pkey_base.c 8.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * pkey base: debug feature, pkey handler registry
  4. *
  5. * Copyright IBM Corp. 2024
  6. */
  7. #define pr_fmt(fmt) "pkey: " fmt
  8. #include <linux/cpufeature.h>
  9. #include <linux/export.h>
  10. #include <linux/init.h>
  11. #include <linux/list.h>
  12. #include <linux/module.h>
  13. #include <linux/rculist.h>
  14. #include "pkey_base.h"
  15. MODULE_LICENSE("GPL");
  16. MODULE_AUTHOR("IBM Corporation");
  17. MODULE_DESCRIPTION("s390 protected key base and api");
  18. /*
  19. * pkey debug feature
  20. */
  21. debug_info_t *pkey_dbf_info;
  22. EXPORT_SYMBOL(pkey_dbf_info);
  23. /*
  24. * pkey handler registry
  25. */
  26. static DEFINE_SPINLOCK(handler_list_write_lock);
  27. static LIST_HEAD(handler_list);
  28. int pkey_handler_register(struct pkey_handler *handler)
  29. {
  30. const struct pkey_handler *h;
  31. if (!handler ||
  32. !handler->is_supported_key ||
  33. !handler->is_supported_keytype)
  34. return -EINVAL;
  35. if (!try_module_get(handler->module))
  36. return -ENXIO;
  37. spin_lock(&handler_list_write_lock);
  38. rcu_read_lock();
  39. list_for_each_entry_rcu(h, &handler_list, list) {
  40. if (h == handler) {
  41. rcu_read_unlock();
  42. spin_unlock(&handler_list_write_lock);
  43. module_put(handler->module);
  44. return -EEXIST;
  45. }
  46. }
  47. rcu_read_unlock();
  48. list_add_rcu(&handler->list, &handler_list);
  49. spin_unlock(&handler_list_write_lock);
  50. synchronize_rcu();
  51. module_put(handler->module);
  52. PKEY_DBF_INFO("%s pkey handler '%s' registered\n", __func__,
  53. handler->name ?: "<no name>");
  54. return 0;
  55. }
  56. EXPORT_SYMBOL(pkey_handler_register);
  57. int pkey_handler_unregister(struct pkey_handler *handler)
  58. {
  59. spin_lock(&handler_list_write_lock);
  60. list_del_rcu(&handler->list);
  61. INIT_LIST_HEAD_RCU(&handler->list);
  62. spin_unlock(&handler_list_write_lock);
  63. synchronize_rcu();
  64. PKEY_DBF_INFO("%s pkey handler '%s' unregistered\n", __func__,
  65. handler->name ?: "<no name>");
  66. return 0;
  67. }
  68. EXPORT_SYMBOL(pkey_handler_unregister);
  69. /*
  70. * Handler invocation functions.
  71. */
  72. const struct pkey_handler *pkey_handler_get_keybased(const u8 *key, u32 keylen)
  73. {
  74. const struct pkey_handler *h;
  75. rcu_read_lock();
  76. list_for_each_entry_rcu(h, &handler_list, list) {
  77. if (!try_module_get(h->module))
  78. continue;
  79. if (h->is_supported_key(key, keylen)) {
  80. rcu_read_unlock();
  81. return h;
  82. }
  83. module_put(h->module);
  84. }
  85. rcu_read_unlock();
  86. return NULL;
  87. }
  88. EXPORT_SYMBOL(pkey_handler_get_keybased);
  89. const struct pkey_handler *pkey_handler_get_keytypebased(enum pkey_key_type kt)
  90. {
  91. const struct pkey_handler *h;
  92. rcu_read_lock();
  93. list_for_each_entry_rcu(h, &handler_list, list) {
  94. if (!try_module_get(h->module))
  95. continue;
  96. if (h->is_supported_keytype(kt)) {
  97. rcu_read_unlock();
  98. return h;
  99. }
  100. module_put(h->module);
  101. }
  102. rcu_read_unlock();
  103. return NULL;
  104. }
  105. EXPORT_SYMBOL(pkey_handler_get_keytypebased);
  106. void pkey_handler_put(const struct pkey_handler *handler)
  107. {
  108. const struct pkey_handler *h;
  109. if (!handler)
  110. return;
  111. rcu_read_lock();
  112. list_for_each_entry_rcu(h, &handler_list, list) {
  113. if (h == handler) {
  114. module_put(h->module);
  115. break;
  116. }
  117. }
  118. rcu_read_unlock();
  119. }
  120. EXPORT_SYMBOL(pkey_handler_put);
  121. int pkey_handler_key_to_protkey(const struct pkey_apqn *apqns, size_t nr_apqns,
  122. const u8 *key, u32 keylen,
  123. u8 *protkey, u32 *protkeylen, u32 *protkeytype,
  124. u32 xflags)
  125. {
  126. const struct pkey_handler *h;
  127. int rc = -ENODEV;
  128. h = pkey_handler_get_keybased(key, keylen);
  129. if (h && h->key_to_protkey) {
  130. rc = h->key_to_protkey(apqns, nr_apqns, key, keylen,
  131. protkey, protkeylen,
  132. protkeytype, xflags);
  133. }
  134. pkey_handler_put(h);
  135. return rc;
  136. }
  137. EXPORT_SYMBOL(pkey_handler_key_to_protkey);
  138. /*
  139. * This handler invocation is special as there may be more than
  140. * one handler providing support for the very same key (type).
  141. * And the handler may not respond true on is_supported_key(),
  142. * so simple try and check return value here.
  143. */
  144. int pkey_handler_slowpath_key_to_protkey(const struct pkey_apqn *apqns,
  145. size_t nr_apqns,
  146. const u8 *key, u32 keylen,
  147. u8 *protkey, u32 *protkeylen,
  148. u32 *protkeytype, u32 xflags)
  149. {
  150. const struct pkey_handler *h, *htmp[10];
  151. int i, n = 0, rc = -ENODEV;
  152. rcu_read_lock();
  153. list_for_each_entry_rcu(h, &handler_list, list) {
  154. if (!try_module_get(h->module))
  155. continue;
  156. if (h->slowpath_key_to_protkey && n < ARRAY_SIZE(htmp))
  157. htmp[n++] = h;
  158. else
  159. module_put(h->module);
  160. }
  161. rcu_read_unlock();
  162. for (i = 0; i < n; i++) {
  163. h = htmp[i];
  164. if (rc)
  165. rc = h->slowpath_key_to_protkey(apqns, nr_apqns,
  166. key, keylen,
  167. protkey, protkeylen,
  168. protkeytype, xflags);
  169. module_put(h->module);
  170. }
  171. return rc;
  172. }
  173. EXPORT_SYMBOL(pkey_handler_slowpath_key_to_protkey);
  174. int pkey_handler_gen_key(const struct pkey_apqn *apqns, size_t nr_apqns,
  175. u32 keytype, u32 keysubtype,
  176. u32 keybitsize, u32 flags,
  177. u8 *keybuf, u32 *keybuflen, u32 *keyinfo, u32 xflags)
  178. {
  179. const struct pkey_handler *h;
  180. int rc = -ENODEV;
  181. h = pkey_handler_get_keytypebased(keysubtype);
  182. if (h && h->gen_key) {
  183. rc = h->gen_key(apqns, nr_apqns, keytype, keysubtype,
  184. keybitsize, flags,
  185. keybuf, keybuflen, keyinfo, xflags);
  186. }
  187. pkey_handler_put(h);
  188. return rc;
  189. }
  190. EXPORT_SYMBOL(pkey_handler_gen_key);
  191. int pkey_handler_clr_to_key(const struct pkey_apqn *apqns, size_t nr_apqns,
  192. u32 keytype, u32 keysubtype,
  193. u32 keybitsize, u32 flags,
  194. const u8 *clrkey, u32 clrkeylen,
  195. u8 *keybuf, u32 *keybuflen, u32 *keyinfo,
  196. u32 xflags)
  197. {
  198. const struct pkey_handler *h;
  199. int rc = -ENODEV;
  200. h = pkey_handler_get_keytypebased(keysubtype);
  201. if (h && h->clr_to_key) {
  202. rc = h->clr_to_key(apqns, nr_apqns, keytype, keysubtype,
  203. keybitsize, flags, clrkey, clrkeylen,
  204. keybuf, keybuflen, keyinfo, xflags);
  205. }
  206. pkey_handler_put(h);
  207. return rc;
  208. }
  209. EXPORT_SYMBOL(pkey_handler_clr_to_key);
  210. int pkey_handler_verify_key(const u8 *key, u32 keylen,
  211. u16 *card, u16 *dom,
  212. u32 *keytype, u32 *keybitsize, u32 *flags,
  213. u32 xflags)
  214. {
  215. const struct pkey_handler *h;
  216. int rc = -ENODEV;
  217. h = pkey_handler_get_keybased(key, keylen);
  218. if (h && h->verify_key) {
  219. rc = h->verify_key(key, keylen, card, dom,
  220. keytype, keybitsize, flags, xflags);
  221. }
  222. pkey_handler_put(h);
  223. return rc;
  224. }
  225. EXPORT_SYMBOL(pkey_handler_verify_key);
  226. int pkey_handler_apqns_for_key(const u8 *key, u32 keylen, u32 flags,
  227. struct pkey_apqn *apqns, size_t *nr_apqns,
  228. u32 xflags)
  229. {
  230. const struct pkey_handler *h;
  231. int rc = -ENODEV;
  232. h = pkey_handler_get_keybased(key, keylen);
  233. if (h && h->apqns_for_key)
  234. rc = h->apqns_for_key(key, keylen, flags, apqns, nr_apqns,
  235. xflags);
  236. pkey_handler_put(h);
  237. return rc;
  238. }
  239. EXPORT_SYMBOL(pkey_handler_apqns_for_key);
  240. int pkey_handler_apqns_for_keytype(enum pkey_key_type keysubtype,
  241. u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags,
  242. struct pkey_apqn *apqns, size_t *nr_apqns,
  243. u32 xflags)
  244. {
  245. const struct pkey_handler *h;
  246. int rc = -ENODEV;
  247. h = pkey_handler_get_keytypebased(keysubtype);
  248. if (h && h->apqns_for_keytype) {
  249. rc = h->apqns_for_keytype(keysubtype,
  250. cur_mkvp, alt_mkvp, flags,
  251. apqns, nr_apqns, xflags);
  252. }
  253. pkey_handler_put(h);
  254. return rc;
  255. }
  256. EXPORT_SYMBOL(pkey_handler_apqns_for_keytype);
  257. void pkey_handler_request_modules(void)
  258. {
  259. #ifdef CONFIG_MODULES
  260. static const char * const pkey_handler_modules[] = {
  261. #if IS_MODULE(CONFIG_PKEY_CCA)
  262. "pkey_cca",
  263. #endif
  264. #if IS_MODULE(CONFIG_PKEY_EP11)
  265. "pkey_ep11",
  266. #endif
  267. #if IS_MODULE(CONFIG_PKEY_PCKMO)
  268. "pkey_pckmo",
  269. #endif
  270. #if IS_MODULE(CONFIG_PKEY_UV)
  271. "pkey_uv",
  272. #endif
  273. };
  274. int i;
  275. for (i = 0; i < ARRAY_SIZE(pkey_handler_modules); i++) {
  276. const struct pkey_handler *h;
  277. bool found = false;
  278. rcu_read_lock();
  279. list_for_each_entry_rcu(h, &handler_list, list) {
  280. if (h->module &&
  281. !strcmp(h->module->name, pkey_handler_modules[i])) {
  282. found = true;
  283. break;
  284. }
  285. }
  286. rcu_read_unlock();
  287. if (!found) {
  288. pr_debug("request_module(%s)\n", pkey_handler_modules[i]);
  289. request_module(pkey_handler_modules[i]);
  290. }
  291. }
  292. #endif
  293. }
  294. EXPORT_SYMBOL(pkey_handler_request_modules);
  295. /*
  296. * Module init
  297. */
  298. static int __init pkey_init(void)
  299. {
  300. int rc;
  301. /* init debug feature */
  302. pkey_dbf_info = debug_register("pkey", 1, 1, 5 * sizeof(long));
  303. debug_register_view(pkey_dbf_info, &debug_sprintf_view);
  304. debug_set_level(pkey_dbf_info, 4);
  305. /* the handler registry does not need any init */
  306. rc = pkey_api_init();
  307. if (rc)
  308. debug_unregister(pkey_dbf_info);
  309. return rc;
  310. }
  311. /*
  312. * Module exit
  313. */
  314. static void __exit pkey_exit(void)
  315. {
  316. pkey_api_exit();
  317. }
  318. module_cpu_feature_match(S390_CPU_FEATURE_MSA, pkey_init);
  319. module_exit(pkey_exit);