2018-08-17 12:36:01 +02:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0+ */
|
2006-09-20 15:58:25 +02:00
|
|
|
/*
|
2023-06-28 12:36:08 +02:00
|
|
|
* Copyright IBM Corp. 2006, 2023
|
2006-09-20 15:58:25 +02:00
|
|
|
* Author(s): Cornelia Huck <cornelia.huck@de.ibm.com>
|
|
|
|
|
* Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
|
|
|
* Ralph Wuerthner <rwuerthn@de.ibm.com>
|
2008-12-25 13:38:41 +01:00
|
|
|
* Felix Beck <felix.beck@de.ibm.com>
|
2011-07-24 10:48:25 +02:00
|
|
|
* Holger Dengler <hd@linux.vnet.ibm.com>
|
2006-09-20 15:58:25 +02:00
|
|
|
*
|
|
|
|
|
* Adjunct processor bus header file.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef _AP_BUS_H_
|
|
|
|
|
#define _AP_BUS_H_
|
|
|
|
|
|
|
|
|
|
#include <linux/device.h>
|
|
|
|
|
#include <linux/types.h>
|
2020-05-08 15:51:19 +02:00
|
|
|
#include <linux/hashtable.h>
|
2018-06-12 15:42:36 +02:00
|
|
|
#include <asm/isc.h>
|
2016-11-08 07:09:13 +01:00
|
|
|
#include <asm/ap.h>
|
2006-09-20 15:58:25 +02:00
|
|
|
|
2018-04-09 16:18:37 +02:00
|
|
|
#define AP_DEVICES 256 /* Number of AP devices. */
|
2014-09-08 13:24:13 +02:00
|
|
|
#define AP_DOMAINS 256 /* Number of AP domains. */
|
s390/zcrypt: multiple zcrypt device nodes support
This patch is an extension to the zcrypt device driver to provide,
support and maintain multiple zcrypt device nodes. The individual
zcrypt device nodes can be restricted in terms of crypto cards,
domains and available ioctls. Such a device node can be used as a
base for container solutions like docker to control and restrict
the access to crypto resources.
The handling is done with a new sysfs subdir /sys/class/zcrypt.
Echoing a name (or an empty sting) into the attribute "create" creates
a new zcrypt device node. In /sys/class/zcrypt a new link will appear
which points to the sysfs device tree of this new device. The
attribute files "ioctlmask", "apmask" and "aqmask" in this directory
are used to customize this new zcrypt device node instance. Finally
the zcrypt device node can be destroyed by echoing the name into
/sys/class/zcrypt/destroy. The internal structs holding the device
info are reference counted - so a destroy will not hard remove a
device but only marks it as removable when the reference counter drops
to zero.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
* Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
* Relative format - a concatenation (done with ',') of the
terms +<bitnr>[-<bitnr>] or -<bitnr>[-<bitnr>]. <bitnr> may be any
valid number (hex, decimal or octal) in the range 0...255. Here are
some examples:
"+0-15,+32,-128,-0xFF"
"-0-255,+1-16,+0x128"
"+1,+2,+3,+4,-5,-7-10"
A simple usage examples:
# create new zcrypt device 'my_zcrypt':
echo "my_zcrypt" >/sys/class/zcrypt/create
# go into the device dir of this new device
echo "my_zcrypt" >create
cd my_zcrypt/
ls -l
total 0
-rw-r--r-- 1 root root 4096 Jul 20 15:23 apmask
-rw-r--r-- 1 root root 4096 Jul 20 15:23 aqmask
-r--r--r-- 1 root root 4096 Jul 20 15:23 dev
-rw-r--r-- 1 root root 4096 Jul 20 15:23 ioctlmask
lrwxrwxrwx 1 root root 0 Jul 20 15:23 subsystem -> ../../../../class/zcrypt
...
# customize this zcrypt node clone
# enable only adapter 0 and 2
echo "0xa0" >apmask
# enable only domain 6
echo "+6" >aqmask
# enable all 256 ioctls
echo "+0-255" >ioctls
# now the /dev/my_zcrypt may be used
# finally destroy it
echo "my_zcrypt" >/sys/class/zcrypt/destroy
Please note that a very similar 'filtering behavior' also applies to
the parent z90crypt device. The two mask attributes apmask and aqmask
in /sys/bus/ap act the very same for the z90crypt device node. However
the implementation here is totally different as the ap bus acts on
bind/unbind of queue devices and associated drivers but the effect is
still the same. So there are two filters active for each additional
zcrypt device node: The adapter/domain needs to be enabled on the ap
bus level and it needs to be active on the zcrypt device node level.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-09-17 16:18:41 +02:00
|
|
|
#define AP_IOCTLS 256 /* Number of ioctls. */
|
2013-11-20 10:47:13 +01:00
|
|
|
#define AP_RESET_TIMEOUT (HZ*0.7) /* Time in ticks for reset timeouts. */
|
2006-09-20 15:58:25 +02:00
|
|
|
#define AP_CONFIG_TIME 30 /* Time in seconds between AP bus rescans. */
|
|
|
|
|
#define AP_POLL_TIME 1 /* Time in ticks between receive polls. */
|
2021-06-25 12:29:46 +02:00
|
|
|
#define AP_DEFAULT_MAX_MSG_SIZE (12 * 1024)
|
|
|
|
|
#define AP_TAPQ_ML_FIELD_CHUNK_SIZE (4096)
|
2006-09-20 15:58:25 +02:00
|
|
|
|
|
|
|
|
extern int ap_domain_index;
|
2021-06-25 12:29:46 +02:00
|
|
|
extern atomic_t ap_max_msg_size;
|
2006-09-20 15:58:25 +02:00
|
|
|
|
2020-05-08 15:51:19 +02:00
|
|
|
extern DECLARE_HASHTABLE(ap_queues, 8);
|
|
|
|
|
extern spinlock_t ap_queues_lock;
|
2016-08-25 11:16:03 +02:00
|
|
|
|
2012-08-28 16:41:50 +02:00
|
|
|
static inline int ap_test_bit(unsigned int *ptr, unsigned int nr)
|
2011-07-24 10:48:25 +02:00
|
|
|
{
|
2012-08-28 16:41:50 +02:00
|
|
|
return (*ptr & (0x80000000u >> nr)) != 0;
|
2011-07-24 10:48:25 +02:00
|
|
|
}
|
2006-09-20 15:58:25 +02:00
|
|
|
|
2023-03-10 17:46:49 +01:00
|
|
|
#define AP_RESPONSE_NORMAL 0x00
|
|
|
|
|
#define AP_RESPONSE_Q_NOT_AVAIL 0x01
|
|
|
|
|
#define AP_RESPONSE_RESET_IN_PROGRESS 0x02
|
|
|
|
|
#define AP_RESPONSE_DECONFIGURED 0x03
|
|
|
|
|
#define AP_RESPONSE_CHECKSTOPPED 0x04
|
|
|
|
|
#define AP_RESPONSE_BUSY 0x05
|
|
|
|
|
#define AP_RESPONSE_INVALID_ADDRESS 0x06
|
|
|
|
|
#define AP_RESPONSE_OTHERWISE_CHANGED 0x07
|
|
|
|
|
#define AP_RESPONSE_INVALID_GISA 0x08
|
|
|
|
|
#define AP_RESPONSE_Q_BOUND_TO_ANOTHER 0x09
|
|
|
|
|
#define AP_RESPONSE_STATE_CHANGE_IN_PROGRESS 0x0A
|
|
|
|
|
#define AP_RESPONSE_Q_NOT_BOUND 0x0B
|
|
|
|
|
#define AP_RESPONSE_Q_FULL 0x10
|
|
|
|
|
#define AP_RESPONSE_NO_PENDING_REPLY 0x10
|
|
|
|
|
#define AP_RESPONSE_INDEX_TOO_BIG 0x11
|
|
|
|
|
#define AP_RESPONSE_NO_FIRST_PART 0x13
|
|
|
|
|
#define AP_RESPONSE_MESSAGE_TOO_BIG 0x15
|
|
|
|
|
#define AP_RESPONSE_REQ_FAC_NOT_INST 0x16
|
|
|
|
|
#define AP_RESPONSE_Q_BIND_ERROR 0x30
|
|
|
|
|
#define AP_RESPONSE_Q_NOT_AVAIL_FOR_ASSOC 0x31
|
|
|
|
|
#define AP_RESPONSE_Q_NOT_EMPTY 0x32
|
|
|
|
|
#define AP_RESPONSE_BIND_LIMIT_EXCEEDED 0x33
|
|
|
|
|
#define AP_RESPONSE_INVALID_ASSOC_SECRET 0x34
|
|
|
|
|
#define AP_RESPONSE_ASSOC_SECRET_NOT_UNIQUE 0x35
|
|
|
|
|
#define AP_RESPONSE_ASSOC_FAILED 0x36
|
|
|
|
|
#define AP_RESPONSE_INVALID_DOMAIN 0x42
|
2006-09-20 15:58:25 +02:00
|
|
|
|
2008-04-17 07:46:28 +02:00
|
|
|
/*
|
2023-06-28 12:36:08 +02:00
|
|
|
* Supported AP device types
|
2006-09-20 15:58:25 +02:00
|
|
|
*/
|
2012-08-28 16:48:29 +02:00
|
|
|
#define AP_DEVICE_TYPE_CEX4 10
|
2015-01-23 14:56:25 +01:00
|
|
|
#define AP_DEVICE_TYPE_CEX5 11
|
2016-10-12 15:58:14 +02:00
|
|
|
#define AP_DEVICE_TYPE_CEX6 12
|
2019-08-16 11:05:58 +02:00
|
|
|
#define AP_DEVICE_TYPE_CEX7 13
|
2021-11-16 14:54:19 +01:00
|
|
|
#define AP_DEVICE_TYPE_CEX8 14
|
2006-09-20 15:58:25 +02:00
|
|
|
|
2015-09-14 17:01:23 +02:00
|
|
|
/*
|
2020-05-26 10:49:33 +02:00
|
|
|
* AP queue state machine states
|
2015-09-14 17:01:23 +02:00
|
|
|
*/
|
2020-05-26 10:49:33 +02:00
|
|
|
enum ap_sm_state {
|
2020-07-02 11:22:01 +02:00
|
|
|
AP_SM_STATE_RESET_START = 0,
|
2020-05-26 10:49:33 +02:00
|
|
|
AP_SM_STATE_RESET_WAIT,
|
|
|
|
|
AP_SM_STATE_SETIRQ_WAIT,
|
|
|
|
|
AP_SM_STATE_IDLE,
|
|
|
|
|
AP_SM_STATE_WORKING,
|
|
|
|
|
AP_SM_STATE_QUEUE_FULL,
|
2023-03-10 17:46:49 +01:00
|
|
|
AP_SM_STATE_ASSOC_WAIT,
|
2020-05-26 10:49:33 +02:00
|
|
|
NR_AP_SM_STATES
|
2015-09-14 17:01:23 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*
|
2020-05-26 10:49:33 +02:00
|
|
|
* AP queue state machine events
|
2015-09-14 17:01:23 +02:00
|
|
|
*/
|
2020-05-26 10:49:33 +02:00
|
|
|
enum ap_sm_event {
|
|
|
|
|
AP_SM_EVENT_POLL,
|
|
|
|
|
AP_SM_EVENT_TIMEOUT,
|
|
|
|
|
NR_AP_SM_EVENTS
|
2015-09-14 17:01:23 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*
|
2020-05-26 10:49:33 +02:00
|
|
|
* AP queue state wait behaviour
|
2015-09-14 17:01:23 +02:00
|
|
|
*/
|
2020-05-26 10:49:33 +02:00
|
|
|
enum ap_sm_wait {
|
2022-10-21 15:41:00 +02:00
|
|
|
AP_SM_WAIT_AGAIN = 0, /* retry immediately */
|
|
|
|
|
AP_SM_WAIT_HIGH_TIMEOUT, /* poll high freq, wait for timeout */
|
|
|
|
|
AP_SM_WAIT_LOW_TIMEOUT, /* poll low freq, wait for timeout */
|
|
|
|
|
AP_SM_WAIT_INTERRUPT, /* wait for thin interrupt (if available) */
|
|
|
|
|
AP_SM_WAIT_NONE, /* no wait */
|
2020-05-26 10:49:33 +02:00
|
|
|
NR_AP_SM_WAIT
|
2015-09-14 17:01:23 +02:00
|
|
|
};
|
2007-07-10 11:24:19 +02:00
|
|
|
|
2020-07-02 11:22:01 +02:00
|
|
|
/*
|
|
|
|
|
* AP queue device states
|
|
|
|
|
*/
|
|
|
|
|
enum ap_dev_state {
|
|
|
|
|
AP_DEV_STATE_UNINITIATED = 0, /* fresh and virgin, not touched */
|
|
|
|
|
AP_DEV_STATE_OPERATING, /* queue dev is working normal */
|
|
|
|
|
AP_DEV_STATE_SHUTDOWN, /* remove/unbind/shutdown in progress */
|
|
|
|
|
AP_DEV_STATE_ERROR, /* device is in error state */
|
|
|
|
|
NR_AP_DEV_STATES
|
|
|
|
|
};
|
|
|
|
|
|
2006-09-20 15:58:25 +02:00
|
|
|
struct ap_device;
|
|
|
|
|
struct ap_message;
|
|
|
|
|
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 08:36:53 +02:00
|
|
|
/*
|
|
|
|
|
* The ap driver struct includes a flags field which holds some info for
|
|
|
|
|
* the ap bus about the driver. Currently only one flag is supported and
|
|
|
|
|
* used: The DEFAULT flag marks an ap driver as a default driver which is
|
|
|
|
|
* used together with the apmask and aqmask whitelisting of the ap bus.
|
|
|
|
|
*/
|
|
|
|
|
#define AP_DRIVER_FLAG_DEFAULT 0x0001
|
|
|
|
|
|
2006-09-20 15:58:25 +02:00
|
|
|
struct ap_driver {
|
|
|
|
|
struct device_driver driver;
|
|
|
|
|
struct ap_device_id *ids;
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 08:36:53 +02:00
|
|
|
unsigned int flags;
|
2006-09-20 15:58:25 +02:00
|
|
|
|
|
|
|
|
int (*probe)(struct ap_device *);
|
|
|
|
|
void (*remove)(struct ap_device *);
|
2019-02-01 16:21:11 -05:00
|
|
|
int (*in_use)(unsigned long *apm, unsigned long *aqm);
|
s390/ap: notify drivers on config changed and scan complete callbacks
This patch introduces an extension to the ap bus to notify device drivers
when the host AP configuration changes - i.e., adapters, domains or
control domains are added or removed. When an adapter or domain is added to
the host's AP configuration, the AP bus will create the associated queue
devices in the linux sysfs device model. Each new type 10 (i.e., CEX4) or
newer queue device with an APQN that is not reserved for the default device
driver will get bound to the vfio_ap device driver. Likewise, whan an
adapter or domain is removed from the host's AP configuration, the AP bus
will remove the associated queue devices from the sysfs device model. Each
of the queues that is bound to the vfio_ap device driver will get unbound.
With the introduction of hot plug support, binding or unbinding of a
queue device will result in plugging or unplugging one or more queues from
a guest that is using the queue. If there are multiple changes to the
host's AP configuration, it could result in the probe and remove callbacks
getting invoked multiple times. Each time queues are plugged into or
unplugged from a guest, the guest's VCPUs must be taken out of SIE.
If this occurs multiple times due to changes in the host's AP
configuration, that can have an undesirable negative affect on the guest's
performance.
To alleviate this problem, this patch introduces two new callbacks: one to
notify the vfio_ap device driver when the AP bus scan routine detects a
change to the host's AP configuration; and, one to notify the driver when
the AP bus is done scanning. This will allow the vfio_ap driver to do
bulk processing of all affected adapters, domains and control domains for
affected guests rather than plugging or unplugging them one at a time when
the probe or remove callback is invoked. The two new callbacks are:
void (*on_config_changed)(struct ap_config_info *new_config_info,
struct ap_config_info *old_config_info);
This callback is invoked at the start of the AP bus scan
function when it determines that the host AP configuration information
has changed since the previous scan. This is done by storing
an old and current QCI info struct and comparing them. If there is any
difference, the callback is invoked.
void (*on_scan_complete)(struct ap_config_info *new_config_info,
struct ap_config_info *old_config_info);
The on_scan_complete callback is invoked after the ap bus scan is
completed if the host AP configuration data has changed.
Signed-off-by: Tony Krowiak <akrowiak@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2021-10-01 13:39:13 -04:00
|
|
|
/*
|
|
|
|
|
* Called at the start of the ap bus scan function when
|
|
|
|
|
* the crypto config information (qci) has changed.
|
2022-07-15 12:23:48 +02:00
|
|
|
* This callback is not invoked if there is no AP
|
|
|
|
|
* QCI support available.
|
s390/ap: notify drivers on config changed and scan complete callbacks
This patch introduces an extension to the ap bus to notify device drivers
when the host AP configuration changes - i.e., adapters, domains or
control domains are added or removed. When an adapter or domain is added to
the host's AP configuration, the AP bus will create the associated queue
devices in the linux sysfs device model. Each new type 10 (i.e., CEX4) or
newer queue device with an APQN that is not reserved for the default device
driver will get bound to the vfio_ap device driver. Likewise, whan an
adapter or domain is removed from the host's AP configuration, the AP bus
will remove the associated queue devices from the sysfs device model. Each
of the queues that is bound to the vfio_ap device driver will get unbound.
With the introduction of hot plug support, binding or unbinding of a
queue device will result in plugging or unplugging one or more queues from
a guest that is using the queue. If there are multiple changes to the
host's AP configuration, it could result in the probe and remove callbacks
getting invoked multiple times. Each time queues are plugged into or
unplugged from a guest, the guest's VCPUs must be taken out of SIE.
If this occurs multiple times due to changes in the host's AP
configuration, that can have an undesirable negative affect on the guest's
performance.
To alleviate this problem, this patch introduces two new callbacks: one to
notify the vfio_ap device driver when the AP bus scan routine detects a
change to the host's AP configuration; and, one to notify the driver when
the AP bus is done scanning. This will allow the vfio_ap driver to do
bulk processing of all affected adapters, domains and control domains for
affected guests rather than plugging or unplugging them one at a time when
the probe or remove callback is invoked. The two new callbacks are:
void (*on_config_changed)(struct ap_config_info *new_config_info,
struct ap_config_info *old_config_info);
This callback is invoked at the start of the AP bus scan
function when it determines that the host AP configuration information
has changed since the previous scan. This is done by storing
an old and current QCI info struct and comparing them. If there is any
difference, the callback is invoked.
void (*on_scan_complete)(struct ap_config_info *new_config_info,
struct ap_config_info *old_config_info);
The on_scan_complete callback is invoked after the ap bus scan is
completed if the host AP configuration data has changed.
Signed-off-by: Tony Krowiak <akrowiak@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2021-10-01 13:39:13 -04:00
|
|
|
*/
|
|
|
|
|
void (*on_config_changed)(struct ap_config_info *new_config_info,
|
|
|
|
|
struct ap_config_info *old_config_info);
|
|
|
|
|
/*
|
|
|
|
|
* Called at the end of the ap bus scan function when
|
|
|
|
|
* the crypto config information (qci) has changed.
|
2022-07-15 12:23:48 +02:00
|
|
|
* This callback is not invoked if there is no AP
|
|
|
|
|
* QCI support available.
|
s390/ap: notify drivers on config changed and scan complete callbacks
This patch introduces an extension to the ap bus to notify device drivers
when the host AP configuration changes - i.e., adapters, domains or
control domains are added or removed. When an adapter or domain is added to
the host's AP configuration, the AP bus will create the associated queue
devices in the linux sysfs device model. Each new type 10 (i.e., CEX4) or
newer queue device with an APQN that is not reserved for the default device
driver will get bound to the vfio_ap device driver. Likewise, whan an
adapter or domain is removed from the host's AP configuration, the AP bus
will remove the associated queue devices from the sysfs device model. Each
of the queues that is bound to the vfio_ap device driver will get unbound.
With the introduction of hot plug support, binding or unbinding of a
queue device will result in plugging or unplugging one or more queues from
a guest that is using the queue. If there are multiple changes to the
host's AP configuration, it could result in the probe and remove callbacks
getting invoked multiple times. Each time queues are plugged into or
unplugged from a guest, the guest's VCPUs must be taken out of SIE.
If this occurs multiple times due to changes in the host's AP
configuration, that can have an undesirable negative affect on the guest's
performance.
To alleviate this problem, this patch introduces two new callbacks: one to
notify the vfio_ap device driver when the AP bus scan routine detects a
change to the host's AP configuration; and, one to notify the driver when
the AP bus is done scanning. This will allow the vfio_ap driver to do
bulk processing of all affected adapters, domains and control domains for
affected guests rather than plugging or unplugging them one at a time when
the probe or remove callback is invoked. The two new callbacks are:
void (*on_config_changed)(struct ap_config_info *new_config_info,
struct ap_config_info *old_config_info);
This callback is invoked at the start of the AP bus scan
function when it determines that the host AP configuration information
has changed since the previous scan. This is done by storing
an old and current QCI info struct and comparing them. If there is any
difference, the callback is invoked.
void (*on_scan_complete)(struct ap_config_info *new_config_info,
struct ap_config_info *old_config_info);
The on_scan_complete callback is invoked after the ap bus scan is
completed if the host AP configuration data has changed.
Signed-off-by: Tony Krowiak <akrowiak@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2021-10-01 13:39:13 -04:00
|
|
|
*/
|
|
|
|
|
void (*on_scan_complete)(struct ap_config_info *new_config_info,
|
|
|
|
|
struct ap_config_info *old_config_info);
|
2006-09-20 15:58:25 +02:00
|
|
|
};
|
|
|
|
|
|
2024-07-01 14:07:37 +02:00
|
|
|
#define to_ap_drv(x) container_of_const((x), struct ap_driver, driver)
|
2006-09-20 15:58:25 +02:00
|
|
|
|
|
|
|
|
int ap_driver_register(struct ap_driver *, struct module *, char *);
|
|
|
|
|
void ap_driver_unregister(struct ap_driver *);
|
|
|
|
|
|
|
|
|
|
struct ap_device {
|
|
|
|
|
struct device device;
|
2016-08-25 11:16:03 +02:00
|
|
|
int device_type; /* AP device type. */
|
|
|
|
|
};
|
2006-09-20 15:58:25 +02:00
|
|
|
|
2016-08-25 11:16:03 +02:00
|
|
|
#define to_ap_dev(x) container_of((x), struct ap_device, device)
|
2015-09-14 17:01:23 +02:00
|
|
|
|
2016-08-25 11:16:03 +02:00
|
|
|
struct ap_card {
|
|
|
|
|
struct ap_device ap_dev;
|
2023-11-04 10:04:31 +01:00
|
|
|
struct ap_tapq_hwinfo hwinfo; /* TAPQ GR2 content */
|
2016-08-25 11:16:03 +02:00
|
|
|
int id; /* AP card number. */
|
2021-06-25 12:29:46 +02:00
|
|
|
unsigned int maxmsgsize; /* AP msg limit for this card */
|
2020-07-02 16:57:00 +02:00
|
|
|
bool config; /* configured state */
|
2021-11-17 15:38:39 +01:00
|
|
|
bool chkstop; /* checkstop state */
|
2019-12-20 16:02:54 +01:00
|
|
|
atomic64_t total_request_count; /* # requests ever for this AP device.*/
|
2016-08-25 11:16:03 +02:00
|
|
|
};
|
|
|
|
|
|
2025-07-23 15:39:12 +02:00
|
|
|
#define TAPQ_CARD_HWINFO_MASK 0xFFFF0000FFFF0F0FUL
|
2023-03-10 17:46:49 +01:00
|
|
|
#define ASSOC_IDX_INVALID 0x10000
|
2022-09-07 17:25:45 +02:00
|
|
|
|
2016-08-25 11:16:03 +02:00
|
|
|
#define to_ap_card(x) container_of((x), struct ap_card, ap_dev.device)
|
2006-09-20 15:58:25 +02:00
|
|
|
|
2016-08-25 11:16:03 +02:00
|
|
|
struct ap_queue {
|
|
|
|
|
struct ap_device ap_dev;
|
2020-05-08 15:51:19 +02:00
|
|
|
struct hlist_node hnode; /* Node for the ap_queues hashtable */
|
2016-08-25 11:16:03 +02:00
|
|
|
struct ap_card *card; /* Ptr to assoc. AP card. */
|
|
|
|
|
spinlock_t lock; /* Per device lock. */
|
2020-07-02 11:22:01 +02:00
|
|
|
enum ap_dev_state dev_state; /* queue device state */
|
2020-07-02 16:57:00 +02:00
|
|
|
bool config; /* configured state */
|
2021-11-17 15:38:39 +01:00
|
|
|
bool chkstop; /* checkstop state */
|
2016-08-25 11:16:03 +02:00
|
|
|
ap_qid_t qid; /* AP queue id. */
|
2023-11-09 11:24:20 +01:00
|
|
|
unsigned int se_bstate; /* SE bind state (BS) */
|
2023-03-10 17:46:49 +01:00
|
|
|
unsigned int assoc_idx; /* SE association index */
|
2006-09-20 15:58:25 +02:00
|
|
|
int queue_count; /* # messages currently on AP queue. */
|
|
|
|
|
int pendingq_count; /* # requests on pendingq list. */
|
|
|
|
|
int requestq_count; /* # requests on requestq list. */
|
2019-12-20 16:02:54 +01:00
|
|
|
u64 total_request_count; /* # requests ever for this AP device.*/
|
2018-08-17 12:36:01 +02:00
|
|
|
int request_timeout; /* Request timeout in jiffies. */
|
2016-08-25 11:16:03 +02:00
|
|
|
struct timer_list timeout; /* Timer for request timeouts. */
|
|
|
|
|
struct list_head pendingq; /* List of message sent to AP queue. */
|
|
|
|
|
struct list_head requestq; /* List of message yet to be sent. */
|
2006-09-20 15:58:25 +02:00
|
|
|
struct ap_message *reply; /* Per device reply message. */
|
2020-07-02 11:22:01 +02:00
|
|
|
enum ap_sm_state sm_state; /* ap queue state machine state */
|
2023-03-10 17:46:49 +01:00
|
|
|
int rapq_fbit; /* fbit arg for next rapq invocation */
|
2020-07-02 15:56:15 +02:00
|
|
|
int last_err_rc; /* last error state response code */
|
2006-09-20 15:58:25 +02:00
|
|
|
};
|
|
|
|
|
|
2016-08-25 11:16:03 +02:00
|
|
|
#define to_ap_queue(x) container_of((x), struct ap_queue, ap_dev.device)
|
|
|
|
|
|
2020-05-26 10:49:33 +02:00
|
|
|
typedef enum ap_sm_wait (ap_func_t)(struct ap_queue *queue);
|
2006-09-20 15:58:25 +02:00
|
|
|
|
2025-04-24 15:35:55 +02:00
|
|
|
struct ap_response_type {
|
|
|
|
|
struct completion work;
|
|
|
|
|
int type;
|
|
|
|
|
};
|
|
|
|
|
|
2006-09-20 15:58:25 +02:00
|
|
|
struct ap_message {
|
|
|
|
|
struct list_head list; /* Request queueing. */
|
2023-01-29 19:45:25 +01:00
|
|
|
unsigned long psmid; /* Message id. */
|
2020-04-30 12:23:29 +02:00
|
|
|
void *msg; /* Pointer to message buffer. */
|
2023-02-14 17:13:18 +01:00
|
|
|
size_t len; /* actual msg len in msg buffer */
|
|
|
|
|
size_t bufsize; /* allocated msg buffer size */
|
2020-09-29 16:07:22 +02:00
|
|
|
u16 flags; /* Flags, see AP_MSG_FLAG_xxx */
|
2015-09-14 16:59:27 +02:00
|
|
|
int rc; /* Return code for this message */
|
2025-04-24 15:35:55 +02:00
|
|
|
struct ap_response_type response;
|
2012-05-16 14:08:22 +02:00
|
|
|
/* receive is called from tasklet context */
|
2016-08-25 11:16:03 +02:00
|
|
|
void (*receive)(struct ap_queue *, struct ap_message *,
|
2012-05-16 14:08:22 +02:00
|
|
|
struct ap_message *);
|
2006-09-20 15:58:25 +02:00
|
|
|
};
|
|
|
|
|
|
2021-11-23 15:16:06 +01:00
|
|
|
#define AP_MSG_FLAG_SPECIAL 0x0001 /* flag msg as 'special' with NQAP */
|
|
|
|
|
#define AP_MSG_FLAG_USAGE 0x0002 /* CCA, EP11: usage (no admin) msg */
|
|
|
|
|
#define AP_MSG_FLAG_ADMIN 0x0004 /* CCA, EP11: admin (=control) msg */
|
2025-04-24 15:35:57 +02:00
|
|
|
#define AP_MSG_FLAG_MEMPOOL 0x0008 /* ap msg buffer allocated via mempool */
|
2020-04-30 12:23:29 +02:00
|
|
|
|
2025-04-24 15:35:59 +02:00
|
|
|
int ap_init_apmsg(struct ap_message *ap_msg, u32 flags);
|
2025-04-24 15:35:56 +02:00
|
|
|
void ap_release_apmsg(struct ap_message *ap_msg);
|
2009-12-07 12:51:54 +01:00
|
|
|
|
2020-05-26 10:49:33 +02:00
|
|
|
enum ap_sm_wait ap_sm_event(struct ap_queue *aq, enum ap_sm_event event);
|
|
|
|
|
enum ap_sm_wait ap_sm_event_loop(struct ap_queue *aq, enum ap_sm_event event);
|
2016-08-25 11:16:03 +02:00
|
|
|
|
2020-07-02 11:22:01 +02:00
|
|
|
int ap_queue_message(struct ap_queue *aq, struct ap_message *ap_msg);
|
2016-08-25 11:16:03 +02:00
|
|
|
void ap_cancel_message(struct ap_queue *aq, struct ap_message *ap_msg);
|
|
|
|
|
void ap_flush_queue(struct ap_queue *aq);
|
2023-09-12 10:08:51 +02:00
|
|
|
bool ap_queue_usable(struct ap_queue *aq);
|
2016-08-25 11:16:03 +02:00
|
|
|
|
|
|
|
|
void *ap_airq_ptr(void);
|
2022-09-20 15:12:01 +02:00
|
|
|
int ap_sb_available(void);
|
2023-08-11 16:56:20 +02:00
|
|
|
bool ap_is_se_guest(void);
|
2020-05-26 10:49:33 +02:00
|
|
|
void ap_wait(enum ap_sm_wait wait);
|
2017-10-25 03:27:37 -07:00
|
|
|
void ap_request_timeout(struct timer_list *t);
|
2024-01-30 17:42:50 +01:00
|
|
|
bool ap_bus_force_rescan(void);
|
2016-08-25 11:16:03 +02:00
|
|
|
|
2019-05-21 13:50:09 +02:00
|
|
|
int ap_test_config_usage_domain(unsigned int domain);
|
|
|
|
|
int ap_test_config_ctrl_domain(unsigned int domain);
|
|
|
|
|
|
2016-08-25 11:16:03 +02:00
|
|
|
void ap_queue_init_reply(struct ap_queue *aq, struct ap_message *ap_msg);
|
2024-09-25 15:31:06 +02:00
|
|
|
struct ap_queue *ap_queue_create(ap_qid_t qid, struct ap_card *ac);
|
2019-02-22 17:24:11 +01:00
|
|
|
void ap_queue_prepare_remove(struct ap_queue *aq);
|
2016-08-25 11:16:03 +02:00
|
|
|
void ap_queue_remove(struct ap_queue *aq);
|
2019-11-22 16:30:06 +01:00
|
|
|
void ap_queue_init_state(struct ap_queue *aq);
|
2023-09-12 09:54:25 +02:00
|
|
|
void _ap_queue_init_state(struct ap_queue *aq);
|
2016-08-25 11:16:03 +02:00
|
|
|
|
2023-11-04 10:04:31 +01:00
|
|
|
struct ap_card *ap_card_create(int id, struct ap_tapq_hwinfo info,
|
|
|
|
|
int comp_type);
|
2006-09-20 15:58:25 +02:00
|
|
|
|
2019-02-01 16:21:11 -05:00
|
|
|
#define APMASKSIZE (BITS_TO_LONGS(AP_DEVICES) * sizeof(unsigned long))
|
|
|
|
|
#define AQMASKSIZE (BITS_TO_LONGS(AP_DOMAINS) * sizeof(unsigned long))
|
|
|
|
|
|
s390/zcrypt: multiple zcrypt device nodes support
This patch is an extension to the zcrypt device driver to provide,
support and maintain multiple zcrypt device nodes. The individual
zcrypt device nodes can be restricted in terms of crypto cards,
domains and available ioctls. Such a device node can be used as a
base for container solutions like docker to control and restrict
the access to crypto resources.
The handling is done with a new sysfs subdir /sys/class/zcrypt.
Echoing a name (or an empty sting) into the attribute "create" creates
a new zcrypt device node. In /sys/class/zcrypt a new link will appear
which points to the sysfs device tree of this new device. The
attribute files "ioctlmask", "apmask" and "aqmask" in this directory
are used to customize this new zcrypt device node instance. Finally
the zcrypt device node can be destroyed by echoing the name into
/sys/class/zcrypt/destroy. The internal structs holding the device
info are reference counted - so a destroy will not hard remove a
device but only marks it as removable when the reference counter drops
to zero.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
* Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
* Relative format - a concatenation (done with ',') of the
terms +<bitnr>[-<bitnr>] or -<bitnr>[-<bitnr>]. <bitnr> may be any
valid number (hex, decimal or octal) in the range 0...255. Here are
some examples:
"+0-15,+32,-128,-0xFF"
"-0-255,+1-16,+0x128"
"+1,+2,+3,+4,-5,-7-10"
A simple usage examples:
# create new zcrypt device 'my_zcrypt':
echo "my_zcrypt" >/sys/class/zcrypt/create
# go into the device dir of this new device
echo "my_zcrypt" >create
cd my_zcrypt/
ls -l
total 0
-rw-r--r-- 1 root root 4096 Jul 20 15:23 apmask
-rw-r--r-- 1 root root 4096 Jul 20 15:23 aqmask
-r--r--r-- 1 root root 4096 Jul 20 15:23 dev
-rw-r--r-- 1 root root 4096 Jul 20 15:23 ioctlmask
lrwxrwxrwx 1 root root 0 Jul 20 15:23 subsystem -> ../../../../class/zcrypt
...
# customize this zcrypt node clone
# enable only adapter 0 and 2
echo "0xa0" >apmask
# enable only domain 6
echo "+6" >aqmask
# enable all 256 ioctls
echo "+0-255" >ioctls
# now the /dev/my_zcrypt may be used
# finally destroy it
echo "my_zcrypt" >/sys/class/zcrypt/destroy
Please note that a very similar 'filtering behavior' also applies to
the parent z90crypt device. The two mask attributes apmask and aqmask
in /sys/bus/ap act the very same for the z90crypt device node. However
the implementation here is totally different as the ap bus acts on
bind/unbind of queue devices and associated drivers but the effect is
still the same. So there are two filters active for each additional
zcrypt device node: The adapter/domain needs to be enabled on the ap
bus level and it needs to be active on the zcrypt device node level.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-09-17 16:18:41 +02:00
|
|
|
struct ap_perms {
|
|
|
|
|
unsigned long ioctlm[BITS_TO_LONGS(AP_IOCTLS)];
|
|
|
|
|
unsigned long apm[BITS_TO_LONGS(AP_DEVICES)];
|
|
|
|
|
unsigned long aqm[BITS_TO_LONGS(AP_DOMAINS)];
|
2021-12-15 19:23:29 +01:00
|
|
|
unsigned long adm[BITS_TO_LONGS(AP_DOMAINS)];
|
s390/zcrypt: multiple zcrypt device nodes support
This patch is an extension to the zcrypt device driver to provide,
support and maintain multiple zcrypt device nodes. The individual
zcrypt device nodes can be restricted in terms of crypto cards,
domains and available ioctls. Such a device node can be used as a
base for container solutions like docker to control and restrict
the access to crypto resources.
The handling is done with a new sysfs subdir /sys/class/zcrypt.
Echoing a name (or an empty sting) into the attribute "create" creates
a new zcrypt device node. In /sys/class/zcrypt a new link will appear
which points to the sysfs device tree of this new device. The
attribute files "ioctlmask", "apmask" and "aqmask" in this directory
are used to customize this new zcrypt device node instance. Finally
the zcrypt device node can be destroyed by echoing the name into
/sys/class/zcrypt/destroy. The internal structs holding the device
info are reference counted - so a destroy will not hard remove a
device but only marks it as removable when the reference counter drops
to zero.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
* Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
* Relative format - a concatenation (done with ',') of the
terms +<bitnr>[-<bitnr>] or -<bitnr>[-<bitnr>]. <bitnr> may be any
valid number (hex, decimal or octal) in the range 0...255. Here are
some examples:
"+0-15,+32,-128,-0xFF"
"-0-255,+1-16,+0x128"
"+1,+2,+3,+4,-5,-7-10"
A simple usage examples:
# create new zcrypt device 'my_zcrypt':
echo "my_zcrypt" >/sys/class/zcrypt/create
# go into the device dir of this new device
echo "my_zcrypt" >create
cd my_zcrypt/
ls -l
total 0
-rw-r--r-- 1 root root 4096 Jul 20 15:23 apmask
-rw-r--r-- 1 root root 4096 Jul 20 15:23 aqmask
-r--r--r-- 1 root root 4096 Jul 20 15:23 dev
-rw-r--r-- 1 root root 4096 Jul 20 15:23 ioctlmask
lrwxrwxrwx 1 root root 0 Jul 20 15:23 subsystem -> ../../../../class/zcrypt
...
# customize this zcrypt node clone
# enable only adapter 0 and 2
echo "0xa0" >apmask
# enable only domain 6
echo "+6" >aqmask
# enable all 256 ioctls
echo "+0-255" >ioctls
# now the /dev/my_zcrypt may be used
# finally destroy it
echo "my_zcrypt" >/sys/class/zcrypt/destroy
Please note that a very similar 'filtering behavior' also applies to
the parent z90crypt device. The two mask attributes apmask and aqmask
in /sys/bus/ap act the very same for the z90crypt device node. However
the implementation here is totally different as the ap bus acts on
bind/unbind of queue devices and associated drivers but the effect is
still the same. So there are two filters active for each additional
zcrypt device node: The adapter/domain needs to be enabled on the ap
bus level and it needs to be active on the zcrypt device node level.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-09-17 16:18:41 +02:00
|
|
|
};
|
2022-04-04 17:12:37 +02:00
|
|
|
|
s390/zcrypt: multiple zcrypt device nodes support
This patch is an extension to the zcrypt device driver to provide,
support and maintain multiple zcrypt device nodes. The individual
zcrypt device nodes can be restricted in terms of crypto cards,
domains and available ioctls. Such a device node can be used as a
base for container solutions like docker to control and restrict
the access to crypto resources.
The handling is done with a new sysfs subdir /sys/class/zcrypt.
Echoing a name (or an empty sting) into the attribute "create" creates
a new zcrypt device node. In /sys/class/zcrypt a new link will appear
which points to the sysfs device tree of this new device. The
attribute files "ioctlmask", "apmask" and "aqmask" in this directory
are used to customize this new zcrypt device node instance. Finally
the zcrypt device node can be destroyed by echoing the name into
/sys/class/zcrypt/destroy. The internal structs holding the device
info are reference counted - so a destroy will not hard remove a
device but only marks it as removable when the reference counter drops
to zero.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
* Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
* Relative format - a concatenation (done with ',') of the
terms +<bitnr>[-<bitnr>] or -<bitnr>[-<bitnr>]. <bitnr> may be any
valid number (hex, decimal or octal) in the range 0...255. Here are
some examples:
"+0-15,+32,-128,-0xFF"
"-0-255,+1-16,+0x128"
"+1,+2,+3,+4,-5,-7-10"
A simple usage examples:
# create new zcrypt device 'my_zcrypt':
echo "my_zcrypt" >/sys/class/zcrypt/create
# go into the device dir of this new device
echo "my_zcrypt" >create
cd my_zcrypt/
ls -l
total 0
-rw-r--r-- 1 root root 4096 Jul 20 15:23 apmask
-rw-r--r-- 1 root root 4096 Jul 20 15:23 aqmask
-r--r--r-- 1 root root 4096 Jul 20 15:23 dev
-rw-r--r-- 1 root root 4096 Jul 20 15:23 ioctlmask
lrwxrwxrwx 1 root root 0 Jul 20 15:23 subsystem -> ../../../../class/zcrypt
...
# customize this zcrypt node clone
# enable only adapter 0 and 2
echo "0xa0" >apmask
# enable only domain 6
echo "+6" >aqmask
# enable all 256 ioctls
echo "+0-255" >ioctls
# now the /dev/my_zcrypt may be used
# finally destroy it
echo "my_zcrypt" >/sys/class/zcrypt/destroy
Please note that a very similar 'filtering behavior' also applies to
the parent z90crypt device. The two mask attributes apmask and aqmask
in /sys/bus/ap act the very same for the z90crypt device node. However
the implementation here is totally different as the ap bus acts on
bind/unbind of queue devices and associated drivers but the effect is
still the same. So there are two filters active for each additional
zcrypt device node: The adapter/domain needs to be enabled on the ap
bus level and it needs to be active on the zcrypt device node level.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-09-17 16:18:41 +02:00
|
|
|
extern struct ap_perms ap_perms;
|
|
|
|
|
extern struct mutex ap_perms_mutex;
|
|
|
|
|
|
2020-05-08 15:51:19 +02:00
|
|
|
/*
|
|
|
|
|
* Get ap_queue device for this qid.
|
|
|
|
|
* Returns ptr to the struct ap_queue device or NULL if there
|
|
|
|
|
* was no ap_queue device with this qid found. When something is
|
|
|
|
|
* found, the reference count of the embedded device is increased.
|
|
|
|
|
* So the caller has to decrease the reference count after use
|
|
|
|
|
* with a call to put_device(&aq->ap_dev.device).
|
|
|
|
|
*/
|
|
|
|
|
struct ap_queue *ap_get_qdev(ap_qid_t qid);
|
|
|
|
|
|
s390/zcrypt: AP bus support for alternate driver(s)
The current AP bus, AP devices and AP device drivers implementation
uses a clearly defined mapping for binding AP devices to AP device
drivers. So for example a CEX6C queue will always be bound to the
cex4queue device driver.
The Linux Device Driver model has no sensitivity for more than one
device driver eligible for one device type. If there exist more than
one drivers matching to the device type, simple all drivers are tried
consecutively. There is no way to determine and influence the probing
order of the drivers.
With KVM there is a need to provide additional device drivers matching
to the very same type of AP devices. With a simple implementation the
KVM drivers run in competition to the regular drivers. Whichever
'wins' a device depends on build order and implementation details
within the common Linux Device Driver Model and is not
deterministic. However, a userspace process could figure out which
device should be bound to which driver and sort out the correct
binding by manipulating attributes in the sysfs.
If for security reasons a AP device must not get bound to the 'wrong'
device driver the sorting out has to be done within the Linux kernel
by the AP bus code. This patch modifies the behavior of the AP bus
for probing drivers for devices in a way that two sets of drivers are
usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a
subset of the APQN range for 'usable by the ap bus and the default
drivers' or 'not usable by the default drivers and thus available for
alternate drivers like vfio-xxx'. So an APQN which is addressed by
this masking only the default drivers will be probed. In contrary an
APQN which is not addressed by the masks will never be probed and
bound to default drivers but onny to alternate drivers.
Eventually the two masks give a way to divide the range of APQNs into
two pools: one pool of APQNs used by the AP bus and the default
drivers and thus via zcrypt drivers available to the userspace of the
system. And another pool where no zcrypt drivers are bound to and
which can be used by alternate drivers (like vfio-xxx) for their
needs. This division is hot-plug save and makes sure a APQN assigned
to an alternate driver is at no time somehow exploitable by the wrong
party.
The two masks are located in sysfs at /sys/bus/ap/apmask and
/sys/bus/ap/aqmask. The mask syntax is exactly the same as the
already existing mask attributes in the /sys/bus/ap directory (for
example ap_usage_domain_mask and ap_control_domain_mask).
By default all APQNs belong to the ap bus and the default drivers:
cat /sys/bus/ap/apmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
cat /sys/bus/ap/aqmask
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
The masks can be changed at boot time with the kernel command line
like this:
... ap.apmask=0xffff ap.aqmask=0x40
This would give these two pools:
default drivers pool: adapter 0 - 15, domain 1
alternate drivers pool: adapter 0 - 15, all but domain 1
adapter 16-255, all domains
The sysfs attributes for this two masks are writeable and an
administrator is able to reconfigure the assignements on the fly by
writing new mask values into. With changing the mask(s) a revision of
the existing queue to driver bindings is done. So all APQNs which are
bound to the 'wrong' driver are reprobed via kernel function
device_reprobe() and thus the new correct driver will be assigned with
respect of the changed apmask and aqmask bits.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
- Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
- '+' or '-' followed by a numerical value. Valid examples are "+1",
"-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed
bit in the mask is switched on ('+') or off ('-').
This patch will also be the base for an upcoming extension to the
zcrypt drivers to be able to provide additional zcrypt device nodes
with filtering based on ap and aq masks.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 08:36:53 +02:00
|
|
|
/*
|
|
|
|
|
* check APQN for owned/reserved by ap bus and default driver(s).
|
|
|
|
|
* Checks if this APQN is or will be in use by the ap bus
|
|
|
|
|
* and the default set of drivers.
|
|
|
|
|
* If yes, returns 1, if not returns 0. On error a negative
|
|
|
|
|
* errno value is returned.
|
|
|
|
|
*/
|
|
|
|
|
int ap_owned_by_def_drv(int card, int queue);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* check 'matrix' of APQNs for owned/reserved by ap bus and
|
|
|
|
|
* default driver(s).
|
|
|
|
|
* Checks if there is at least one APQN in the given 'matrix'
|
|
|
|
|
* marked as owned/reserved by the ap bus and default driver(s).
|
|
|
|
|
* If such an APQN is found the return value is 1, otherwise
|
|
|
|
|
* 0 is returned. On error a negative errno value is returned.
|
|
|
|
|
* The parameter apm is a bitmask which should be declared
|
|
|
|
|
* as DECLARE_BITMAP(apm, AP_DEVICES), the aqm parameter is
|
|
|
|
|
* similar, should be declared as DECLARE_BITMAP(aqm, AP_DOMAINS).
|
|
|
|
|
*/
|
|
|
|
|
int ap_apqn_in_matrix_owned_by_def_drv(unsigned long *apm,
|
|
|
|
|
unsigned long *aqm);
|
|
|
|
|
|
s390/zcrypt: multiple zcrypt device nodes support
This patch is an extension to the zcrypt device driver to provide,
support and maintain multiple zcrypt device nodes. The individual
zcrypt device nodes can be restricted in terms of crypto cards,
domains and available ioctls. Such a device node can be used as a
base for container solutions like docker to control and restrict
the access to crypto resources.
The handling is done with a new sysfs subdir /sys/class/zcrypt.
Echoing a name (or an empty sting) into the attribute "create" creates
a new zcrypt device node. In /sys/class/zcrypt a new link will appear
which points to the sysfs device tree of this new device. The
attribute files "ioctlmask", "apmask" and "aqmask" in this directory
are used to customize this new zcrypt device node instance. Finally
the zcrypt device node can be destroyed by echoing the name into
/sys/class/zcrypt/destroy. The internal structs holding the device
info are reference counted - so a destroy will not hard remove a
device but only marks it as removable when the reference counter drops
to zero.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
* Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
* Relative format - a concatenation (done with ',') of the
terms +<bitnr>[-<bitnr>] or -<bitnr>[-<bitnr>]. <bitnr> may be any
valid number (hex, decimal or octal) in the range 0...255. Here are
some examples:
"+0-15,+32,-128,-0xFF"
"-0-255,+1-16,+0x128"
"+1,+2,+3,+4,-5,-7-10"
A simple usage examples:
# create new zcrypt device 'my_zcrypt':
echo "my_zcrypt" >/sys/class/zcrypt/create
# go into the device dir of this new device
echo "my_zcrypt" >create
cd my_zcrypt/
ls -l
total 0
-rw-r--r-- 1 root root 4096 Jul 20 15:23 apmask
-rw-r--r-- 1 root root 4096 Jul 20 15:23 aqmask
-r--r--r-- 1 root root 4096 Jul 20 15:23 dev
-rw-r--r-- 1 root root 4096 Jul 20 15:23 ioctlmask
lrwxrwxrwx 1 root root 0 Jul 20 15:23 subsystem -> ../../../../class/zcrypt
...
# customize this zcrypt node clone
# enable only adapter 0 and 2
echo "0xa0" >apmask
# enable only domain 6
echo "+6" >aqmask
# enable all 256 ioctls
echo "+0-255" >ioctls
# now the /dev/my_zcrypt may be used
# finally destroy it
echo "my_zcrypt" >/sys/class/zcrypt/destroy
Please note that a very similar 'filtering behavior' also applies to
the parent z90crypt device. The two mask attributes apmask and aqmask
in /sys/bus/ap act the very same for the z90crypt device node. However
the implementation here is totally different as the ap bus acts on
bind/unbind of queue devices and associated drivers but the effect is
still the same. So there are two filters active for each additional
zcrypt device node: The adapter/domain needs to be enabled on the ap
bus level and it needs to be active on the zcrypt device node level.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-09-17 16:18:41 +02:00
|
|
|
/*
|
|
|
|
|
* ap_parse_mask_str() - helper function to parse a bitmap string
|
|
|
|
|
* and clear/set the bits in the bitmap accordingly. The string may be
|
|
|
|
|
* given as absolute value, a hex string like 0x1F2E3D4C5B6A" simple
|
|
|
|
|
* overwriting the current content of the bitmap. Or as relative string
|
|
|
|
|
* like "+1-16,-32,-0x40,+128" where only single bits or ranges of
|
|
|
|
|
* bits are cleared or set. Distinction is done based on the very
|
|
|
|
|
* first character which may be '+' or '-' for the relative string
|
2023-06-28 16:23:20 +02:00
|
|
|
* and otherwise assume to be an absolute value string. If parsing fails
|
s390/zcrypt: multiple zcrypt device nodes support
This patch is an extension to the zcrypt device driver to provide,
support and maintain multiple zcrypt device nodes. The individual
zcrypt device nodes can be restricted in terms of crypto cards,
domains and available ioctls. Such a device node can be used as a
base for container solutions like docker to control and restrict
the access to crypto resources.
The handling is done with a new sysfs subdir /sys/class/zcrypt.
Echoing a name (or an empty sting) into the attribute "create" creates
a new zcrypt device node. In /sys/class/zcrypt a new link will appear
which points to the sysfs device tree of this new device. The
attribute files "ioctlmask", "apmask" and "aqmask" in this directory
are used to customize this new zcrypt device node instance. Finally
the zcrypt device node can be destroyed by echoing the name into
/sys/class/zcrypt/destroy. The internal structs holding the device
info are reference counted - so a destroy will not hard remove a
device but only marks it as removable when the reference counter drops
to zero.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
* Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
* Relative format - a concatenation (done with ',') of the
terms +<bitnr>[-<bitnr>] or -<bitnr>[-<bitnr>]. <bitnr> may be any
valid number (hex, decimal or octal) in the range 0...255. Here are
some examples:
"+0-15,+32,-128,-0xFF"
"-0-255,+1-16,+0x128"
"+1,+2,+3,+4,-5,-7-10"
A simple usage examples:
# create new zcrypt device 'my_zcrypt':
echo "my_zcrypt" >/sys/class/zcrypt/create
# go into the device dir of this new device
echo "my_zcrypt" >create
cd my_zcrypt/
ls -l
total 0
-rw-r--r-- 1 root root 4096 Jul 20 15:23 apmask
-rw-r--r-- 1 root root 4096 Jul 20 15:23 aqmask
-r--r--r-- 1 root root 4096 Jul 20 15:23 dev
-rw-r--r-- 1 root root 4096 Jul 20 15:23 ioctlmask
lrwxrwxrwx 1 root root 0 Jul 20 15:23 subsystem -> ../../../../class/zcrypt
...
# customize this zcrypt node clone
# enable only adapter 0 and 2
echo "0xa0" >apmask
# enable only domain 6
echo "+6" >aqmask
# enable all 256 ioctls
echo "+0-255" >ioctls
# now the /dev/my_zcrypt may be used
# finally destroy it
echo "my_zcrypt" >/sys/class/zcrypt/destroy
Please note that a very similar 'filtering behavior' also applies to
the parent z90crypt device. The two mask attributes apmask and aqmask
in /sys/bus/ap act the very same for the z90crypt device node. However
the implementation here is totally different as the ap bus acts on
bind/unbind of queue devices and associated drivers but the effect is
still the same. So there are two filters active for each additional
zcrypt device node: The adapter/domain needs to be enabled on the ap
bus level and it needs to be active on the zcrypt device node level.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-09-17 16:18:41 +02:00
|
|
|
* a negative errno value is returned. All arguments and bitmaps are
|
|
|
|
|
* big endian order.
|
|
|
|
|
*/
|
|
|
|
|
int ap_parse_mask_str(const char *str,
|
|
|
|
|
unsigned long *bitmap, int bits,
|
|
|
|
|
struct mutex *lock);
|
|
|
|
|
|
2024-04-15 11:25:51 -04:00
|
|
|
/*
|
|
|
|
|
* ap_hex2bitmap() - Convert a string containing a hexadecimal number (str)
|
|
|
|
|
* into a bitmap (bitmap) with bits set that correspond to the bits represented
|
|
|
|
|
* by the hex string. Input and output data is in big endian order.
|
|
|
|
|
*
|
|
|
|
|
* str - Input hex string of format "0x1234abcd". The leading "0x" is optional.
|
|
|
|
|
* At least one digit is required. Must be large enough to hold the number of
|
|
|
|
|
* bits represented by the bits parameter.
|
|
|
|
|
*
|
|
|
|
|
* bitmap - Pointer to a bitmap. Upon successful completion of this function,
|
|
|
|
|
* this bitmap will have bits set to match the value of str. If bitmap is longer
|
|
|
|
|
* than str, then the rightmost bits of bitmap are padded with zeros. Must be
|
|
|
|
|
* large enough to hold the number of bits represented by the bits parameter.
|
|
|
|
|
*
|
|
|
|
|
* bits - Length, in bits, of the bitmap represented by str. Must be a multiple
|
|
|
|
|
* of 8.
|
|
|
|
|
*
|
|
|
|
|
* Returns: 0 On success
|
|
|
|
|
* -EINVAL If str format is invalid or bits is not a multiple of 8.
|
|
|
|
|
*/
|
|
|
|
|
int ap_hex2bitmap(const char *str, unsigned long *bitmap, int bits);
|
|
|
|
|
|
2020-08-31 10:16:26 +02:00
|
|
|
/*
|
|
|
|
|
* Interface to wait for the AP bus to have done one initial ap bus
|
|
|
|
|
* scan and all detected APQNs have been bound to device drivers.
|
|
|
|
|
* If these both conditions are not fulfilled, this function blocks
|
|
|
|
|
* on a condition with wait_for_completion_killable_timeout().
|
|
|
|
|
* If these both conditions are fulfilled (before the timeout hits)
|
|
|
|
|
* the return value is 0. If the timeout (in jiffies) hits instead
|
|
|
|
|
* -ETIME is returned. On failures negative return values are
|
|
|
|
|
* returned to the caller.
|
2024-01-30 15:30:22 +01:00
|
|
|
* It may be that the AP bus scan finds new devices. Then the
|
|
|
|
|
* condition that all APQNs are bound to their device drivers
|
|
|
|
|
* is reset to false and this call again blocks until either all
|
|
|
|
|
* APQNs are bound to a device driver or the timeout hits again.
|
2020-08-31 10:16:26 +02:00
|
|
|
*/
|
2024-01-30 15:30:22 +01:00
|
|
|
int ap_wait_apqn_bindings_complete(unsigned long timeout);
|
2020-08-31 10:16:26 +02:00
|
|
|
|
2021-04-13 18:11:09 +02:00
|
|
|
void ap_send_config_uevent(struct ap_device *ap_dev, bool cfg);
|
|
|
|
|
void ap_send_online_uevent(struct ap_device *ap_dev, int online);
|
|
|
|
|
|
2006-09-20 15:58:25 +02:00
|
|
|
#endif /* _AP_BUS_H_ */
|