s390/zcrypt: new sysfs attributes serialnr and mkvps

This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
author: Harald Freudenberger <freude@linux.ibm.com> 2019-06-12 15:05:34 +0200
committer: Vasily Gorbik <gor@linux.ibm.com> 2019-07-29 18:14:17 +0200
commit: 7c4e91c0959bf42a86ba4887425fc944d0d28595 (patch)
tree: 438dd3d9355dac3e40f237c17c51a5eb52f82cbd /drivers/s390/crypto/zcrypt_ccamisc.c
parent: 94bbd34e51bc7809357e24e4011b169d321a8272 (diff)
1 files changed, 20 insertions, 13 deletions
diff --git a/drivers/s390/crypto/zcrypt_ccamisc.c b/drivers/s390/crypto/zcrypt_ccamisc.c
index b1f9332a0298..9dd31577ce47 100644
--- a/drivers/s390/crypto/zcrypt_ccamisc.c
+++ b/drivers/s390/crypto/zcrypt_ccamisc.c
@@ -33,17 +33,6 @@
 /* Size of vardata block used for some of the cca requests/replies */
 #define VARDATASIZE 4096
 
-/* struct to hold cached info for each CCA card/domain */
-struct cca_info {
-	char new_mk_state;  /* '1' Empty, '2' Partially full, '3' Full */
-	char cur_mk_state;  /* '1' Invalid, '2' Valid */
-	char old_mk_state;  /* '1' Invalid, '2' Valid */
-	u64  new_mkvp;	    /* truncated sha256 hash of new master key */
-	u64  cur_mkvp;	    /* truncated sha256 hash of current master key */
-	u64  old_mkvp;	    /* truncated sha256 hash of old master key */
-	char serial[9];
-};
-
 struct cca_info_list_entry {
 	struct list_head list;
 	u16 cardnr;
@@ -164,9 +153,9 @@ static inline void prep_xcrb(struct ica_xcRB *pxcrb,
 	pxcrb->user_defined = (cardnr == 0xFFFF ? AUTOSELECT : cardnr);
 	pxcrb->request_control_blk_length =
 		preqcblk->cprb_len + preqcblk->req_parml;
-	pxcrb->request_control_blk_addr = (void *) preqcblk;
+	pxcrb->request_control_blk_addr = (void __user *) preqcblk;
 	pxcrb->reply_control_blk_length = preqcblk->rpl_msgbl;
-	pxcrb->reply_control_blk_addr = (void *) prepcblk;
+	pxcrb->reply_control_blk_addr = (void __user *) prepcblk;
 }
 
 /*
@@ -821,6 +810,24 @@ static int fetch_cca_info(u16 cardnr, u16 domain, struct cca_info *ci)
 }
 
 /*
+ * Fetch cca information about a CCA queue.
+ */
+int cca_get_info(u16 card, u16 dom, struct cca_info *ci, int verify)
+{
+	int rc;
+
+	rc = cca_info_cache_fetch(card, dom, ci);
+	if (rc || verify) {
+		rc = fetch_cca_info(card, dom, ci);
+		if (rc == 0)
+			cca_info_cache_update(card, dom, ci);
+	}
+
+	return rc;
+}
+EXPORT_SYMBOL(cca_get_info);
+
+/*
  * Search for a matching crypto card based on the Master Key
  * Verification Pattern provided inside a secure key.
  * Returns < 0 on failure, 0 if CURRENT MKVP matches and
author	Harald Freudenberger <freude@linux.ibm.com>	2019-06-12 15:05:34 +0200
committer	Vasily Gorbik <gor@linux.ibm.com>	2019-07-29 18:14:17 +0200
commit	7c4e91c0959bf42a86ba4887425fc944d0d28595 (patch)
tree	438dd3d9355dac3e40f237c17c51a5eb52f82cbd /drivers/s390/crypto/zcrypt_ccamisc.c
parent	94bbd34e51bc7809357e24e4011b169d321a8272 (diff)