1. 09 Oct, 2020 2 commits
  2. 07 Oct, 2020 12 commits
    • Julian Wiedmann's avatar
      s390/sie: fix typo in SIGP code description · eefc69a0
      Julian Wiedmann authored
      s/ait address/at address
      Signed-off-by: default avatarJulian Wiedmann <jwi@linux.ibm.com>
      Acked-by: default avatarChristian Borntraeger <borntraeger@de.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      eefc69a0
    • Julian Wiedmann's avatar
      4aa32ee3
    • Harald Freudenberger's avatar
      s390/zcrypt: Introduce Failure Injection feature · 27c4f673
      Harald Freudenberger authored
      Introduce a way to specify additional debug flags with an crpyto
      request to be able to trigger certain failures within the zcrypt
      device drivers and/or ap core code.
      
      This failure injection possibility is only enabled with a kernel debug
      build CONFIG_ZCRYPT_DEBUG) and should never be available on a regular
      kernel running in production environment.
      
      Details:
      
      * The ioctl(ICARSAMODEXPO) get's a struct ica_rsa_modexpo. If the
        leftmost bit of the 32 bit unsigned int inputdatalength field is
        set, the uppermost 16 bits are separated and used as debug flag
        value. The process is checked to have the CAP_SYS_ADMIN capability
        enabled or EPERM is returned.
      
      * The ioctl(ICARSACRT) get's a struct ica_rsa_modexpo_crt. If the
        leftmost bit of the 32 bit unsigned int inputdatalength field is set,
        the uppermost 16 bits are separated and used als debug flag
        value. The process is checked to have the CAP_SYS_ADMIN capability
        enabled or EPERM is returned.
      
      * The ioctl(ZSECSENDCPRB) used to send CCA CPRBs get's a struct
        ica_xcRB. If the leftmost bit of the 32 bit unsigned int status
        field is set, the uppermost 16 bits of this field are used as debug
        flag value. The process is checked to have the CAP_SYS_ADMIN
        capability enabled or EPERM is returned.
      
      * The ioctl(ZSENDEP11CPRB) used to send EP11 CPRBs get's a struct
        ep11_urb. If the leftmost bit of the 64 bit unsigned int req_len
        field is set, the uppermost 16 bits of this field are used as debug
        flag value. The process is checked to have the CAP_SYS_ADMIN
        capability enabled or EPERM is returned.
      
      So it is possible to send an additional 16 bit value to the zcrypt API
      to be used to carry a failure injection command which may trigger
      special behavior within the zcrypt API and layers below. This 16 bit
      value is for the rest of the test referred as 'fi command' for Failure
      Injection.
      
      The lower 8 bits of the fi command construct a numerical argument in
      the range of 1-255 and is the 'fi action' to be performed with the
      request or the resulting reply:
      
      * 0x00 (all requests): No failure injection action but flags may be
        provided which may affect the processing of the request or reply.
      * 0x01 (only CCA CPRBs): The CPRB's agent_ID field is set to
        'FF'. This results in an reply code 0x90 (Transport-Protocol
        Failure).
      * 0x02 (only CCA CPRBs): After the APQN to send to has been chosen,
        the domain field within the CPRB is overwritten with value 99 to
        enforce an reply with RY 0x8A.
      * 0x03 (all requests): At NQAP invocation the invalid qid value 0xFF00
        is used causing an response code of 0x01 (AP queue not valid).
      
      The upper 8 bits of the fi command may carry bit flags which may
      influence the processing of an request or response:
      
      * 0x01: No retry. If this bit is set, the usual loop in the zcrypt API
        which retries an CPRB up to 10 times when the lower layers return
        with EAGAIN is abandoned after the first attempt to send the CPRB.
      * 0x02: Toggle special. Toggles the special bit on this request. This
        should result in an reply code RY~0x41 and result in an ioctl
        failure with errno EINVAL.
      
      This failure injection possibilities may get some further extensions
      in the future. As of now this is a starting point for Continuous Test
      and Integration to trigger some failures and watch for the reaction of
      the ap bus and zcrypt device driver code.
      Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      27c4f673
    • Harald Freudenberger's avatar
      s390/zcrypt: move ap_msg param one level up the call chain · 3730f530
      Harald Freudenberger authored
      Move the creating and disposal of the struct ap_message one
      level up the call chain. The ap message was constructed in the
      calling functions in msgtype50 and msgtype6 but only for the
      ica rsa messages. For CCA and EP11 CPRBs the ap message struct
      is created in the zcrypt api functions.
      
      This patch moves the construction of the ap message struct into
      the functions zcrypt_rsa_modexpo and zcrypt_rsa_crt. So now all
      the 4 zcrypt api functions zcrypt_rsa_modexpo, zcrypt_rsa_crt,
      zcrypt_send_cprb and zcrypt_send_ep11_cprb appear and act
      similar.
      
      There are no functional changes coming with this patch.
      However, the availability of the ap_message struct has
      advantages which will be needed by a follow up patch.
      Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      3730f530
    • Harald Freudenberger's avatar
      s390/ap/zcrypt: revisit ap and zcrypt error handling · e0332629
      Harald Freudenberger authored
      Revisit the ap queue error handling: Based on discussions and
      evaluatios with the firmware folk here is now a rework of the response
      code handling for all the AP instructions. The idea is to distinguish
      between failures because of some kind of invalid request where a retry
      does not make any sense and a failure where another attempt to send
      the very same request may succeed. The first case is handled by
      returning EINVAL to the userspace application. The second case results
      in retries within the zcrypt API controlled by a per message retry
      counter.
      
      Revisit the zcrpyt error handling: Similar here, based on discussions
      with the firmware people here comes a rework of the handling of all
      the reply codes.  Main point here is that there are only very few
      cases left, where a zcrypt device queue is switched to offline. It
      should never be the case that an AP reply message is 'unknown' to the
      device driver as it indicates a total mismatch between device driver
      and crypto card firmware. In all other cases, the code distinguishes
      between failure because of invalid message (see above - EINVAL) or
      failures of the infrastructure (see above - EAGAIN).
      Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      e0332629
    • Harald Freudenberger's avatar
      s390/ap: Support AP card SCLP config and deconfig operations · 5caa2af9
      Harald Freudenberger authored
      Support SCLP AP adapter config and deconfig operations:
      The sysfs deconfig attribute /sys/devices/ap/cardxx/deconfig
      for each AP card is now read-write. Writing in a '1' triggers
      a synchronous SCLP request to configure the adapter, writing
      in a '0' sends a synchronous SCLP deconfigure request.
      Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      5caa2af9
    • Harald Freudenberger's avatar
      s390/sclp: Add support for SCLP AP adapter config/deconfig · 0671cc10
      Harald Freudenberger authored
      Add support for AP bus adapter config and deconfig to the sclp
      core code. The code is statically build into the kernel when
      ZCRYPT is configured either as module or with static support.
      
      This is the base functionality for having configure/deconfigure
      support in the AP bus and card code. Another patch will exploit
      this soon.
      Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
      Suggested-by: default avatarPierre Morel <pmorel@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      0671cc10
    • Harald Freudenberger's avatar
      s390/ap: add card/queue deconfig state · 4f2fcccd
      Harald Freudenberger authored
      This patch adds a new config state to the ap card and queue
      devices. This state reflects the response code
      0x03 "AP deconfigured" on TQAP invocation and is tracked with
      every ap bus scan.
      
      Together with this new state now a card/queue device which
      is 'deconfigured' is not disposed any more. However, for backward
      compatibility the online state now needs to take this state into
      account. So a card/queue is offline when the device is not configured.
      Furthermore a device can't get switched from offline to online state
      when not configured.
      
      The config state is shown in sysfs at
        /sys/devices/ap/cardxx/config
      for the card and
        /sys/devices/ap/cardxx/xx.yyyy/config
      for each queue within each card.
      It is a read-only attribute reflecting the negation of the
      'AP deconfig' state as it is noted in the AP documents.
      Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      4f2fcccd
    • Harald Freudenberger's avatar
      s390/ap: add error response code field for ap queue devices · 2ea2a609
      Harald Freudenberger authored
      On AP instruction failures the last response code is now
      kept in the struct ap_queue. There is also a new sysfs
      attribute showing this field (enabled only on debug kernels).
      
      Also slight rework of the AP_DBF macros to get some more
      content into one debug feature message line.
      Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      2ea2a609
    • Harald Freudenberger's avatar
      s390/ap: split ap queue state machine state from device state · 0b641cbd
      Harald Freudenberger authored
      The state machine for each ap queue covered a mixture of
      device states and state machine (firmware queue state) states.
      
      This patch splits the device states and the state machine
      states into two different enums and variables. The major
      state is the device state with currently these values:
      
        AP_DEV_STATE_UNINITIATED - fresh and virgin, not touched
        AP_DEV_STATE_OPERATING   - queue dev is working normal
        AP_DEV_STATE_SHUTDOWN	   - remove/unbind/shutdown in progress
        AP_DEV_STATE_ERROR	   - device is in error state
      
      only when the device state is > UNINITIATED the state machine
      is run. The state machine represents the states of the firmware
      queue:
      
        AP_SM_STATE_RESET_START - starting point, reset (RAPQ) ap queue
        AP_SM_STATE_RESET_WAIT  - reset triggered, waiting to be finished
      			    if irqs enabled, set up irq (AQIC)
        AP_SM_STATE_SETIRQ_WAIT - enable irq triggered, waiting to be
      			    finished, then go to IDLE
        AP_SM_STATE_IDLE	  - queue is operational but empty
        AP_SM_STATE_WORKING	  - queue is operational, requests are stored
      			    and replies may wait for getting fetched
        AP_SM_STATE_QUEUE_FULL  - firmware queue is full, so only replies
      			    can get fetched
      
      For debugging each ap queue shows a sysfs attribute 'states' which
      displays the device and state machine state and is only available
      when the kernel is build with CONFIG_ZCRYPT_DEBUG enabled.
      Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      0b641cbd
    • Harald Freudenberger's avatar
      s390/zcrypt: New config switch CONFIG_ZCRYPT_DEBUG · 0ae88ccf
      Harald Freudenberger authored
      Introduce a new config switch CONFIG_ZCRYPT_DEBUG which
      will be used to enable some features for debugging the
      zcrypt device driver and ap bus system:
      
      Another patch will use this for displaying ap card and
      ap queue state information via sysfs attribute.
      
      A furher patch will use this to enable some special
      treatment for some fields of an crypto request to be able
      to inject failures and so help debugging with regards
      to handling of failures.
      Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      0ae88ccf
    • Harald Freudenberger's avatar
      s390/zcrypt: introduce msg tracking in zcrypt functions · 91ffc519
      Harald Freudenberger authored
      Introduce a new internal struct zcrypt_track with an retry counter
      field and a last return code field. Fill and update these fields at
      certain points during processing of an request/reply. This tracking
      info is then used to
      - avoid trying to resend the message forever. Now each message is
        tried to be send TRACK_AGAIN_MAX (currently 10) times and then the
        ioctl returns to userspace with errno EAGAIN.
      - avoid trying to resend the message on the very same card/domain. If
        possible (more than one APQN with same quality) don't use the very
        same qid as the previous attempt when again scheduling the request.
        This is done by adding penalty weight values when the dispatching
        takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for
        using the same card as previously and another penalty define
        TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid
        as the previous sent attempt is calculated. Both values make it
        harder to choose the very same card/domain but not impossible. For
        example when only one APQN is available a resend can only address the
        very same APQN.
      
      There are some more ideas for the future to extend the use of this
      tracking information. For example the last response code at NQAP and
      DQAP could be stored there, giving the possibility to extended tracing
      and debugging about requests failing to get processed properly.
      Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      91ffc519
  3. 02 Oct, 2020 7 commits
  4. 30 Sep, 2020 8 commits
    • Vasily Gorbik's avatar
      s390: remove orphaned function declarations · 402e9228
      Vasily Gorbik authored
      arch/s390/pci/pci_bus.h: zpci_bus_init - only declaration left after
      commit 05bc1be6 ("s390/pci: create zPCI bus")
      
      arch/s390/include/asm/gmap.h: gmap_pte_notify - only declaration left
      after commit 4be130a0 ("s390/mm: add shadow gmap support")
      
      arch/s390/include/asm/pgalloc.h: rcu_table_freelist_finish - only
      declaration left after commit 36409f63 ("[S390] use generic RCU
      page-table freeing code")
      
      arch/s390/include/asm/tlbflush.h: smp_ptlb_all - only declaration left
      after commit 5a79859a ("s390: remove 31 bit support")
      
      arch/s390/include/asm/vtimer.h: init_cpu_vtimer - only declaration left
      after commit b5f87f15 ("s390/idle: consolidate idle functions and
      definitions")
      
      arch/s390/include/asm/pci.h: zpci_debug_info - only declaration left
      after commit 386aa051 ("s390/pci: remove per device debug attribute")
      
      arch/s390/include/asm/vdso.h: vdso_alloc_boot_cpu - only declaration
      left after commit 4bff8cb5 ("s390: convert to GENERIC_VDSO")
      
      arch/s390/include/asm/smp.h: smp_vcpu_scheduled - only declaration left
      after commit 67626fad ("s390: enforce CONFIG_SMP")
      
      arch/s390/kernel/entry.h: restart_call_handler - only declaration left
      after commit 8b646bd7 ("[S390] rework smp code")
      
      arch/s390/kernel/entry.h: startup_init_nobss - only declaration left
      after commit 2e83e0eb ("s390: clean .bss before running uncompressed
      kernel")
      
      arch/s390/kernel/entry.h: s390_early_resume - only declaration left after
      commit 39421627 ("s390: remove broken hibernate / power management
      support")
      
      drivers/s390/char/raw3270.h: raw3270_request_alloc_bootmem - only
      declaration left after commit 33403dcf ("[S390] 3270 console:
      convert from bootmem to slab")
      
      drivers/s390/cio/device.h: ccw_device_schedule_sch_unregister - only
      declaration left after commit 37de53bb ("[S390] cio: introduce ccw
      device todos")
      
      drivers/s390/char/tape.h: tape_hotplug_event - has only declaration
      since recorded git history.
      
      drivers/s390/char/tape.h: tape_oper_handler - has only declaration since
      recorded git history.
      
      drivers/s390/char/tape.h: tape_noper_handler - has only declaration
      since recorded git history.
      
      drivers/s390/char/tape_std.h: tape_std_check_locate - only declaration
      left after commit 161beff8 ("s390/tape: remove tape block leftovers")
      
      drivers/s390/char/tape_std.h: tape_std_default_handler - has only
      declaration since recorded git history.
      
      drivers/s390/char/tape_std.h: tape_std_unexpect_uchk_handler - has only
      declaration since recorded git history.
      
      drivers/s390/char/tape_std.h: tape_std_irq - has only declaration since
      recorded git history.
      
      drivers/s390/char/tape_std.h: tape_std_error_recovery - has only
      declaration since recorded git history.
      
      drivers/s390/char/tape_std.h: tape_std_error_recovery_has_failed -
      has only declaration since recorded git history.
      
      drivers/s390/char/tape_std.h: tape_std_error_recovery_succeded - has
      only declaration since recorded git history.
      
      drivers/s390/char/tape_std.h: tape_std_error_recovery_do_retry - has
      only declaration since recorded git history.
      
      drivers/s390/char/tape_std.h: tape_std_error_recovery_read_opposite -
      has only declaration since recorded git history.
      
      drivers/s390/char/tape_std.h: tape_std_error_recovery_HWBUG - has only
      declaration since recorded git history.
      Reviewed-by: default avatarSven Schnelle <svens@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      402e9228
    • Vasily Gorbik's avatar
      s390/startup: add kaslr_offset to pgm check info print · 3ca8b855
      Vasily Gorbik authored
      startup pgm check handler is active since the very beginning of kernel
      code execution until uncompressed kernel sets up s390_base_pgm_handler.
      
      It is useful not just for the decompressor debugging itself, but also for
      early code of uncompressed kernel, in particular Kasan initialization. But
      since there is no stack trace or symbolic representation of failing psw
      address it is impossible to figure out faulty code location without
      knowing Kaslr kernel base. So, let's add it to the startup pgm check
      info printed as well.
      Reviewed-by: default avatarSven Schnelle <svens@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      3ca8b855
    • Vasily Gorbik's avatar
      s390/sclp: remove orphaned sclp_set_columns and sclp_set_htab · 3372e88b
      Vasily Gorbik authored
      sclp_set_columns and sclp_set_htab are leftovers since commit 095761d2
      ("[S390] sclp_tty: remove ioctl interface."), remove them as a dead code.
      Reviewed-by: default avatarSven Schnelle <svens@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      3372e88b
    • Vasily Gorbik's avatar
      s390/sclp_sdias: remove unused sclp_sdias_exit · f980ec9e
      Vasily Gorbik authored
      sclp_sdias cannot be built as a module, CRASH_DUMP option is a bool not a
      tristate. zcore_exit() has already been removed with commit cbe62fac
      ("s390: char: make zcore explicitly non-modular"). Remove orphaned
      sclp_sdias_exit for consistency as well.
      Reviewed-by: default avatarSven Schnelle <svens@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      f980ec9e
    • Vasily Gorbik's avatar
      s390/startup: correct "dfltcc" option parsing · 86cde618
      Vasily Gorbik authored
      Currently if just "dfltcc" is passed as a kernel command line option
      "val" going to be NULL, this leads to reading at address 0 in
      strcmp(val, "off")
      
      Fix that by making sure "val" is not NULL. This does not affect option
      handling logic.
      Reviewed-by: default avatarSven Schnelle <svens@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      86cde618
    • Vasily Gorbik's avatar
      s390/vdso: remove orphaned declarations · 3731ac57
      Vasily Gorbik authored
      Remove couple of declarations which are unused since commit 4bff8cb5
      ("s390: convert to GENERIC_VDSO").
      Acked-by: default avatarSven Schnelle <svens@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      3731ac57
    • Vasily Gorbik's avatar
      s390/cio: remove unused channel_subsystem_reinit · 54530ce6
      Vasily Gorbik authored
      Added with commit 77e844b9 ("s390/hibernate: add early resume
      function") unused since commit 39421627 ("s390: remove broken
      hibernate / power management support").
      Reviewed-by: default avatarVineeth Vijayan <vneethv@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      54530ce6
    • Sven Schnelle's avatar
      s390: remove cad commandline option · ad3e6948
      Sven Schnelle authored
      remove the cad command line option as the instruction was never
      published and never used by userspace.
      Signed-off-by: default avatarSven Schnelle <svens@linux.ibm.com>
      Reviewed-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      Acked-by: default avatarChristian Borntraeger <borntraeger@de.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      ad3e6948
  5. 29 Sep, 2020 5 commits
  6. 26 Sep, 2020 6 commits