Commit Graph

4777 Commits

Author SHA1 Message Date
David S. Miller 9f6e055907 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
The mptcp conflict was overlapping additions.

The SMC conflict was an additional and removal happening at the same
time.

Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-27 18:31:39 -08:00
Julian Wiedmann 562cf77363 s390/qeth: support configurable RX copybreak
Implement the ethtool hooks for the ETHTOOL_RX_COPYBREAK tunable.

The copybreak is stored into netdev_priv, so that we automatically go
back to the default value if the netdev is re-allocated.

Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-27 11:15:13 -08:00
Julian Wiedmann 3d35dbe622 s390/qeth: don't check for IFF_UP when scheduling napi
Trust the napi_disable() in qeth_stop() to handle this.

Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-27 11:15:13 -08:00
Julian Wiedmann 3a5bad64db s390/qeth: don't re-start read cmd when IDX has terminated
Once the IDX connection is down, there's no point in trying to issue
more IOs.

Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-27 11:15:13 -08:00
Julian Wiedmann 7f23d55f49 s390/qeth: reset seqnos on connection startup
This let's us start every new IDX connection with clean seqnos.

Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-27 11:15:13 -08:00
Julian Wiedmann d74e5e84f2 s390/qeth: remove unused cmd definitions
Looks like these were never used, ever since the driver was initially
added.

Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Reviewed-by: Alexandra Winter <wintera@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-27 11:15:12 -08:00
Julian Wiedmann 13bf829581 s390/qeth: validate device-provided MAC address
It's good practice to not blindly trust what the HW offers.

Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Reviewed-by: Alexandra Winter <wintera@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-27 11:15:12 -08:00
Julian Wiedmann 9c6dc7af85 s390/qeth: clean up CREATE_ADDR cmd code
Properly define the cmd's struct to get rid of some casts and accesses
at magic offsets.

Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Reviewed-by: Alexandra Winter <wintera@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-27 11:15:12 -08:00
Julian Wiedmann 6bbfece5a4 s390/qeth: remove dead code in qeth_l3_iqd_read_initial_mac()
card->info.unique_id is always 0 for IQD devices, so don't bother with
copying it into the 0-initialized cmd.

Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Reviewed-by: Alexandra Winter <wintera@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-27 11:15:12 -08:00
Linus Torvalds 591dd4c101 s390 updates for 5.6-rc3
- Remove ieee_emulation_warnings sysctl which is a dead code.
 
 - Avoid triggering rebuild of the kernel during make install.
 
 - Enable protected virtualization guest support in default configs.
 
 - Fix cio_ignore seq_file .next function to increase position index. And
   use kobj_to_dev instead of container_of in cio code.
 
 - Fix storage block address lists to contain absolute addresses in
   qdio code.
 
 - Few clang warnings and spelling fixes.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEE3QHqV+H2a8xAv27vjYWKoQLXFBgFAl5RI0sACgkQjYWKoQLX
 FBig0Af/bJjFspbGFN+YEO+XM3AbURu0lHxq25r0EoSEc9acfS5nMrUk7OhNktND
 w+m/PoyOg8elB3LDkalz9IP6CZANSSoGV5aKyg3Wp06Wu//DdwAMJWqFOyosJ89z
 zVOSGgX3zHFarodS4suDPTEdDEcSMVVvqnz1A81dQD9QNWyVCutqYABj3OEittOD
 EBYchT7Qs/ObwbP+RaUa0swbrq11P8hZSAblbjkbuFpw45CdQ6rFoyJO1Tccuyh7
 puNlPLpkDI15RNxC+vh+4NItcxPcIL+Qa0kltbQJLq7aq/UqLNF02vLjWluH4hG6
 i6+ZzsIra5gdtdf2cPFiKo7EagpQ2w==
 =CRBt
 -----END PGP SIGNATURE-----

Merge tag 's390-5.6-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 fixes from Vasily Gorbik:

 - Remove ieee_emulation_warnings sysctl which is a dead code.

 - Avoid triggering rebuild of the kernel during make install.

 - Enable protected virtualization guest support in default configs.

 - Fix cio_ignore seq_file .next function to increase position index.
   And use kobj_to_dev instead of container_of in cio code.

 - Fix storage block address lists to contain absolute addresses in qdio
   code.

 - Few clang warnings and spelling fixes.

* tag 's390-5.6-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/qdio: fill SBALEs with absolute addresses
  s390/qdio: fill SL with absolute addresses
  s390: remove obsolete ieee_emulation_warnings
  s390: make 'install' not depend on vmlinux
  s390/kaslr: Fix casts in get_random
  s390/mm: Explicitly compare PAGE_DEFAULT_KEY against zero in storage_key_init_range
  s390/pkey/zcrypt: spelling s/crytp/crypt/
  s390/cio: use kobj_to_dev() API
  s390/defconfig: enable CONFIG_PROTECTED_VIRTUALIZATION_GUEST
  s390/cio: cio_ignore_proc_seq_next should increase position index
2020-02-22 10:43:41 -08:00
Linus Torvalds 3dc55dba67 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from David Miller:

 1) Limit xt_hashlimit hash table size to avoid OOM or hung tasks, from
    Cong Wang.

 2) Fix deadlock in xsk by publishing global consumer pointers when NAPI
    is finished, from Magnus Karlsson.

 3) Set table field properly to RT_TABLE_COMPAT when necessary, from
    Jethro Beekman.

 4) NLA_STRING attributes are not necessary NULL terminated, deal wiht
    that in IFLA_ALT_IFNAME. From Eric Dumazet.

 5) Fix checksum handling in atlantic driver, from Dmitry Bezrukov.

 6) Handle mtu==0 devices properly in wireguard, from Jason A.
    Donenfeld.

 7) Fix several lockdep warnings in bonding, from Taehee Yoo.

 8) Fix cls_flower port blocking, from Jason Baron.

 9) Sanitize internal map names in libbpf, from Toke Høiland-Jørgensen.

10) Fix RDMA race in qede driver, from Michal Kalderon.

11) Fix several false lockdep warnings by adding conditions to
    list_for_each_entry_rcu(), from Madhuparna Bhowmik.

12) Fix sleep in atomic in mlx5 driver, from Huy Nguyen.

13) Fix potential deadlock in bpf_map_do_batch(), from Yonghong Song.

14) Hey, variables declared in switch statement before any case
    statements are not initialized. I learn something every day. Get
    rids of this stuff in several parts of the networking, from Kees
    Cook.

* git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (99 commits)
  bnxt_en: Issue PCIe FLR in kdump kernel to cleanup pending DMAs.
  bnxt_en: Improve device shutdown method.
  net: netlink: cap max groups which will be considered in netlink_bind()
  net: thunderx: workaround BGX TX Underflow issue
  ionic: fix fw_status read
  net: disable BRIDGE_NETFILTER by default
  net: macb: Properly handle phylink on at91rm9200
  s390/qeth: fix off-by-one in RX copybreak check
  s390/qeth: don't warn for napi with 0 budget
  s390/qeth: vnicc Fix EOPNOTSUPP precedence
  openvswitch: Distribute switch variables for initialization
  net: ip6_gre: Distribute switch variables for initialization
  net: core: Distribute switch variables for initialization
  udp: rehash on disconnect
  net/tls: Fix to avoid gettig invalid tls record
  bpf: Fix a potential deadlock with bpf_map_do_batch
  bpf: Do not grab the bucket spinlock by default on htab batch ops
  ice: Wait for VF to be reset/ready before configuration
  ice: Don't tell the OS that link is going down
  ice: Don't reject odd values of usecs set by user
  ...
2020-02-21 11:59:51 -08:00
Julian Wiedmann 54a61fbc02 s390/qeth: fix off-by-one in RX copybreak check
The RX copybreak is intended as the _max_ value where the frame's data
should be copied. So for frame_len == copybreak, don't build an SG skb.

Fixes: 4a71df5004 ("qeth: new qeth device driver")
Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-20 10:30:47 -08:00
Julian Wiedmann 420579dba1 s390/qeth: don't warn for napi with 0 budget
Calling napi->poll() with 0 budget is a legitimate use by netpoll.

Fixes: a1c3ed4c9c ("qeth: NAPI support for l2 and l3 discipline")
Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-20 10:30:47 -08:00
Alexandra Winter 6f3846f095 s390/qeth: vnicc Fix EOPNOTSUPP precedence
When getting or setting VNICC parameters, the error code EOPNOTSUPP
should have precedence over EBUSY.

EBUSY is used because vnicc feature and bridgeport feature are mutually
exclusive, which is a temporary condition.
Whereas EOPNOTSUPP indicates that the HW does not support all or parts of
the vnicc feature.
This issue causes the vnicc sysfs params to show 'blocked by bridgeport'
for HW that does not support VNICC at all.

Fixes: caa1f0b10d ("s390/qeth: add VNICC enable/disable support")
Signed-off-by: Alexandra Winter <wintera@linux.ibm.com>
Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-20 10:30:47 -08:00
Julian Wiedmann 2db01da8d2 s390/qdio: fill SBALEs with absolute addresses
sbale->addr holds an absolute address (or for some FCP usage, an opaque
request ID), and should only be used with proper virt/phys translation.

Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Reviewed-by: Benjamin Block <bblock@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-02-19 17:26:32 +01:00
Julian Wiedmann e9091ffd6a s390/qdio: fill SL with absolute addresses
As the comment says, sl->sbal holds an absolute address. qeth currently
solves this through wild casting, while zfcp doesn't care.

Handle this properly in the code that actually builds the SL.

Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Reviewed-by: Alexandra Winter <wintera@linux.ibm.com>
Reviewed-by: Steffen Maier <maier@linux.ibm.com> [for qdio]
Reviewed-by: Benjamin Block <bblock@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-02-19 17:26:32 +01:00
Geert Uytterhoeven 05ccaca003 s390/pkey/zcrypt: spelling s/crytp/crypt/
Fix typos in a comments.

Link: https://lkml.kernel.org/r/20200212084622.9219-1-geert+renesas@glider.be
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-02-17 18:01:57 +01:00
chenqiwu 0d730b57b9 s390/cio: use kobj_to_dev() API
Use kobj_to_dev() API instead of container_of().

Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: chenqiwu <chenqiwu@xiaomi.com>
Signed-off-by: chenqiwu <qiwuchen55@gmail.com>
Message-Id: <1581688293-17283-1-git-send-email-qiwuchen55@gmail.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-02-17 18:01:57 +01:00
Vasily Averin 8b101a5e14 s390/cio: cio_ignore_proc_seq_next should increase position index
if seq_file .next fuction does not change position index,
read after some lseek can generate unexpected output.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=206283
Link: https://lore.kernel.org/r/d44c53a7-9bc1-15c7-6d4a-0c10cb9dffce@virtuozzo.com
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-02-17 18:01:57 +01:00
Vasily Gorbik 2c25b3f68e fix style of SPDX License Identifier
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEw9DWbcNiT/aowBjO3s9rk8bwL68FAl48RFESHGNvaHVja0By
 ZWRoYXQuY29tAAoJEN7Pa5PG8C+vsoUP/0Dqi1V0s9fyPSRwClVUN43YvsARZ+xM
 guge21HSllvOY/IysAagVmnbuWCayLj18GOFm/B+rC5G86o/6/9a7RGcWZJF0Foh
 RcGdjpCU8B7fOAYZIauT53dvpOoe/EPjGSkXBhdOttHjQQdkMXwMN6K6L5z5VidF
 3F+vTz8dmQKH3n79q2NvoXoIuw+dK1y/cE7TSToqox3DaMBWsomaZwIzcmBOJnQF
 IZeM2caarMgbbGCRElJ6TOlL1DvxqBrwdNf9wpzGt3JJY2SmGPYsF4DKo3ysQLR4
 fn4OtLW0G76w1L3LizFj0kNQh7m/0I1n1GYSU5sXlDnObusB6QptXu272d2yYDP3
 2zbiuNcv4DjVfMQGi+qAkAbghSxdZfQS/yhierRAw4aX/WccTMBCf5bvuzZPYu78
 LuoRQrh2T9/n7qOaCkJ+dhIM1T6i6Wk6mfluABRxz+ISBjB7AznB2j15uP6fqu97
 wopRpU8izj7XrpIofXAa2wPmkJj3Bc6iupwB9j5QryIiKxHxZtbM/K+PwxweX9Zc
 40QhNc6l2a54FJwdLmZY7UYcCYdf2eZcg2l6IWP/9xQ6UINbc0dC1SvivrWvEmiy
 BRNtYawEEVYqfkCqkxpw+ZMwanZwk7rSkpsMqgicnRAHAgklGbgcs8wurDpVLlE+
 ocEXXyuJo5Su
 =u3m0
 -----END PGP SIGNATURE-----

Merge tag 'vfio-ccw-20200206' of https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/vfio-ccw into HEAD

fix style of SPDX License Identifier

* tag 'vfio-ccw-20200206' of https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/vfio-ccw:
  vfio-ccw: Use the correct style for SPDX License Identifier

Link: https://lkml.kernel.org/r/20200206170331.1032-1-cohuck@redhat.com
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-02-11 20:14:28 +01:00
Julian Wiedmann 11f0446534 s390/qdio: don't allocate *aob array with GFP_ATOMIC
The only way to reach this allocation is via

qdio_establish()
  qdio_detect_hsicq()
    qdio_enable_async_operation()

and since qdio_establish() uses wait_event_*() just a few lines ealier,
we can trust that it certainly is never called from atomic context.

Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Reviewed-by: Steffen Maier <maier@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-02-11 20:14:12 +01:00
Julian Wiedmann 0b6f499022 s390/qdio: simplify ACK tracking
Current code uses a 'polling' flag to keep track of whether an Input
Queue has any ACKed SBALs. QEBSM devices might have multiple ACKed
SBALs, and those are tracked separately with 'ack_count'.

By also setting ack_count for non-QEBSM devices (to a fixed value of 1),
we can use 'ack_count != 0' as replacement for the polling flag.

Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-02-10 12:49:35 +01:00
Harald Freudenberger fcd98d4002 s390/zcrypt: fix card and queue total counter wrap
The internal statistic counters for the total number of
requests processed per card and per queue used integers. So they do
wrap after a rather huge amount of crypto requests processed. This
patch introduces uint64 counters which should hold much longer but
still may wrap. The sysfs attributes request_count for card and queue
also used only %ld and now display the counter value with %llu.

This is not a security relevant fix. The int overflow which happened
is not in any way exploitable as a security breach.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-02-10 12:49:35 +01:00
Harald Freudenberger aab73d278d s390/pkey: fix missing length of protected key on return
The pkey ioctl call PKEY_SEC2PROTK updates a struct pkey_protkey
on return. The protected key is stored in, the protected key type
is stored in but the len information was not updated. This patch
now fixes this and so the len field gets an update to refrect
the actual size of the protected key value returned.

Fixes: efc598e6c8 ("s390/zcrypt: move cca misc functions to new code file")
Cc: Stable <stable@vger.kernel.org>
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reported-by: Christian Rund <RUNDC@de.ibm.com>
Suggested-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-02-10 12:49:35 +01:00
Linus Torvalds cfb4b571e8 s390 updates for the 5.6 merge window #2
- Add KPROBES_ON_FTRACE support.
 
 - Add EP11 AES secure keys support.
 
 - PAES rework and prerequisites for paes-s390 ciphers selftests.
 
 - Fix page table upgrade for hugetlbfs.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEE3QHqV+H2a8xAv27vjYWKoQLXFBgFAl465KkACgkQjYWKoQLX
 FBiR/wf/e+Fj/mDYHElcZ55MWaORBpp8NT94IYSt0RbII1PEh9cB8NciYLQdFFmc
 bUlNj7u3fHwk1D8S3pOSYKhIaHQQOWDqd/uNTzbCicbbVhuwmslLc+jffnORtlKe
 mCHeQsVAw3NwE8FIPhPMTAKBZV0pLkM4T9PA2xgeuB5cShoMgXgLgUoIwHJ4c2TP
 WwnolIJ/QR0nKpmPI5lp0+PjjSk/8nA/VvmpxgYbJCTQm8dhwhAfePh8Kf6pEp6K
 wETUaIyWkX1a+kI9h2qIBsR7KplqqrKABA5sxnPDQW/kut1Pc/2fWxMOBxux0f/V
 Kk+f6yoVbe7X6VYm+V4AyyAzQMRggQ==
 =9Eeg
 -----END PGP SIGNATURE-----

Merge tag 's390-5.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull more s390 updates from Vasily Gorbik:
 "The second round of s390 fixes and features for 5.6:

   - Add KPROBES_ON_FTRACE support

   - Add EP11 AES secure keys support

   - PAES rework and prerequisites for paes-s390 ciphers selftests

   - Fix page table upgrade for hugetlbfs"

* tag 's390-5.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/pkey/zcrypt: Support EP11 AES secure keys
  s390/zcrypt: extend EP11 card and queue sysfs attributes
  s390/zcrypt: add new low level ep11 functions support file
  s390/zcrypt: ep11 structs rework, export zcrypt_send_ep11_cprb
  s390/zcrypt: enable card/domain autoselect on ep11 cprbs
  s390/crypto: enable clear key values for paes ciphers
  s390/pkey: Add support for key blob with clear key value
  s390/crypto: Rework on paes implementation
  s390: support KPROBES_ON_FTRACE
  s390/mm: fix dynamic pagetable upgrade for hugetlbfs
2020-02-05 17:33:35 +00:00
Alexey Dobriyan 97a32539b9 proc: convert everything to "struct proc_ops"
The most notable change is DEFINE_SHOW_ATTRIBUTE macro split in
seq_file.h.

Conversion rule is:

	llseek		=> proc_lseek
	unlocked_ioctl	=> proc_ioctl

	xxx		=> proc_xxx

	delete ".owner = THIS_MODULE" line

[akpm@linux-foundation.org: fix drivers/isdn/capi/kcapi_proc.c]
[sfr@canb.auug.org.au: fix kernel/sched/psi.c]
  Link: http://lkml.kernel.org/r/20200122180545.36222f50@canb.auug.org.au
Link: http://lkml.kernel.org/r/20191225172546.GB13378@avx2
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-02-04 03:05:26 +00:00
Harald Freudenberger 55d0a513a0 s390/pkey/zcrypt: Support EP11 AES secure keys
Extend the low level ep11 misc functions implementation by
several functions to support EP11 key objects for paes and pkey:
- EP11 AES secure key generation
- EP11 AES secure key generation from given clear key value
- EP11 AES secure key blob check
- findcard function returns list of apqns based on given criterias
- EP11 AES secure key derive to CPACF protected key

Extend the pkey module to be able to generate and handle EP11
secure keys and also use them as base for deriving protected
keys for CPACF usage. These ioctls are extended to support
EP11 keys: PKEY_GENSECK2, PKEY_CLR2SECK2, PKEY_VERIFYKEY2,
PKEY_APQNS4K, PKEY_APQNS4KT, PKEY_KBLOB2PROTK2.

Additionally the 'clear key' token to protected key now uses
an EP11 card if the other ways (via PCKMO, via CCA) fail.

The PAES cipher implementation needed a new upper limit for
the max key size, but is now also working with EP11 keys.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-01-30 13:07:56 +01:00
Harald Freudenberger a17becc112 s390/zcrypt: extend EP11 card and queue sysfs attributes
This patch introduces new sysfs attributes for EP11 cards
and queues:

An EP11 card gets four new sysfs attributes:

/sys/devices/ap/cardxx/API_ordinalnr
  The EP11 card firmware API ordinal number.

/sys/devices/ap/cardxx/FW_version
  The EP11 card firmware major and minor version.

/sys/devices/ap/cardxx/serialnr
  Displays the serial number of the EP11 card. The serial
  number is a 16 character string unique for this EP11 card.

/sys/devices/ap/cardxx/op_modes
  Displays operation modes for this EP11 card. Known operation
  modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017.

The EP11 queues get two new sysfs attributes:

/sys/devices/ap/cardxx/xx.yyyy/mkvps
  Displays information about the master key(s) states and
  verification patterns. Two lines are displayed:

  WK CUR: <wk_cur_state> <wk_cur_vp>
  WK NEW: <wk_new_state> <wk_new_vp>

  with

  <wk_cur_state>: 'invalid' or 'valid'
  <wk_new_state>: 'empty' or 'uncommitted' or 'committed'
  <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern

/sys/devices/ap/cardxx/xx.yyyy/op_modes
  Displays operation modes for this EP11 queue. Known operation
  modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017.

The card information displayed with the sysfs attributes is fresh
fetched from the card if the card is online, otherwise cached values
are used. The queue information displayed with the sysfs attributes is
always fetched on the fly and not cached. So each read of any of these
sysfs attributes will cause an request/reply CPRB communication with
the EP11 crypto card. The queue attributes address the corresponding
EP11 domain within the EP11 card. The card attributes addresses any
domain within the EP11 card (subject to the dispatch algorithm within
the zcrypt device driver). If the addressed domain is offline or for
card addressing all domains are offline the attributes will display
'-' for state and verification patterns and an empty string for op
mode, serial number, API_ordinalnr and FW_version.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-01-30 13:07:56 +01:00
Harald Freudenberger 7384eb725e s390/zcrypt: add new low level ep11 functions support file
This patch introduces two new files which provide some
low level functions to interact with EP11 crypto cards:

ep11_get_card_info() sends an EP11 query module info CPRB to the
  addressed card, processes the returning reply and exposes some of
  the information returned in the new ep11_card_info struct.

ep11_get_domain_info() sends an EP11 query domain info CPRB to the
  addressed card/queue, processes the returning reply and exposes some
  of the information returned in the new ep11_domain_info struct.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-01-30 13:07:55 +01:00
Harald Freudenberger a7367997ab s390/zcrypt: ep11 structs rework, export zcrypt_send_ep11_cprb
Minor rework for struct ep11_cprb and struct ep11_urb. Use of u8, u16,
u32 instead of unsigned char. Declare pointers to mem from userspace
with __user to give sparse a chance to check.

Export zcrypt_send_ep11_cprb() function as this function will be
called by code in progress which will build ep11 cprbs within the
zcrypt device driver zoo and send them to EP11 crypto cards.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-01-30 13:07:55 +01:00
Harald Freudenberger 8f291ebf32 s390/zcrypt: enable card/domain autoselect on ep11 cprbs
For EP11 CPRBs there was only to choose between specify
one or more ep11 targets or not give a target at all. Without
any target the zcrypt code assumed AUTOSELECT. For EP11 this
ended up in choosing any EP11 APQN with regards to the weight.

However, CCA CPRBs can have a more fine granular target
addressing. The caller can give 0xFFFF as AUTOSELECT for
the card and/or the domain. So it's possible to address
any card but domain given or any domain but card given.

This patch now introduces the very same for EP11 CPRB handling.
An EP11 target entry now may contain 0xFFFF as card and/or
domain value with the meaning of ANY card or domain. So
now the same behavior as with CCA CPRBs becomes possible:
Address any card with given domain or address any domain within
given card.

For convenience the zcrypt.h header file now has two new
defines AUTOSEL_AP and AUTOSEL_DOM covering the 0xFFFF
value to address card any and domain any.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-01-30 13:07:55 +01:00
Harald Freudenberger 888edbc488 s390/pkey: Add support for key blob with clear key value
This patch adds support for a new key blob format to the
pkey kernel module. The new key blob comprises a clear
key value together with key type information.

The implementation tries to derive an protected key
from the blob with the clear key value inside with
1) the PCKMO instruction. This may fail as the LPAR
   profile may disable this way.
2) Generate an CCA AES secure data key with exact the
   clear key value. This requires to have a working
   crypto card in CCA Coprocessor mode. Then derive
   an protected key from the CCA AES secure key again
   with the help of a working crypto card in CCA mode.
If both way fail, the transformation of the clear key
blob into a protected key will fail. For the PAES cipher
this would result in a failure at setkey() invocation.

A clear key value exposed in main memory is a security
risk. The intention of this new 'clear key blob' support
for pkey is to provide self-tests for the PAES cipher key
implementation. These known answer tests obviously need
to be run with well known key values. So with the clear
key blob format there is a way to provide knwon answer
tests together with an pkey clear key blob for the
in-kernel self tests done at cipher registration.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-01-30 13:07:55 +01:00
Julian Wiedmann 17d9723e69 s390/qeth: remove HARDSETUP state
qeth_l?_stop_card() is _never_ called while in HARDSETUP state, and
there's no other usage of the card state that relies on the
DOWN -> HARDSETUP -> SOFTSETUP transition.

As related cleanup, remove the check in qeth_realloc_buffer_pool() as it
is already done by the callers.

Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-26 15:20:32 +01:00
Julian Wiedmann 7f92316c53 s390/qeth: make cmd/reply matching more flexible
When data is received on the READ channel, the matching logic for cmds
that are waiting for a reply is currently hard-coded into the channel's
main IO callback.
Move this into a per-cmd callback, so that we can apply custom matching
logic for each individual cmd.

This also allows us to remove the coarse-grained check for unexpected
non-IPA replies, since they will no longer match against _all_ pending
cmds.

Note that IDX cmds use _no_ matcher, since their reply is synchronously
received as part of the cmd's IO.

Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-26 15:20:32 +01:00
Julian Wiedmann 91003f354e s390/qeth: consolidate online/offline code
Large parts of the online/offline code are identical now, and cleaning
up the remaining stuff is easier with a shared core.

Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-26 15:20:32 +01:00
Julian Wiedmann aa3ad39203 s390/qeth: consolidate QDIO queue setup
Move some duplicated logic into a shared code path.

Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-26 15:20:32 +01:00
Julian Wiedmann 8ca769e2b8 s390/qeth: shift some bridgeport code around
qeth_l2_setup_bridgeport_attrs() is entirely unrelated to sysfs
functionality, move it where it belongs.
While at it merge all the bridgeport-specific code in the set-online
path together.

Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Reviewed-by: Alexandra Winter <wintera@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-26 15:20:32 +01:00
David S. Miller b3f7e3f23a Merge ra.kernel.org:/pub/scm/linux/kernel/git/netdev/net 2020-01-19 22:10:04 +01:00
Harald Freudenberger 0c874cd042 s390/zcrypt: move ap device reset from bus to driver code
This patch moves the reset invocation of an ap device when
fresh detected from the ap bus to the probe() function of
the driver responsible for this device.

The virtualisation of ap devices makes it necessary to
remove unconditioned resets on fresh appearing apqn devices.
It may be that such a device is already enabled for guest
usage. So there may be a race condition between host ap bus
and guest ap bus doing the reset. This patch moves the
reset from the ap bus to the zcrypt drivers. So if there
is no zcrypt driver bound to an ap device - for example
the ap device is bound to the vfio device driver - the
ap device is untouched passed to the vfio device driver.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-01-09 16:59:18 +01:00
Harald Freudenberger 94dd3bada5 s390/zcrypt: Fix CCA cipher key gen with clear key value function
Regression tests showed that the CCA cipher key function which
generates an CCA cipher key with given clear key value does not work
correctly. At parsing the reply CPRB two limits are wrong calculated
resulting in rejecting the reply as invalid with s390dbf message
"_ip_cprb_helper reply with invalid or unknown key block".

Fixes: f2bbc96e7c ("s390/pkey: add CCA AES cipher key support")
Cc: Stable <stable@vger.kernel.org>
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-01-09 16:59:18 +01:00
Nishad Kamdar dbaf10027a vfio-ccw: Use the correct style for SPDX License Identifier
This patch corrects the SPDX License Identifier style in
header file related to S/390 common i/o drivers.
It assigns explicit block comment to the SPDX License
Identifier.

Changes made by using a script provided by Joe Perches here:
https://lkml.org/lkml/2019/2/7/46.

Fixes: 3cd90214b7 ("vfio: ccw: add tracepoints for interesting error paths")
Suggested-by: Joe Perches <joe@perches.com>
Signed-off-by: Nishad Kamdar <nishadkamdar@gmail.com>
Message-Id: <20191225122054.GA4598@nishad>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-01-07 10:37:34 +01:00
David S. Miller 31d518f35e Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Simple overlapping changes in bpf land wrt. bpf_helper_defs.h
handling.

Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-31 13:37:13 -08:00
Julian Wiedmann 8ca8559ff3 s390/qeth: remove QETH_RX_PULL_LEN
Since commit f677fcb9ae ("s390/qeth: ensure linear access to packet headers"),
the CQ-specific skbs are allocated with a slightly bigger linear part
than necessary. Shrink it down to the maximum that's needed by
qeth_extract_skb().

Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-26 15:23:50 -08:00
Julian Wiedmann dcdcf8670d s390/qeth: use napi_gro_frags() for SG skbs
For non-linear packets, get the skb for attaching the page fragments
from napi_get_frags() so that it can be recycled during GRO.

Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-26 15:23:50 -08:00
Julian Wiedmann c04b116a28 s390/qeth: consolidate RX code
To reduce the path length and levels of indirection, move the RX
processing from the sub-drivers into the core.

Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-26 15:23:50 -08:00
Julian Wiedmann 0b698c838e s390/qeth: fix initialization on old HW
I stumbled over an old OSA model that claims to support DIAG_ASSIST,
but then rejects the cmd to query its DIAG capabilities.

In the old code this was ok, as the returned raw error code was > 0.
Now that we translate the raw codes to errnos, the "rc < 0" causes us
to fail the initialization of the device.

The fix is trivial: don't bail out when the DIAG query fails. Such an
error is not critical, we can still use the device (with a slightly
reduced set of features).

Fixes: 742d4d4083 ("s390/qeth: convert remaining legacy cmd callbacks")
Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-24 22:41:06 -08:00
Alexandra Winter d1b9ae1864 s390/qeth: vnicc Fix init to default
During vnicc_init wanted_char should be compared to cur_char and not
to QETH_VNICC_DEFAULT. Without this patch there is no way to enforce
the default values as desired values.

Note, that it is expected, that a card comes online with default values.
This patch was tested with private card firmware.

Fixes: caa1f0b10d ("s390/qeth: add VNICC enable/disable support")
Signed-off-by: Alexandra Winter <wintera@linux.ibm.com>
Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-24 22:41:06 -08:00
Alexandra Winter e8a66d8004 s390/qeth: Fix vnicc_is_in_use if rx_bcast not set
Symptom: After vnicc/rx_bcast has been manually set to 0,
	bridge_* sysfs parameters can still be set or written.
Only occurs on HiperSockets, as OSA doesn't support changing rx_bcast.

Vnic characteristics and bridgeport settings are mutually exclusive.
rx_bcast defaults to 1, so manually setting it to 0 should disable
bridge_* parameters.

Instead it makes sense here to check the supported mask. If the card
does not support vnicc at all, bridge commands are always allowed.

Fixes: caa1f0b10d ("s390/qeth: add VNICC enable/disable support")
Signed-off-by: Alexandra Winter <wintera@linux.ibm.com>
Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-24 22:41:06 -08:00
Alexandra Winter 68c57bfd52 s390/qeth: fix false reporting of VNIC CHAR config failure
Symptom: Error message "Configuring the VNIC characteristics failed"
in dmesg whenever an OSA interface on z15 is set online.

The VNIC characteristics get re-programmed when setting a L2 device
online. This follows the selected 'wanted' characteristics - with the
exception that the INVISIBLE characteristic unconditionally gets
switched off.

For devices that don't support INVISIBLE (ie. OSA), the resulting
IO failure raises a noisy error message
("Configuring the VNIC characteristics failed").
For IQD, INVISIBLE is off by default anyways.

So don't unnecessarily special-case the INVISIBLE characteristic, and
thereby suppress the misleading error message on OSA devices.

Fixes: caa1f0b10d ("s390/qeth: add VNICC enable/disable support")
Signed-off-by: Alexandra Winter <wintera@linux.ibm.com>
Reviewed-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-24 22:41:06 -08:00
Julian Wiedmann 5b6c7b55cf s390/qeth: lock the card while changing its hsuid
qeth_l3_dev_hsuid_store() initially checks the card state, but doesn't
take the conf_mutex to ensure that the card stays in this state while
being reconfigured.

Rework the code to take this lock, and drop a redundant state check in a
helper function.

Fixes: b333293058 ("qeth: add support for af_iucv HiperSockets transport")
Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-24 22:41:06 -08:00