if (sscanf(buf, "%llu\n", &time) != 1 || time < 1 ||
|
|
|
|
time > 120000000000ULL)
|
2008-07-14 07:59:08 +00:00
|
|
|
return -EINVAL;
|
|
|
|
poll_timeout = time;
|
2016-12-25 11:30:41 +00:00
|
|
|
hr_time = poll_timeout;
|
2008-07-14 07:59:08 +00:00
|
|
|
|
2015-04-28 08:31:44 +00:00
|
|
|
spin_lock_bh(&ap_poll_timer_lock);
|
|
|
|
hrtimer_cancel(&ap_poll_timer);
|
|
|
|
hrtimer_set_expires(&ap_poll_timer, hr_time);
|
|
|
|
hrtimer_start_expires(&ap_poll_timer, HRTIMER_MODE_ABS);
|
|
|
|
spin_unlock_bh(&ap_poll_timer_lock);
|
|
|
|
|
2008-07-14 07:59:08 +00:00
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
2018-08-17 10:36:01 +00:00
|
|
|
static BUS_ATTR_RW(poll_timeout);
|
2008-07-14 07:59:08 +00:00
|
|
|
|
2015-01-23 12:27:04 +00:00
|
|
|
static ssize_t ap_max_domain_id_show(struct bus_type *bus, char *buf)
|
|
|
|
{
|
2020-07-01 10:40:39 +00:00
|
|
|
return scnprintf(buf, PAGE_SIZE, "%d\n", ap_max_domain_id);
|
2015-01-23 12:27:04 +00:00
|
|
|
}
|
|
|
|
|
2018-08-17 10:36:01 +00:00
|
|
|
static BUS_ATTR_RO(ap_max_domain_id);
|
2015-01-23 12:27:04 +00:00
|
|
|
|
2020-07-01 10:40:39 +00:00
|
|
|
static ssize_t ap_max_adapter_id_show(struct bus_type *bus, char *buf)
|
|
|
|
{
|
|
|
|
return scnprintf(buf, PAGE_SIZE, "%d\n", ap_max_adapter_id);
|
|
|
|
}
|
|
|
|
|
|
|
|
static BUS_ATTR_RO(ap_max_adapter_id);
|
|
|
|
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
static ssize_t apmask_show(struct bus_type *bus, char *buf)
|
|
|
|
{
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
if (mutex_lock_interruptible(&ap_perms_mutex))
|
|
|
|
return -ERESTARTSYS;
|
2020-03-12 10:19:55 +00:00
|
|
|
rc = scnprintf(buf, PAGE_SIZE,
|
|
|
|
"0x%016lx%016lx%016lx%016lx\n",
|
|
|
|
ap_perms.apm[0], ap_perms.apm[1],
|
|
|
|
ap_perms.apm[2], ap_perms.apm[3]);
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
mutex_unlock(&ap_perms_mutex);
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
static ssize_t apmask_store(struct bus_type *bus, const char *buf,
|
|
|
|
size_t count)
|
|
|
|
{
|
2018-08-20 13:27:45 +00:00
|
|
|
int rc;
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
|
s390/zcrypt: multiple zcrypt device nodes support
This patch is an extension to the zcrypt device driver to provide,
support and maintain multiple zcrypt device nodes. The individual
zcrypt device nodes can be restricted in terms of crypto cards,
domains and available ioctls. Such a device node can be used as a
base for container solutions like docker to control and restrict
the access to crypto resources.
The handling is done with a new sysfs subdir /sys/class/zcrypt.
Echoing a name (or an empty sting) into the attribute "create" creates
a new zcrypt device node. In /sys/class/zcrypt a new link will appear
which points to the sysfs device tree of this new device. The
attribute files "ioctlmask", "apmask" and "aqmask" in this directory
are used to customize this new zcrypt device node instance. Finally
the zcrypt device node can be destroyed by echoing the name into
/sys/class/zcrypt/destroy. The internal structs holding the device
info are reference counted - so a destroy will not hard remove a
device but only marks it as removable when the reference counter drops
to zero.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
* Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
* Relative format - a concatenation (done with ',') of the
terms +<bitnr>[-<bitnr>] or -<bitnr>[-<bitnr>]. <bitnr> may be any
valid number (hex, decimal or octal) in the range 0...255. Here are
some examples:
"+0-15,+32,-128,-0xFF"
"-0-255,+1-16,+0x128"
"+1,+2,+3,+4,-5,-7-10"
A simple usage examples:
# create new zcrypt device 'my_zcrypt':
echo "my_zcrypt" >/sys/class/zcrypt/create
# go into the device dir of this new device
echo "my_zcrypt" >create
cd my_zcrypt/
ls -l
total 0
-rw-r--r-- 1 root root 4096 Jul 20 15:23 apmask
-rw-r--r-- 1 root root 4096 Jul 20 15:23 aqmask
-r--r--r-- 1 root root 4096 Jul 20 15:23 dev
-rw-r--r-- 1 root root 4096 Jul 20 15:23 ioctlmask
lrwxrwxrwx 1 root root 0 Jul 20 15:23 subsystem -> ../../../../class/zcrypt
...
# customize this zcrypt node clone
# enable only adapter 0 and 2
echo "0xa0" >apmask
# enable only domain 6
echo "+6" >aqmask
# enable all 256 ioctls
echo "+0-255" >ioctls
# now the /dev/my_zcrypt may be used
# finally destroy it
echo "my_zcrypt" >/sys/class/zcrypt/destroy
Please note that a very similar 'filtering behavior' also applies to
the parent z90crypt device. The two mask attributes apmask and aqmask
in /sys/bus/ap act the very same for the z90crypt device node. However
the implementation here is totally different as the ap bus acts on
bind/unbind of queue devices and associated drivers but the effect is
still the same. So there are two filters active for each additional
zcrypt device node: The adapter/domain needs to be enabled on the ap
bus level and it needs to be active on the zcrypt device node level.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-09-17 14:18:41 +00:00
|
|
|
rc = ap_parse_mask_str(buf, ap_perms.apm, AP_DEVICES, &ap_perms_mutex);
|
2018-08-20 13:27:45 +00:00
|
|
|
if (rc)
|
|
|
|
return rc;
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
|
|
|
|
ap_bus_revise_bindings();
|
|
|
|
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
|
|
|
static BUS_ATTR_RW(apmask);
|
|
|
|
|
|
|
|
static ssize_t aqmask_show(struct bus_type *bus, char *buf)
|
|
|
|
{
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
if (mutex_lock_interruptible(&ap_perms_mutex))
|
|
|
|
return -ERESTARTSYS;
|
2020-03-12 10:19:55 +00:00
|
|
|
rc = scnprintf(buf, PAGE_SIZE,
|
|
|
|
"0x%016lx%016lx%016lx%016lx\n",
|
|
|
|
ap_perms.aqm[0], ap_perms.aqm[1],
|
|
|
|
ap_perms.aqm[2], ap_perms.aqm[3]);
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
mutex_unlock(&ap_perms_mutex);
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
static ssize_t aqmask_store(struct bus_type *bus, const char *buf,
|
|
|
|
size_t count)
|
|
|
|
{
|
2018-08-20 13:27:45 +00:00
|
|
|
int rc;
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
|
s390/zcrypt: multiple zcrypt device nodes support
This patch is an extension to the zcrypt device driver to provide,
support and maintain multiple zcrypt device nodes. The individual
zcrypt device nodes can be restricted in terms of crypto cards,
domains and available ioctls. Such a device node can be used as a
base for container solutions like docker to control and restrict
the access to crypto resources.
The handling is done with a new sysfs subdir /sys/class/zcrypt.
Echoing a name (or an empty sting) into the attribute "create" creates
a new zcrypt device node. In /sys/class/zcrypt a new link will appear
which points to the sysfs device tree of this new device. The
attribute files "ioctlmask", "apmask" and "aqmask" in this directory
are used to customize this new zcrypt device node instance. Finally
the zcrypt device node can be destroyed by echoing the name into
/sys/class/zcrypt/destroy. The internal structs holding the device
info are reference counted - so a destroy will not hard remove a
device but only marks it as removable when the reference counter drops
to zero.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
* Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
* Relative format - a concatenation (done with ',') of the
terms +<bitnr>[-<bitnr>] or -<bitnr>[-<bitnr>]. <bitnr> may be any
valid number (hex, decimal or octal) in the range 0...255. Here are
some examples:
"+0-15,+32,-128,-0xFF"
"-0-255,+1-16,+0x128"
"+1,+2,+3,+4,-5,-7-10"
A simple usage examples:
# create new zcrypt device 'my_zcrypt':
echo "my_zcrypt" >/sys/class/zcrypt/create
# go into the device dir of this new device
echo "my_zcrypt" >create
cd my_zcrypt/
ls -l
total 0
-rw-r--r-- 1 root root 4096 Jul 20 15:23 apmask
-rw-r--r-- 1 root root 4096 Jul 20 15:23 aqmask
-r--r--r-- 1 root root 4096 Jul 20 15:23 dev
-rw-r--r-- 1 root root 4096 Jul 20 15:23 ioctlmask
lrwxrwxrwx 1 root root 0 Jul 20 15:23 subsystem -> ../../../../class/zcrypt
...
# customize this zcrypt node clone
# enable only adapter 0 and 2
echo "0xa0" >apmask
# enable only domain 6
echo "+6" >aqmask
# enable all 256 ioctls
echo "+0-255" >ioctls
# now the /dev/my_zcrypt may be used
# finally destroy it
echo "my_zcrypt" >/sys/class/zcrypt/destroy
Please note that a very similar 'filtering behavior' also applies to
the parent z90crypt device. The two mask attributes apmask and aqmask
in /sys/bus/ap act the very same for the z90crypt device node. However
the implementation here is totally different as the ap bus acts on
bind/unbind of queue devices and associated drivers but the effect is
still the same. So there are two filters active for each additional
zcrypt device node: The adapter/domain needs to be enabled on the ap
bus level and it needs to be active on the zcrypt device node level.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-09-17 14:18:41 +00:00
|
|
|
rc = ap_parse_mask_str(buf, ap_perms.aqm, AP_DOMAINS, &ap_perms_mutex);
|
2018-08-20 13:27:45 +00:00
|
|
|
if (rc)
|
|
|
|
return rc;
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
|
|
|
|
ap_bus_revise_bindings();
|
|
|
|
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
|
|
|
static BUS_ATTR_RW(aqmask);
|
|
|
|
|
2020-08-31 08:16:26 +00:00
|
|
|
static ssize_t scans_show(struct bus_type *bus, char *buf)
|
|
|
|
{
|
|
|
|
return scnprintf(buf, PAGE_SIZE, "%llu\n",
|
|
|
|
atomic64_read(&ap_scan_bus_count));
|
|
|
|
}
|
|
|
|
|
|
|
|
static BUS_ATTR_RO(scans);
|
|
|
|
|
|
|
|
static ssize_t bindings_show(struct bus_type *bus, char *buf)
|
|
|
|
{
|
|
|
|
int rc;
|
|
|
|
unsigned int apqns, n;
|
|
|
|
|
|
|
|
ap_calc_bound_apqns(&apqns, &n);
|
|
|
|
if (atomic64_read(&ap_scan_bus_count) >= 1 && n == apqns)
|
|
|
|
rc = scnprintf(buf, PAGE_SIZE, "%u/%u (complete)\n", n, apqns);
|
|
|
|
else
|
|
|
|
rc = scnprintf(buf, PAGE_SIZE, "%u/%u\n", n, apqns);
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
static BUS_ATTR_RO(bindings);
|
|
|
|
|
2020-11-09 13:41:07 +00:00
|
|
|
static struct attribute *ap_bus_attrs[] = {
|
|
|
|
&bus_attr_ap_domain.attr,
|
|
|
|
&bus_attr_ap_control_domain_mask.attr,
|
|
|
|
&bus_attr_ap_usage_domain_mask.attr,
|
|
|
|
&bus_attr_ap_adapter_mask.attr,
|
|
|
|
&bus_attr_config_time.attr,
|
|
|
|
&bus_attr_poll_thread.attr,
|
|
|
|
&bus_attr_ap_interrupts.attr,
|
|
|
|
&bus_attr_poll_timeout.attr,
|
|
|
|
&bus_attr_ap_max_domain_id.attr,
|
|
|
|
&bus_attr_ap_max_adapter_id.attr,
|
|
|
|
&bus_attr_apmask.attr,
|
|
|
|
&bus_attr_aqmask.attr,
|
|
|
|
&bus_attr_scans.attr,
|
|
|
|
&bus_attr_bindings.attr,
|
2008-07-14 07:59:08 +00:00
|
|
|
NULL,
|
2006-09-20 13:58:25 +00:00
|
|
|
};
|
2020-11-09 13:41:07 +00:00
|
|
|
ATTRIBUTE_GROUPS(ap_bus);
|
|
|
|
|
|
|
|
static struct bus_type ap_bus_type = {
|
|
|
|
.name = "ap",
|
|
|
|
.bus_groups = ap_bus_groups,
|
|
|
|
.match = &ap_bus_match,
|
|
|
|
.uevent = &ap_uevent,
|
2021-04-16 10:46:27 +00:00
|
|
|
.probe = ap_device_probe,
|
|
|
|
.remove = ap_device_remove,
|
2020-11-09 13:41:07 +00:00
|
|
|
};
|
2006-09-20 13:58:25 +00:00
|
|
|
|
|
|
|
/**
|
2018-09-17 13:23:03 +00:00
|
|
|
* ap_select_domain(): Select an AP domain if possible and we haven't
|
|
|
|
* already done so before.
|
2006-09-20 13:58:25 +00:00
|
|
|
*/
|
2018-09-17 13:23:03 +00:00
|
|
|
static void ap_select_domain(void)
|
2006-09-20 13:58:25 +00:00
|
|
|
{
|
2015-06-26 13:40:41 +00:00
|
|
|
struct ap_queue_status status;
|
2020-07-01 10:40:39 +00:00
|
|
|
int card, dom;
|
2006-09-20 13:58:25 +00:00
|
|
|
|
2008-04-17 05:46:28 +00:00
|
|
|
/*
|
2020-07-01 10:40:39 +00:00
|
|
|
* Choose the default domain. Either the one specified with
|
|
|
|
* the "domain=" parameter or the first domain with at least
|
|
|
|
* one valid APQN.
|
2006-09-20 13:58:25 +00:00
|
|
|
*/
|
2016-08-25 09:11:30 +00:00
|
|
|
spin_lock_bh(&ap_domain_lock);
|
|
|
|
if (ap_domain_index >= 0) {
|
2006-09-20 13:58:25 +00:00
|
|
|
/* Domain has already been selected. */
|
2020-07-01 10:40:39 +00:00
|
|
|
goto out;
|
2016-08-25 09:11:30 +00:00
|
|
|
}
|
2020-07-01 10:40:39 +00:00
|
|
|
for (dom = 0; dom <= ap_max_domain_id; dom++) {
|
|
|
|
if (!ap_test_config_usage_domain(dom) ||
|
|
|
|
!test_bit_inv(dom, ap_perms.aqm))
|
2012-08-28 14:41:50 +00:00
|
|
|
continue;
|
2020-07-01 10:40:39 +00:00
|
|
|
for (card = 0; card <= ap_max_adapter_id; card++) {
|
|
|
|
if (!ap_test_config_card_id(card) ||
|
|
|
|
!test_bit_inv(card, ap_perms.apm))
|
2012-08-28 14:41:50 +00:00
|
|
|
continue;
|
2020-07-01 10:40:39 +00:00
|
|
|
status = ap_test_queue(AP_MKQID(card, dom),
|
2016-11-08 06:09:13 +00:00
|
|
|
ap_apft_available(),
|
|
|
|
NULL);
|
2020-07-01 10:40:39 +00:00
|
|
|
if (status.response_code == AP_RESPONSE_NORMAL)
|
|
|
|
break;
|
2006-09-20 13:58:25 +00:00
|
|
|
}
|
2020-07-01 10:40:39 +00:00
|
|
|
if (card <= ap_max_adapter_id)
|
|
|
|
break;
|
2006-09-20 13:58:25 +00:00
|
|
|
}
|
2020-07-01 10:40:39 +00:00
|
|
|
if (dom <= ap_max_domain_id) {
|
|
|
|
ap_domain_index = dom;
|
2020-07-02 13:56:15 +00:00
|
|
|
AP_DBF_INFO("%s new default domain is %d\n",
|
|
|
|
__func__, ap_domain_index);
|
2006-09-20 13:58:25 +00:00
|
|
|
}
|
2020-07-01 10:40:39 +00:00
|
|
|
out:
|
2016-08-25 09:11:30 +00:00
|
|
|
spin_unlock_bh(&ap_domain_lock);
|
2006-09-20 13:58:25 +00:00
|
|
|
}
|
|
|
|
|
2017-10-16 10:28:35 +00:00
|
|
|
/*
|
|
|
|
* This function checks the type and returns either 0 for not
|
|
|
|
* supported or the highest compatible type value (which may
|
|
|
|
* include the input type value).
|
|
|
|
*/
|
|
|
|
static int ap_get_compatible_type(ap_qid_t qid, int rawtype, unsigned int func)
|
|
|
|
{
|
|
|
|
int comp_type = 0;
|
|
|
|
|
|
|
|
/* < CEX2A is not supported */
|
2020-07-02 13:56:15 +00:00
|
|
|
if (rawtype < AP_DEVICE_TYPE_CEX2A) {
|
|
|
|
AP_DBF_WARN("get_comp_type queue=%02x.%04x unsupported type %d\n",
|
|
|
|
AP_QID_CARD(qid), AP_QID_QUEUE(qid), rawtype);
|
2017-10-16 10:28:35 +00:00
|
|
|
return 0;
|
2020-07-02 13:56:15 +00:00
|
|
|
}
|
2019-08-16 09:05:58 +00:00
|
|
|
/* up to CEX7 known and fully supported */
|
|
|
|
if (rawtype <= AP_DEVICE_TYPE_CEX7)
|
2017-10-16 10:28:35 +00:00
|
|
|
return rawtype;
|
|
|
|
/*
|
2019-08-16 09:05:58 +00:00
|
|
|
* unknown new type > CEX7, check for compatibility
|
2017-10-16 10:28:35 +00:00
|
|
|
* to the highest known and supported type which is
|
2019-08-16 09:05:58 +00:00
|
|
|
* currently CEX7 with the help of the QACT function.
|
2017-10-16 10:28:35 +00:00
|
|
|
*/
|
|
|
|
if (ap_qact_available()) {
|
|
|
|
struct ap_queue_status status;
|
2017-10-30 11:10:54 +00:00
|
|
|
union ap_qact_ap_info apinfo = {0};
|
2017-10-16 10:28:35 +00:00
|
|
|
|
|
|
|
apinfo.mode = (func >> 26) & 0x07;
|
2019-08-16 09:05:58 +00:00
|
|
|
apinfo.cat = AP_DEVICE_TYPE_CEX7;
|
2017-10-16 10:28:35 +00:00
|
|
|
status = ap_qact(qid, 0, &apinfo);
|
|
|
|
if (status.response_code == AP_RESPONSE_NORMAL
|
|
|
|
&& apinfo.cat >= AP_DEVICE_TYPE_CEX2A
|
2019-08-16 09:05:58 +00:00
|
|
|
&& apinfo.cat <= AP_DEVICE_TYPE_CEX7)
|
2017-10-16 10:28:35 +00:00
|
|
|
comp_type = apinfo.cat;
|
|
|
|
}
|
|
|
|
if (!comp_type)
|
2020-07-02 13:56:15 +00:00
|
|
|
AP_DBF_WARN("get_comp_type queue=%02x.%04x unable to map type %d\n",
|
|
|
|
AP_QID_CARD(qid), AP_QID_QUEUE(qid), rawtype);
|
2017-10-16 10:28:35 +00:00
|
|
|
else if (comp_type != rawtype)
|
2020-07-02 13:56:15 +00:00
|
|
|
AP_DBF_INFO("get_comp_type queue=%02x.%04x map type %d to %d\n",
|
|
|
|
AP_QID_CARD(qid), AP_QID_QUEUE(qid),
|
|
|
|
rawtype, comp_type);
|
2017-10-16 10:28:35 +00:00
|
|
|
return comp_type;
|
|
|
|
}
|
|
|
|
|
2016-08-25 09:16:03 +00:00
|
|
|
/*
|
2018-11-29 10:50:16 +00:00
|
|
|
* Helper function to be used with bus_find_dev
|
2016-08-25 09:16:03 +00:00
|
|
|
* matches for the card device with the given id
|
2006-09-20 13:58:25 +00:00
|
|
|
*/
|
2019-06-14 17:53:59 +00:00
|
|
|
static int __match_card_device_with_id(struct device *dev, const void *data)
|
2006-09-20 13:58:25 +00:00
|
|
|
{
|
2019-06-14 17:53:59 +00:00
|
|
|
return is_card_dev(dev) && to_ap_card(dev)->id == (int)(long)(void *) data;
|
2006-09-20 13:58:25 +00:00
|
|
|
}
|
|
|
|
|
2018-11-29 10:50:16 +00:00
|
|
|
/*
|
|
|
|
* Helper function to be used with bus_find_dev
|
2016-08-25 09:16:03 +00:00
|
|
|
* matches for the queue device with a given qid
|
|
|
|
*/
|
2019-06-14 17:53:59 +00:00
|
|
|
static int __match_queue_device_with_qid(struct device *dev, const void *data)
|
2016-08-25 09:16:03 +00:00
|
|
|
{
|
|
|
|
return is_queue_dev(dev) && to_ap_queue(dev)->qid == (int)(long) data;
|
|
|
|
}
|
|
|
|
|
2019-02-05 16:22:36 +00:00
|
|
|
/*
|
|
|
|
* Helper function to be used with bus_find_dev
|
|
|
|
* matches any queue device with given queue id
|
|
|
|
*/
|
2019-06-14 17:53:59 +00:00
|
|
|
static int __match_queue_device_with_queue_id(struct device *dev, const void *data)
|
2019-02-05 16:22:36 +00:00
|
|
|
{
|
|
|
|
return is_queue_dev(dev)
|
|
|
|
&& AP_QID_QUEUE(to_ap_queue(dev)->qid) == (int)(long) data;
|
|
|
|
}
|
|
|
|
|
2018-11-29 10:50:16 +00:00
|
|
|
/*
|
|
|
|
* Helper function for ap_scan_bus().
|
2020-07-02 14:57:00 +00:00
|
|
|
* Remove card device and associated queue devices.
|
|
|
|
*/
|
|
|
|
static inline void ap_scan_rm_card_dev_and_queue_devs(struct ap_card *ac)
|
|
|
|
{
|
|
|
|
bus_for_each_dev(&ap_bus_type, NULL,
|
|
|
|
(void *)(long) ac->id,
|
|
|
|
__ap_queue_devices_with_id_unregister);
|
|
|
|
device_unregister(&ac->ap_dev.device);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Helper function for ap_scan_bus().
|
|
|
|
* Does the scan bus job for all the domains within
|
|
|
|
* a valid adapter given by an ap_card ptr.
|
2016-08-25 09:16:03 +00:00
|
|
|
*/
|
2020-07-02 14:57:00 +00:00
|
|
|
static inline void ap_scan_domains(struct ap_card *ac)
|
2006-09-20 13:58:25 +00:00
|
|
|
{
|
2020-07-02 14:57:00 +00:00
|
|
|
bool decfg;
|
2018-11-29 10:50:16 +00:00
|
|
|
ap_qid_t qid;
|
|
|
|
unsigned int func;
|
2006-09-20 13:58:25 +00:00
|
|
|
struct device *dev;
|
2018-11-29 10:50:16 +00:00
|
|
|
struct ap_queue *aq;
|
2021-06-25 10:29:46 +00:00
|
|
|
int rc, dom, depth, type, ml;
|
2020-07-02 14:57:00 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Go through the configuration for the domains and compare them
|
|
|
|
* to the existing queue devices. Also take care of the config
|
|
|
|
* and error state for the queue devices.
|
|
|
|
*/
|
|
|
|
|
|
|
|
for (dom = 0; dom <= ap_max_domain_id; dom++) {
|
|
|
|
qid = AP_MKQID(ac->id, dom);
|
|
|
|
dev = bus_find_device(&ap_bus_type, NULL,
|
|
|
|
(void *)(long) qid,
|
|
|
|
__match_queue_device_with_qid);
|
|
|
|
aq = dev ? to_ap_queue(dev) : NULL;
|
|
|
|
if (!ap_test_config_usage_domain(dom)) {
|
|
|
|
if (dev) {
|
|
|
|
AP_DBF_INFO("%s(%d,%d) not in config any more, rm queue device\n",
|
|
|
|
__func__, ac->id, dom);
|
|
|
|
device_unregister(dev);
|
|
|
|
put_device(dev);
|
|
|
|
}
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
/* domain is valid, get info from this APQN */
|
2021-06-25 10:29:46 +00:00
|
|
|
if (!ap_queue_info(qid, &type, &func, &depth, &ml, &decfg)) {
|
2020-07-02 14:57:00 +00:00
|
|
|
if (aq) {
|
|
|
|
AP_DBF_INFO(
|
|
|
|
"%s(%d,%d) ap_queue_info() not successful, rm queue device\n",
|
|
|
|
__func__, ac->id, dom);
|
|
|
|
device_unregister(dev);
|
|
|
|
put_device(dev);
|
|
|
|
}
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
/* if no queue device exists, create a new one */
|
|
|
|
if (!aq) {
|
|
|
|
aq = ap_queue_create(qid, ac->ap_dev.device_type);
|
|
|
|
if (!aq) {
|
|
|
|
AP_DBF_WARN("%s(%d,%d) ap_queue_create() failed\n",
|
|
|
|
__func__, ac->id, dom);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
aq->card = ac;
|
|
|
|
aq->config = !decfg;
|
|
|
|
dev = &aq->ap_dev.device;
|
|
|
|
dev->bus = &ap_bus_type;
|
|
|
|
dev->parent = &ac->ap_dev.device;
|
|
|
|
dev_set_name(dev, "%02x.%04x", ac->id, dom);
|
|
|
|
/* register queue device */
|
|
|
|
rc = device_register(dev);
|
|
|
|
if (rc) {
|
|
|
|
AP_DBF_WARN("%s(%d,%d) device_register() failed\n",
|
|
|
|
__func__, ac->id, dom);
|
|
|
|
goto put_dev_and_continue;
|
|
|
|
}
|
2020-10-20 10:20:30 +00:00
|
|
|
/* get it and thus adjust reference counter */
|
|
|
|
get_device(dev);
|
2020-07-02 14:57:00 +00:00
|
|
|
if (decfg)
|
|
|
|
AP_DBF_INFO("%s(%d,%d) new (decfg) queue device created\n",
|
|
|
|
__func__, ac->id, dom);
|
|
|
|
else
|
|
|
|
AP_DBF_INFO("%s(%d,%d) new queue device created\n",
|
|
|
|
__func__, ac->id, dom);
|
|
|
|
goto put_dev_and_continue;
|
|
|
|
}
|
|
|
|
/* Check config state on the already existing queue device */
|
|
|
|
spin_lock_bh(&aq->lock);
|
|
|
|
if (decfg && aq->config) {
|
|
|
|
/* config off this queue device */
|
|
|
|
aq->config = false;
|
|
|
|
if (aq->dev_state > AP_DEV_STATE_UNINITIATED) {
|
|
|
|
aq->dev_state = AP_DEV_STATE_ERROR;
|
|
|
|
aq->last_err_rc = AP_RESPONSE_DECONFIGURED;
|
|
|
|
}
|
|
|
|
spin_unlock_bh(&aq->lock);
|
|
|
|
AP_DBF_INFO("%s(%d,%d) queue device config off\n",
|
|
|
|
__func__, ac->id, dom);
|
2021-04-13 16:11:09 +00:00
|
|
|
ap_send_config_uevent(&aq->ap_dev, aq->config);
|
2020-07-02 14:57:00 +00:00
|
|
|
/* 'receive' pending messages with -EAGAIN */
|
|
|
|
ap_flush_queue(aq);
|
|
|
|
goto put_dev_and_continue;
|
|
|
|
}
|
|
|
|
if (!decfg && !aq->config) {
|
|
|
|
/* config on this queue device */
|
|
|
|
aq->config = true;
|
|
|
|
if (aq->dev_state > AP_DEV_STATE_UNINITIATED) {
|
|
|
|
aq->dev_state = AP_DEV_STATE_OPERATING;
|
|
|
|
aq->sm_state = AP_SM_STATE_RESET_START;
|
|
|
|
}
|
|
|
|
spin_unlock_bh(&aq->lock);
|
|
|
|
AP_DBF_INFO("%s(%d,%d) queue device config on\n",
|
|
|
|
__func__, ac->id, dom);
|
2021-04-13 16:11:09 +00:00
|
|
|
ap_send_config_uevent(&aq->ap_dev, aq->config);
|
2020-07-02 14:57:00 +00:00
|
|
|
goto put_dev_and_continue;
|
|
|
|
}
|
|
|
|
/* handle other error states */
|
|
|
|
if (!decfg && aq->dev_state == AP_DEV_STATE_ERROR) {
|
|
|
|
spin_unlock_bh(&aq->lock);
|
|
|
|
/* 'receive' pending messages with -EAGAIN */
|
|
|
|
ap_flush_queue(aq);
|
|
|
|
/* re-init (with reset) the queue device */
|
|
|
|
ap_queue_init_state(aq);
|
|
|
|
AP_DBF_INFO("%s(%d,%d) queue device reinit enforced\n",
|
|
|
|
__func__, ac->id, dom);
|
|
|
|
goto put_dev_and_continue;
|
|
|
|
}
|
|
|
|
spin_unlock_bh(&aq->lock);
|
|
|
|
put_dev_and_continue:
|
|
|
|
put_device(dev);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Helper function for ap_scan_bus().
|
|
|
|
* Does the scan bus job for the given adapter id.
|
|
|
|
*/
|
|
|
|
static inline void ap_scan_adapter(int ap)
|
|
|
|
{
|
|
|
|
bool decfg;
|
|
|
|
ap_qid_t qid;
|
|
|
|
unsigned int func;
|
|
|
|
struct device *dev;
|
|
|
|
struct ap_card *ac;
|
2021-06-25 10:29:46 +00:00
|
|
|
int rc, dom, depth, type, comp_type, ml;
|
2018-11-29 10:50:16 +00:00
|
|
|
|
2020-07-02 14:57:00 +00:00
|
|
|
/* Is there currently a card device for this adapter ? */
|
2018-11-29 10:50:16 +00:00
|
|
|
dev = bus_find_device(&ap_bus_type, NULL,
|
2020-07-02 14:57:00 +00:00
|
|
|
(void *)(long) ap,
|
2018-11-29 10:50:16 +00:00
|
|
|
__match_card_device_with_id);
|
|
|
|
ac = dev ? to_ap_card(dev) : NULL;
|
2020-07-02 14:57:00 +00:00
|
|
|
|
|
|
|
/* Adapter not in configuration ? */
|
|
|
|
if (!ap_test_config_card_id(ap)) {
|
|
|
|
if (ac) {
|
|
|
|
AP_DBF_INFO("%s(%d) ap not in config any more, rm card and queue devices\n",
|
|
|
|
__func__, ap);
|
|
|
|
ap_scan_rm_card_dev_and_queue_devs(ac);
|
2018-11-29 10:50:16 +00:00
|
|
|
put_device(dev);
|
|
|
|
}
|
|
|
|
return;
|
|
|
|
}
|
2016-11-24 05:45:21 +00:00
|
|
|
|
2018-11-29 10:50:16 +00:00
|
|
|
/*
|
2020-07-02 14:57:00 +00:00
|
|
|
* Adapter ap is valid in the current configuration. So do some checks:
|
|
|
|
* If no card device exists, build one. If a card device exists, check
|
|
|
|
* for type and functions changed. For all this we need to find a valid
|
|
|
|
* APQN first.
|
2018-11-29 10:50:16 +00:00
|
|
|
*/
|
2020-07-02 14:57:00 +00:00
|
|
|
|
|
|
|
for (dom = 0; dom <= ap_max_domain_id; dom++)
|
|
|
|
if (ap_test_config_usage_domain(dom)) {
|
|
|
|
qid = AP_MKQID(ap, dom);
|
2021-06-25 10:29:46 +00:00
|
|
|
if (ap_queue_info(qid, &type, &func,
|
|
|
|
&depth, &ml, &decfg))
|
2018-11-29 10:50:16 +00:00
|
|
|
break;
|
|
|
|
}
|
2020-07-02 14:57:00 +00:00
|
|
|
if (dom > ap_max_domain_id) {
|
|
|
|
/* Could not find a valid APQN for this adapter */
|
|
|
|
if (ac) {
|
|
|
|
AP_DBF_INFO(
|
|
|
|
"%s(%d) no type info (no APQN found), rm card and queue devices\n",
|
|
|
|
__func__, ap);
|
|
|
|
ap_scan_rm_card_dev_and_queue_devs(ac);
|
|
|
|
put_device(dev);
|
|
|
|
} else {
|
|
|
|
AP_DBF_DBG("%s(%d) no type info (no APQN found), ignored\n",
|
|
|
|
__func__, ap);
|
2018-11-29 10:50:16 +00:00
|
|
|
}
|
2020-07-02 14:57:00 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (!type) {
|
|
|
|
/* No apdater type info available, an unusable adapter */
|
|
|
|
if (ac) {
|
|
|
|
AP_DBF_INFO("%s(%d) no valid type (0) info, rm card and queue devices\n",
|
|
|
|
__func__, ap);
|
|
|
|
ap_scan_rm_card_dev_and_queue_devs(ac);
|
2018-11-29 10:50:16 +00:00
|
|
|
put_device(dev);
|
2020-07-02 14:57:00 +00:00
|
|
|
} else {
|
|
|
|
AP_DBF_DBG("%s(%d) no valid type (0) info, ignored\n",
|
|
|
|
__func__, ap);
|
2018-11-29 10:50:16 +00:00
|
|
|
}
|
2020-07-02 14:57:00 +00:00
|
|
|
return;
|
2018-11-29 10:50:16 +00:00
|
|
|
}
|
2015-06-26 14:55:35 +00:00
|
|
|
|
2020-07-02 14:57:00 +00:00
|
|
|
if (ac) {
|
|
|
|
/* Check APQN against existing card device for changes */
|
|
|
|
if (ac->raw_hwtype != type) {
|
|
|
|
AP_DBF_INFO("%s(%d) hwtype %d changed, rm card and queue devices\n",
|
|
|
|
__func__, ap, type);
|
|
|
|
ap_scan_rm_card_dev_and_queue_devs(ac);
|
|
|
|
put_device(dev);
|
|
|
|
ac = NULL;
|
|
|
|
} else if (ac->functions != func) {
|
|
|
|
AP_DBF_INFO("%s(%d) functions 0x%08x changed, rm card and queue devices\n",
|
|
|
|
__func__, ap, type);
|
|
|
|
ap_scan_rm_card_dev_and_queue_devs(ac);
|
|
|
|
put_device(dev);
|
|
|
|
ac = NULL;
|
|
|
|
} else {
|
|
|
|
if (decfg && ac->config) {
|
|
|
|
ac->config = false;
|
|
|
|
AP_DBF_INFO("%s(%d) card device config off\n",
|
|
|
|
__func__, ap);
|
2021-04-13 16:11:09 +00:00
|
|
|
ap_send_config_uevent(&ac->ap_dev, ac->config);
|
2016-08-25 09:16:03 +00:00
|
|
|
}
|
2020-07-02 14:57:00 +00:00
|
|
|
if (!decfg && !ac->config) {
|
|
|
|
ac->config = true;
|
|
|
|
AP_DBF_INFO("%s(%d) card device config on\n",
|
|
|
|
__func__, ap);
|
2021-04-13 16:11:09 +00:00
|
|
|
ap_send_config_uevent(&ac->ap_dev, ac->config);
|
2019-02-05 16:22:36 +00:00
|
|
|
}
|
2018-11-29 10:50:16 +00:00
|
|
|
}
|
2020-07-02 14:57:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!ac) {
|
|
|
|
/* Build a new card device */
|
2018-11-29 10:50:16 +00:00
|
|
|
comp_type = ap_get_compatible_type(qid, type, func);
|
2020-07-02 14:57:00 +00:00
|
|
|
if (!comp_type) {
|
|
|
|
AP_DBF_WARN("%s(%d) type %d, can't get compatibility type\n",
|
|
|
|
__func__, ap, type);
|
|
|
|
return;
|
|
|
|
}
|
2021-06-25 10:29:46 +00:00
|
|
|
ac = ap_card_create(ap, depth, type, comp_type, func, ml);
|
2018-11-29 10:50:16 +00:00
|
|
|
if (!ac) {
|
2020-07-02 14:57:00 +00:00
|
|
|
AP_DBF_WARN("%s(%d) ap_card_create() failed\n",
|
|
|
|
__func__, ap);
|
|
|
|
return;
|
2018-11-29 10:50:16 +00:00
|
|
|
}
|
2020-07-02 14:57:00 +00:00
|
|
|
ac->config = !decfg;
|
|
|
|
dev = &ac->ap_dev.device;
|
|
|
|
dev->bus = &ap_bus_type;
|
|
|
|
dev->parent = ap_root_device;
|
|
|
|
dev_set_name(dev, "card%02x", ap);
|
2021-06-25 10:29:46 +00:00
|
|
|
/* maybe enlarge ap_max_msg_size to support this card */
|
|
|
|
if (ac->maxmsgsize > atomic_read(&ap_max_msg_size)) {
|
|
|
|
atomic_set(&ap_max_msg_size, ac->maxmsgsize);
|
|
|
|
AP_DBF_INFO("%s(%d) ap_max_msg_size update to %d byte\n",
|
|
|
|
__func__, ap, atomic_read(&ap_max_msg_size));
|
|
|
|
}
|
2020-07-02 14:57:00 +00:00
|
|
|
/* Register the new card device with AP bus */
|
|
|
|
rc = device_register(dev);
|
2018-11-29 10:50:16 +00:00
|
|
|
if (rc) {
|
2020-07-02 14:57:00 +00:00
|
|
|
AP_DBF_WARN("%s(%d) device_register() failed\n",
|
|
|
|
__func__, ap);
|
|
|
|
put_device(dev);
|
|
|
|
return;
|
2015-09-14 15:01:23 +00:00
|
|
|
}
|
2020-07-02 14:57:00 +00:00
|
|
|
/* get it and thus adjust reference counter */
|
|
|
|
get_device(dev);
|
|
|
|
if (decfg)
|
|
|
|
AP_DBF_INFO("%s(%d) new (decfg) card device type=%d func=0x%08x created\n",
|
|
|
|
__func__, ap, type, func);
|
|
|
|
else
|
|
|
|
AP_DBF_INFO("%s(%d) new card device type=%d func=0x%08x created\n",
|
|
|
|
__func__, ap, type, func);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Verify the domains and the queue devices for this card */
|
|
|
|
ap_scan_domains(ac);
|
2018-11-29 10:50:16 +00:00
|
|
|
|
2020-07-02 14:57:00 +00:00
|
|
|
/* release the card device */
|
|
|
|
put_device(&ac->ap_dev.device);
|
2018-11-29 10:50:16 +00:00
|
|
|
}
|
2017-05-12 14:35:14 +00:00
|
|
|
|
2018-11-29 10:50:16 +00:00
|
|
|
/**
|
|
|
|
* ap_scan_bus(): Scan the AP bus for new devices
|
|
|
|
* Runs periodically, workqueue timer (ap_config_time)
|
|
|
|
*/
|
|
|
|
static void ap_scan_bus(struct work_struct *unused)
|
|
|
|
{
|
2020-07-02 14:57:00 +00:00
|
|
|
int ap;
|
2018-11-29 10:50:16 +00:00
|
|
|
|
2020-07-01 10:40:39 +00:00
|
|
|
ap_fetch_qci_info(ap_qci_info);
|
2018-11-29 10:50:16 +00:00
|
|
|
ap_select_domain();
|
|
|
|
|
2020-07-02 13:56:15 +00:00
|
|
|
AP_DBF_DBG("%s running\n", __func__);
|
2020-07-01 10:40:39 +00:00
|
|
|
|
2018-11-29 10:50:16 +00:00
|
|
|
/* loop over all possible adapters */
|
2020-07-02 14:57:00 +00:00
|
|
|
for (ap = 0; ap <= ap_max_adapter_id; ap++)
|
|
|
|
ap_scan_adapter(ap);
|
2018-11-29 10:50:16 +00:00
|
|
|
|
|
|
|
/* check if there is at least one queue available with default domain */
|
|
|
|
if (ap_domain_index >= 0) {
|
|
|
|
struct device *dev =
|
|
|
|
bus_find_device(&ap_bus_type, NULL,
|
|
|
|
(void *)(long) ap_domain_index,
|
2019-02-05 16:22:36 +00:00
|
|
|
__match_queue_device_with_queue_id);
|
2018-11-29 10:50:16 +00:00
|
|
|
if (dev)
|
|
|
|
put_device(dev);
|
|
|
|
else
|
2020-07-02 13:56:15 +00:00
|
|
|
AP_DBF_INFO("no queue device with default domain %d available\n",
|
|
|
|
ap_domain_index);
|
2018-11-29 10:50:16 +00:00
|
|
|
}
|
2017-05-12 14:35:14 +00:00
|
|
|
|
2020-08-31 08:16:26 +00:00
|
|
|
if (atomic64_inc_return(&ap_scan_bus_count) == 1) {
|
|
|
|
AP_DBF(DBF_DEBUG, "%s init scan complete\n", __func__);
|
|
|
|
ap_send_init_scan_done_uevent();
|
|
|
|
ap_check_bindings_complete();
|
|
|
|
}
|
|
|
|
|
2015-07-23 08:55:59 +00:00
|
|
|
mod_timer(&ap_config_timer, jiffies + ap_config_time * HZ);
|
2006-09-20 13:58:25 +00:00
|
|
|
}
|
|
|
|
|
2017-10-25 10:27:37 +00:00
|
|
|
static void ap_config_timeout(struct timer_list *unused)
|
2006-09-20 13:58:25 +00:00
|
|
|
{
|
2015-07-27 10:47:40 +00:00
|
|
|
queue_work(system_long_wq, &ap_scan_work);
|
2006-09-20 13:58:25 +00:00
|
|
|
}
|
2006-12-15 16:18:17 +00:00
|
|
|
|
2018-04-04 05:14:17 +00:00
|
|
|
static int __init ap_debug_init(void)
|
2016-11-24 05:45:21 +00:00
|
|
|
{
|
|
|
|
ap_dbf_info = debug_register("ap", 1, 1,
|
|
|
|
DBF_MAX_SPRINTF_ARGS * sizeof(long));
|
|
|
|
debug_register_view(ap_dbf_info, &debug_sprintf_view);
|
|
|
|
debug_set_level(ap_dbf_info, DBF_ERR);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
static void __init ap_perms_init(void)
|
|
|
|
{
|
2018-08-20 13:27:45 +00:00
|
|
|
/* all resources useable if no kernel parameter string given */
|
s390/zcrypt: multiple zcrypt device nodes support
This patch is an extension to the zcrypt device driver to provide,
support and maintain multiple zcrypt device nodes. The individual
zcrypt device nodes can be restricted in terms of crypto cards,
domains and available ioctls. Such a device node can be used as a
base for container solutions like docker to control and restrict
the access to crypto resources.
The handling is done with a new sysfs subdir /sys/class/zcrypt.
Echoing a name (or an empty sting) into the attribute "create" creates
a new zcrypt device node. In /sys/class/zcrypt a new link will appear
which points to the sysfs device tree of this new device. The
attribute files "ioctlmask", "apmask" and "aqmask" in this directory
are used to customize this new zcrypt device node instance. Finally
the zcrypt device node can be destroyed by echoing the name into
/sys/class/zcrypt/destroy. The internal structs holding the device
info are reference counted - so a destroy will not hard remove a
device but only marks it as removable when the reference counter drops
to zero.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
* Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
* Relative format - a concatenation (done with ',') of the
terms +<bitnr>[-<bitnr>] or -<bitnr>[-<bitnr>]. <bitnr> may be any
valid number (hex, decimal or octal) in the range 0...255. Here are
some examples:
"+0-15,+32,-128,-0xFF"
"-0-255,+1-16,+0x128"
"+1,+2,+3,+4,-5,-7-10"
A simple usage examples:
# create new zcrypt device 'my_zcrypt':
echo "my_zcrypt" >/sys/class/zcrypt/create
# go into the device dir of this new device
echo "my_zcrypt" >create
cd my_zcrypt/
ls -l
total 0
-rw-r--r-- 1 root root 4096 Jul 20 15:23 apmask
-rw-r--r-- 1 root root 4096 Jul 20 15:23 aqmask
-r--r--r-- 1 root root 4096 Jul 20 15:23 dev
-rw-r--r-- 1 root root 4096 Jul 20 15:23 ioctlmask
lrwxrwxrwx 1 root root 0 Jul 20 15:23 subsystem -> ../../../../class/zcrypt
...
# customize this zcrypt node clone
# enable only adapter 0 and 2
echo "0xa0" >apmask
# enable only domain 6
echo "+6" >aqmask
# enable all 256 ioctls
echo "+0-255" >ioctls
# now the /dev/my_zcrypt may be used
# finally destroy it
echo "my_zcrypt" >/sys/class/zcrypt/destroy
Please note that a very similar 'filtering behavior' also applies to
the parent z90crypt device. The two mask attributes apmask and aqmask
in /sys/bus/ap act the very same for the z90crypt device node. However
the implementation here is totally different as the ap bus acts on
bind/unbind of queue devices and associated drivers but the effect is
still the same. So there are two filters active for each additional
zcrypt device node: The adapter/domain needs to be enabled on the ap
bus level and it needs to be active on the zcrypt device node level.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-09-17 14:18:41 +00:00
|
|
|
memset(&ap_perms.ioctlm, 0xFF, sizeof(ap_perms.ioctlm));
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
memset(&ap_perms.apm, 0xFF, sizeof(ap_perms.apm));
|
|
|
|
memset(&ap_perms.aqm, 0xFF, sizeof(ap_perms.aqm));
|
|
|
|
|
2018-08-20 13:27:45 +00:00
|
|
|
/* apm kernel parameter string */
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
if (apm_str) {
|
2018-08-20 13:27:45 +00:00
|
|
|
memset(&ap_perms.apm, 0, sizeof(ap_perms.apm));
|
s390/zcrypt: multiple zcrypt device nodes support
This patch is an extension to the zcrypt device driver to provide,
support and maintain multiple zcrypt device nodes. The individual
zcrypt device nodes can be restricted in terms of crypto cards,
domains and available ioctls. Such a device node can be used as a
base for container solutions like docker to control and restrict
the access to crypto resources.
The handling is done with a new sysfs subdir /sys/class/zcrypt.
Echoing a name (or an empty sting) into the attribute "create" creates
a new zcrypt device node. In /sys/class/zcrypt a new link will appear
which points to the sysfs device tree of this new device. The
attribute files "ioctlmask", "apmask" and "aqmask" in this directory
are used to customize this new zcrypt device node instance. Finally
the zcrypt device node can be destroyed by echoing the name into
/sys/class/zcrypt/destroy. The internal structs holding the device
info are reference counted - so a destroy will not hard remove a
device but only marks it as removable when the reference counter drops
to zero.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
* Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
* Relative format - a concatenation (done with ',') of the
terms +<bitnr>[-<bitnr>] or -<bitnr>[-<bitnr>]. <bitnr> may be any
valid number (hex, decimal or octal) in the range 0...255. Here are
some examples:
"+0-15,+32,-128,-0xFF"
"-0-255,+1-16,+0x128"
"+1,+2,+3,+4,-5,-7-10"
A simple usage examples:
# create new zcrypt device 'my_zcrypt':
echo "my_zcrypt" >/sys/class/zcrypt/create
# go into the device dir of this new device
echo "my_zcrypt" >create
cd my_zcrypt/
ls -l
total 0
-rw-r--r-- 1 root root 4096 Jul 20 15:23 apmask
-rw-r--r-- 1 root root 4096 Jul 20 15:23 aqmask
-r--r--r-- 1 root root 4096 Jul 20 15:23 dev
-rw-r--r-- 1 root root 4096 Jul 20 15:23 ioctlmask
lrwxrwxrwx 1 root root 0 Jul 20 15:23 subsystem -> ../../../../class/zcrypt
...
# customize this zcrypt node clone
# enable only adapter 0 and 2
echo "0xa0" >apmask
# enable only domain 6
echo "+6" >aqmask
# enable all 256 ioctls
echo "+0-255" >ioctls
# now the /dev/my_zcrypt may be used
# finally destroy it
echo "my_zcrypt" >/sys/class/zcrypt/destroy
Please note that a very similar 'filtering behavior' also applies to
the parent z90crypt device. The two mask attributes apmask and aqmask
in /sys/bus/ap act the very same for the z90crypt device node. However
the implementation here is totally different as the ap bus acts on
bind/unbind of queue devices and associated drivers but the effect is
still the same. So there are two filters active for each additional
zcrypt device node: The adapter/domain needs to be enabled on the ap
bus level and it needs to be active on the zcrypt device node level.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-09-17 14:18:41 +00:00
|
|
|
ap_parse_mask_str(apm_str, ap_perms.apm, AP_DEVICES,
|
|
|
|
&ap_perms_mutex);
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
}
|
|
|
|
|
2018-08-20 13:27:45 +00:00
|
|
|
/* aqm kernel parameter string */
|
|
|
|
if (aqm_str) {
|
|
|
|
memset(&ap_perms.aqm, 0, sizeof(ap_perms.aqm));
|
s390/zcrypt: multiple zcrypt device nodes support
This patch is an extension to the zcrypt device driver to provide,
support and maintain multiple zcrypt device nodes. The individual
zcrypt device nodes can be restricted in terms of crypto cards,
domains and available ioctls. Such a device node can be used as a
base for container solutions like docker to control and restrict
the access to crypto resources.
The handling is done with a new sysfs subdir /sys/class/zcrypt.
Echoing a name (or an empty sting) into the attribute "create" creates
a new zcrypt device node. In /sys/class/zcrypt a new link will appear
which points to the sysfs device tree of this new device. The
attribute files "ioctlmask", "apmask" and "aqmask" in this directory
are used to customize this new zcrypt device node instance. Finally
the zcrypt device node can be destroyed by echoing the name into
/sys/class/zcrypt/destroy. The internal structs holding the device
info are reference counted - so a destroy will not hard remove a
device but only marks it as removable when the reference counter drops
to zero.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
* Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
* Relative format - a concatenation (done with ',') of the
terms +<bitnr>[-<bitnr>] or -<bitnr>[-<bitnr>]. <bitnr> may be any
valid number (hex, decimal or octal) in the range 0...255. Here are
some examples:
"+0-15,+32,-128,-0xFF"
"-0-255,+1-16,+0x128"
"+1,+2,+3,+4,-5,-7-10"
A simple usage examples:
# create new zcrypt device 'my_zcrypt':
echo "my_zcrypt" >/sys/class/zcrypt/create
# go into the device dir of this new device
echo "my_zcrypt" >create
cd my_zcrypt/
ls -l
total 0
-rw-r--r-- 1 root root 4096 Jul 20 15:23 apmask
-rw-r--r-- 1 root root 4096 Jul 20 15:23 aqmask
-r--r--r-- 1 root root 4096 Jul 20 15:23 dev
-rw-r--r-- 1 root root 4096 Jul 20 15:23 ioctlmask
lrwxrwxrwx 1 root root 0 Jul 20 15:23 subsystem -> ../../../../class/zcrypt
...
# customize this zcrypt node clone
# enable only adapter 0 and 2
echo "0xa0" >apmask
# enable only domain 6
echo "+6" >aqmask
# enable all 256 ioctls
echo "+0-255" >ioctls
# now the /dev/my_zcrypt may be used
# finally destroy it
echo "my_zcrypt" >/sys/class/zcrypt/destroy
Please note that a very similar 'filtering behavior' also applies to
the parent z90crypt device. The two mask attributes apmask and aqmask
in /sys/bus/ap act the very same for the z90crypt device node. However
the implementation here is totally different as the ap bus acts on
bind/unbind of queue devices and associated drivers but the effect is
still the same. So there are two filters active for each additional
zcrypt device node: The adapter/domain needs to be enabled on the ap
bus level and it needs to be active on the zcrypt device node level.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-09-17 14:18:41 +00:00
|
|
|
ap_parse_mask_str(aqm_str, ap_perms.aqm, AP_DOMAINS,
|
|
|
|
&ap_perms_mutex);
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2006-09-20 13:58:25 +00:00
|
|
|
/**
|
2008-04-17 05:46:28 +00:00
|
|
|
* ap_module_init(): The module initialization code.
|
|
|
|
*
|
|
|
|
* Initializes the module.
|
2006-09-20 13:58:25 +00:00
|
|
|
*/
|
2018-04-04 05:14:17 +00:00
|
|
|
static int __init ap_module_init(void)
|
2006-09-20 13:58:25 +00:00
|
|
|
{
|
2020-11-09 13:41:07 +00:00
|
|
|
int rc;
|
2006-09-20 13:58:25 +00:00
|
|
|
|
2016-11-24 05:45:21 +00:00
|
|
|
rc = ap_debug_init();
|
|
|
|
if (rc)
|
|
|
|
return rc;
|
|
|
|
|
2018-08-09 09:59:34 +00:00
|
|
|
if (!ap_instructions_available()) {
|
2015-06-26 14:55:35 +00:00
|
|
|
pr_warn("The hardware system does not support AP instructions\n");
|
|
|
|
return -ENODEV;
|
|
|
|
}
|
|
|
|
|
2020-05-08 13:51:19 +00:00
|
|
|
/* init ap_queue hashtable */
|
|
|
|
hash_init(ap_queues);
|
|
|
|
|
s390/zcrypt: multiple zcrypt device nodes support
This patch is an extension to the zcrypt device driver to provide,
support and maintain multiple zcrypt device nodes. The individual
zcrypt device nodes can be restricted in terms of crypto cards,
domains and available ioctls. Such a device node can be used as a
base for container solutions like docker to control and restrict
the access to crypto resources.
The handling is done with a new sysfs subdir /sys/class/zcrypt.
Echoing a name (or an empty sting) into the attribute "create" creates
a new zcrypt device node. In /sys/class/zcrypt a new link will appear
which points to the sysfs device tree of this new device. The
attribute files "ioctlmask", "apmask" and "aqmask" in this directory
are used to customize this new zcrypt device node instance. Finally
the zcrypt device node can be destroyed by echoing the name into
/sys/class/zcrypt/destroy. The internal structs holding the device
info are reference counted - so a destroy will not hard remove a
device but only marks it as removable when the reference counter drops
to zero.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
* Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
* Relative format - a concatenation (done with ',') of the
terms +<bitnr>[-<bitnr>] or -<bitnr>[-<bitnr>]. <bitnr> may be any
valid number (hex, decimal or octal) in the range 0...255. Here are
some examples:
"+0-15,+32,-128,-0xFF"
"-0-255,+1-16,+0x128"
"+1,+2,+3,+4,-5,-7-10"
A simple usage examples:
# create new zcrypt device 'my_zcrypt':
echo "my_zcrypt" >/sys/class/zcrypt/create
# go into the device dir of this new device
echo "my_zcrypt" >create
cd my_zcrypt/
ls -l
total 0
-rw-r--r-- 1 root root 4096 Jul 20 15:23 apmask
-rw-r--r-- 1 root root 4096 Jul 20 15:23 aqmask
-r--r--r-- 1 root root 4096 Jul 20 15:23 dev
-rw-r--r-- 1 root root 4096 Jul 20 15:23 ioctlmask
lrwxrwxrwx 1 root root 0 Jul 20 15:23 subsystem -> ../../../../class/zcrypt
...
# customize this zcrypt node clone
# enable only adapter 0 and 2
echo "0xa0" >apmask
# enable only domain 6
echo "+6" >aqmask
# enable all 256 ioctls
echo "+0-255" >ioctls
# now the /dev/my_zcrypt may be used
# finally destroy it
echo "my_zcrypt" >/sys/class/zcrypt/destroy
Please note that a very similar 'filtering behavior' also applies to
the parent z90crypt device. The two mask attributes apmask and aqmask
in /sys/bus/ap act the very same for the z90crypt device node. However
the implementation here is totally different as the ap bus acts on
bind/unbind of queue devices and associated drivers but the effect is
still the same. So there are two filters active for each additional
zcrypt device node: The adapter/domain needs to be enabled on the ap
bus level and it needs to be active on the zcrypt device node level.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-09-17 14:18:41 +00:00
|
|
|
/* set up the AP permissions (ioctls, ap and aq masks) */
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
ap_perms_init();
|
|
|
|
|
2015-06-26 14:55:35 +00:00
|
|
|
/* Get AP configuration data if available */
|
2020-07-01 10:40:39 +00:00
|
|
|
ap_init_qci_info();
|
|
|
|
|
|
|
|
/* check default domain setting */
|
|
|
|
if (ap_domain_index < -1 || ap_domain_index > ap_max_domain_id ||
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 06:36:53 +00:00
|
|
|
(ap_domain_index >= 0 &&
|
|
|
|
!test_bit_inv(ap_domain_index, ap_perms.aqm))) {
|
2015-06-26 14:55:35 +00:00
|
|
|
pr_warn("%d is not a valid cryptographic domain\n",
|
|
|
|
ap_domain_index);
|
2017-05-12 14:35:14 +00:00
|
|
|
ap_domain_index = -1;
|
2006-09-20 13:58:25 +00:00
|
|
|
}
|
2009-09-22 20:58:51 +00:00
|
|
|
|
2020-07-01 10:40:39 +00:00
|
|
|
/* enable interrupts if available */
|
2008-12-25 12:38:41 +00:00
|
|
|
if (ap_interrupts_available()) {
|
2013-06-24 08:30:41 +00:00
|
|
|
rc = register_adapter_interrupt(&ap_airq);
|
|
|
|
ap_airq_flag = (rc == 0);
|
2008-12-25 12:38:41 +00:00
|
|
|
}
|
|
|
|
|
2006-09-20 13:58:25 +00:00
|
|
|
/* Create /sys/bus/ap. */
|
|
|
|
rc = bus_register(&ap_bus_type);
|
|
|
|
if (rc)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
/* Create /sys/devices/ap. */
|
2008-12-15 12:58:29 +00:00
|
|
|
ap_root_device = root_device_register("ap");
|
2018-07-19 04:42:05 +00:00
|
|
|
rc = PTR_ERR_OR_ZERO(ap_root_device);
|
2006-09-20 13:58:25 +00:00
|
|
|
if (rc)
|
|
|
|
goto out_bus;
|
2020-08-31 08:16:26 +00:00
|
|
|
ap_root_device->bus = &ap_bus_type;
|
2006-09-20 13:58:25 +00:00
|
|
|
|
2008-04-17 05:46:28 +00:00
|
|
|
/* Setup the AP bus rescan timer. */
|
2017-10-25 10:27:37 +00:00
|
|
|
timer_setup(&ap_config_timer, ap_config_timeout, 0);
|
2006-09-20 13:58:25 +00:00
|
|
|
|
2015-09-14 15:01:23 +00:00
|
|
|
/*
|
|
|
|
* Setup the high resultion poll timer.
|
2008-07-14 07:59:08 +00:00
|
|
|
* If we are running under z/VM adjust polling to z/VM polling rate.
|
|
|
|
*/
|
|
|
|
if (MACHINE_IS_VM)
|
|
|
|
poll_timeout = 1500000;
|
|
|
|
hrtimer_init(&ap_poll_timer, CLOCK_MONOTONIC, HRTIMER_MODE_ABS);
|
|
|
|
ap_poll_timer.function = ap_poll_timeout;
|
|
|
|
|
2006-09-20 13:58:25 +00:00
|
|
|
/* Start the low priority AP bus poll thread. */
|
|
|
|
if (ap_thread_flag) {
|
|
|
|
rc = ap_poll_thread_start();
|
|
|
|
if (rc)
|
|
|
|
goto out_work;
|
|
|
|
}
|
|
|
|
|
2015-07-27 10:47:40 +00:00
|
|
|
queue_work(system_long_wq, &ap_scan_work);
|
2015-09-14 15:01:23 +00:00
|
|
|
|
2006-09-20 13:58:25 +00:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
out_work:
|
2008-07-14 07:59:08 +00:00
|
|
|
hrtimer_cancel(&ap_poll_timer);
|
2008-12-15 12:58:29 +00:00
|
|
|
root_device_unregister(ap_root_device);
|
2006-09-20 13:58:25 +00:00
|
|
|
out_bus:
|
|
|
|
bus_unregister(&ap_bus_type);
|
|
|
|
out:
|
2013-06-24 08:30:41 +00:00
|
|
|
if (ap_using_interrupts())
|
|
|
|
unregister_adapter_interrupt(&ap_airq);
|
2020-07-01 10:40:39 +00:00
|
|
|
kfree(ap_qci_info);
|
2006-09-20 13:58:25 +00:00
|
|
|
return rc;
|
|
|
|
}
|
2017-02-09 14:48:10 +00:00
|
|
|
device_initcall(ap_module_init);
|