1285809Sscottl/******************************************************************************* 2285809Sscottl*Copyright (c) 2014 PMC-Sierra, Inc. All rights reserved. 3285809Sscottl* 4285809Sscottl*Redistribution and use in source and binary forms, with or without modification, are permitted provided 5285809Sscottl*that the following conditions are met: 6285809Sscottl*1. Redistributions of source code must retain the above copyright notice, this list of conditions and the 7285809Sscottl*following disclaimer. 8285809Sscottl*2. Redistributions in binary form must reproduce the above copyright notice, 9285809Sscottl*this list of conditions and the following disclaimer in the documentation and/or other materials provided 10285809Sscottl*with the distribution. 11285809Sscottl* 12285809Sscottl*THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED 13285809Sscottl*WARRANTIES,INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 14285809Sscottl*FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 15285809Sscottl*FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 16285809Sscottl*NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 17285809Sscottl*BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 18285809Sscottl*LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 19285809Sscottl*SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE 20285809Sscottl* 21285809Sscottl* $FreeBSD$ 22285809Sscottl* 23285809Sscottl*******************************************************************************/ 24285809Sscottl/******************************************************************************* 25285809Sscottl** 26285809Sscottl** Version Control Information: 27285809Sscottl** 28285809Sscottl** $Revision: 113920 $ 29285809Sscottl** $Author: mcleanda $ 30285809Sscottl** $Date: 2012-05-08 11:30:44 -0700 (Tue, 08 May 2012) $ 31285809Sscottl** $Id: lxencrypt.c 113920 2012-05-08 18:30:44Z mcleanda $ 32285809Sscottl** 33285809Sscottl*******************************************************************************/ 34285809Sscottl 35285809Sscottl#include <dev/pms/RefTisa/tisa/sassata/common/tdioctl.h> 36285809Sscottl#include <dev/pms/RefTisa/tisa/api/titypes.h> 37285809Sscottl 38285809Sscottl#include <dev/pms/freebsd/driver/common/lxencrypt.h> 39285809Sscottl#include <sys/param.h> 40285809Sscottl#include <sys/queue.h> 41285809Sscottl#include <vm/uma.h> 42285809Sscottl 43285809Sscottl 44285809Sscottlstatic atomic_t ioerr_queue_count; 45285809Sscottl#ifdef ENCRYPT_ENHANCE 46285809Sscottl/****************************************************************************** 47285809Sscottlcareful_write(): 48285809Sscottl 49285809SscottlPurpose: 50285809SscottlParameters: 51285809SscottlReturn: 52285809SscottlNote: 53285809Sscottl******************************************************************************/ 54285809Sscottlstatic int 55285809Sscottlcareful_write(char *buf, int offset, int max, const char *fmt, ...) 56285809Sscottl{ 57285809Sscottl static char s[PAGE_SIZE]; /* Assumes serialization */ 58285809Sscottl va_list args; 59285809Sscottl int i; 60285809Sscottl 61285809Sscottl if(offset > max) 62285809Sscottl return 0; 63285809Sscottl s[PAGE_SIZE - 1] = '\0'; 64285809Sscottl 65285809Sscottl va_start(args, fmt); 66285809Sscottl i = vsnprintf(s, PAGE_SIZE - 1, fmt, args); 67285809Sscottl if((offset + i) > max) 68285809Sscottl return 0; 69285809Sscottl memcpy(buf + offset, s, i); 70285809Sscottl va_end(args); 71285809Sscottl 72285809Sscottl return i; 73285809Sscottl} 74285809Sscottl 75285809Sscottl/****************************************************************************** 76285809Sscottlset_dek_table_entry(): 77285809Sscottl 78285809SscottlPurpose: 79285809SscottlParameters: 80285809SscottlReturn: 81285809SscottlNote: 82285809Sscottl******************************************************************************/ 83285809Sscottlstatic inline int 84285809Sscottlset_dek_table_entry(struct device *dev, const char *buf, size_t len, dek_table_e table) 85285809Sscottl{ 86285809Sscottl int index; 87285809Sscottl struct Scsi_Host *shost = class_to_shost(dev); 88285809Sscottl struct agtiapi_softc *pCard = (struct agtiapi_softc *) shost->hostdata; 89285809Sscottl 90285809Sscottl /* Check permissions */ 91285809Sscottl if(!capable(CAP_SYS_ADMIN)) 92285809Sscottl return -EACCES; 93285809Sscottl 94285809Sscottl if(!pCard->encrypt) 95285809Sscottl return -EINVAL; 96285809Sscottl 97285809Sscottl if(table != DEK_TABLE_0 && table != DEK_TABLE_1) 98285809Sscottl return -EINVAL; 99285809Sscottl 100285809Sscottl sscanf(buf, "%d", &index); 101285809Sscottl if(index >= 0 && index < DEK_MAX_TABLE_ITEMS) { 102285809Sscottl pCard->dek_index[table] = index; 103285809Sscottl return strlen(buf); 104285809Sscottl } 105285809Sscottl return -EINVAL; 106285809Sscottl} 107285809Sscottl 108285809Sscottl/****************************************************************************** 109285809Sscottlset_dek_table_entry0(): 110285809Sscottl 111285809SscottlPurpose: 112285809SscottlParameters: 113285809SscottlReturn: 114285809SscottlNote: 115285809Sscottl******************************************************************************/ 116285809Sscottlssize_t 117285809Sscottlset_dek_table_entry0(struct device *dev, struct device_attribute *attr, const char *buf, size_t len) 118285809Sscottl{ 119285809Sscottl return set_dek_table_entry(dev, buf, len, DEK_TABLE_0); 120285809Sscottl} 121285809Sscottl 122285809Sscottl/****************************************************************************** 123285809Sscottlset_dek_table_entry1(): 124285809Sscottl 125285809SscottlPurpose: 126285809SscottlParameters: 127285809SscottlReturn: 128285809SscottlNote: 129285809Sscottl******************************************************************************/ 130285809Sscottlssize_t 131285809Sscottlset_dek_table_entry1(struct device *dev, struct device_attribute *attr, const char *buf, size_t len) 132285809Sscottl{ 133285809Sscottl return set_dek_table_entry(dev, buf, len, DEK_TABLE_1); 134285809Sscottl} 135285809Sscottl 136285809Sscottl 137285809Sscottl/****************************************************************************** 138285809Sscottlshow_dek_table_entry(): 139285809Sscottl 140285809SscottlPurpose: 141285809SscottlParameters: 142285809SscottlReturn: 143285809SscottlNote: 144285809Sscottl******************************************************************************/ 145285809Sscottlstatic inline int 146285809Sscottlshow_dek_table_entry(struct device *dev, char *buf, unsigned int table) 147285809Sscottl{ 148285809Sscottl int i = 0, j; 149285809Sscottl unsigned char *p; 150285809Sscottl struct Scsi_Host *sh = class_to_shost(dev); 151285809Sscottl ag_card_t *pCard = (ag_card_t *) sh->hostdata; 152285809Sscottl ag_card_info_t *pCardInfo = pCard->pCardInfo; 153285809Sscottl ag_resource_info_t *pRscInfo = &pCardInfo->tiRscInfo; 154285809Sscottl tiEncryptDekBlob_t *pDekTable = NULL; 155285809Sscottl 156285809Sscottl if(!pCard->encrypt) 157285809Sscottl return -EINVAL; 158285809Sscottl 159285809Sscottl if(table == DEK_TABLE_0) 160285809Sscottl pDekTable = pRscInfo->tiLoLevelResource.loLevelMem.mem[DEK_MEM_INDEX_1].virtPtr; 161285809Sscottl else if(table == DEK_TABLE_1) 162285809Sscottl pDekTable = pRscInfo->tiLoLevelResource.loLevelMem.mem[DEK_MEM_INDEX_2].virtPtr; 163285809Sscottl if(pDekTable == NULL) 164285809Sscottl return -EINVAL; 165285809Sscottl 166285809Sscottl if(pCard->dek_index[table] >= 0 || pCard->dek_index[table] < DEK_MAX_TABLE_ITEMS) { 167285809Sscottl i += careful_write(buf, i, PAGE_SIZE, "%4d: ", pCard->dek_index[table]); 168285809Sscottl p = (unsigned char *) &pDekTable[pCard->dek_index[table]]; 169285809Sscottl for(j = 0; j < sizeof(tiEncryptDekBlob_t); j++) { 170285809Sscottl i += careful_write(buf, i, PAGE_SIZE, "%02x", p[j]); 171285809Sscottl } 172285809Sscottl i += careful_write(buf, i, PAGE_SIZE, "\n"); 173285809Sscottl } else { 174285809Sscottl i += careful_write(buf, i, PAGE_SIZE, "Bad DEK index %d; range: 0 - %d\n", pCard->dek_index[table], DEK_MAX_TABLE_ITEMS); 175285809Sscottl } 176285809Sscottl 177285809Sscottl /* BUG if we return more than a single page of data */ 178285809Sscottl //BUG_ON(i > PAGE_SIZE); 179285809Sscottl if (i > PAGE_SIZE) 180285809Sscottl i = PAGE_SIZE; 181285809Sscottl 182285809Sscottl return i; 183285809Sscottl} 184285809Sscottl 185285809Sscottl/****************************************************************************** 186285809Sscottlshow_dek_table_entry0(): 187285809Sscottl 188285809SscottlPurpose: 189285809SscottlParameters: 190285809SscottlReturn: 191285809SscottlNote: 192285809Sscottl******************************************************************************/ 193285809Sscottlssize_t 194285809Sscottlshow_dek_table_entry0(struct device *dev, struct device_attribute *attr, char *buf) 195285809Sscottl{ 196285809Sscottl return show_dek_table_entry(dev, buf, DEK_TABLE_0); 197285809Sscottl} 198285809Sscottl 199285809Sscottl/****************************************************************************** 200285809Sscottlshow_dek_table_entry1(): 201285809Sscottl 202285809SscottlPurpose: 203285809SscottlParameters: 204285809SscottlReturn: 205285809SscottlNote: 206285809Sscottl******************************************************************************/ 207285809Sscottlssize_t 208285809Sscottlshow_dek_table_entry1(struct device *dev, struct device_attribute *attr, char *buf) 209285809Sscottl{ 210285809Sscottl return show_dek_table_entry(dev, buf, DEK_TABLE_1); 211285809Sscottl} 212285809Sscottl 213285809Sscottl/****************************************************************************** 214285809Sscottlshow_kek_table(): 215285809Sscottl 216285809SscottlPurpose: 217285809SscottlParameters: 218285809SscottlReturn: 219285809SscottlNote: 220285809Sscottl******************************************************************************/ 221285809Sscottlssize_t 222285809Sscottlshow_kek_table(struct device *dev, struct device_attribute *attr, char *buf) 223285809Sscottl{ 224285809Sscottl int i = 0, j, kek_index; 225285809Sscottl unsigned char *p; 226285809Sscottl struct Scsi_Host *sh = class_to_shost(dev); 227285809Sscottl ag_card_t *pCard = (ag_card_t *) sh->hostdata; 228285809Sscottl 229285809Sscottl if(!pCard->encrypt) 230285809Sscottl return -EINVAL; 231285809Sscottl 232285809Sscottl for(kek_index = 0; kek_index < KEK_TABLE_MAX_ENTRY; kek_index++) { 233285809Sscottl i += careful_write(buf, i, PAGE_SIZE, " %4d: %08x ", kek_index, pCard->kek_table[kek_index].wrapperIndex); 234285809Sscottl p = (unsigned char *) &pCard->kek_table[kek_index].kekBlob; 235285809Sscottl for(j = 0; j < sizeof(tiEncryptKekBlob_t); j++) { 236285809Sscottl i += careful_write(buf, i, PAGE_SIZE, "%02x", p[j]); 237285809Sscottl } 238285809Sscottl i += careful_write(buf, i, PAGE_SIZE, "\n"); 239285809Sscottl } 240285809Sscottl i += careful_write(buf, i, PAGE_SIZE, "\n"); 241285809Sscottl 242285809Sscottl /* BUG if we return more than a single page of data */ 243285809Sscottl //BUG_ON(i > PAGE_SIZE); 244285809Sscottl if (i > PAGE_SIZE) 245285809Sscottl i = PAGE_SIZE; 246285809Sscottl 247285809Sscottl return i; 248285809Sscottl} 249285809Sscottl 250285809Sscottl/****************************************************************************** 251285809Sscottlshow_dek_kek_map(): 252285809Sscottl 253285809SscottlPurpose: 254285809SscottlParameters: 255285809SscottlReturn: 256285809SscottlNote: 257285809Sscottl******************************************************************************/ 258285809Sscottlstatic inline int 259285809Sscottlshow_dek_kek_map(struct device *dev, char *buf, unsigned int table) 260285809Sscottl{ 261285809Sscottl int i = 0, dek_index; 262285809Sscottl struct Scsi_Host *sh = class_to_shost(dev); 263285809Sscottl ag_card_t *pCard = (ag_card_t *) sh->hostdata; 264285809Sscottl 265285809Sscottl if(!pCard->encrypt) 266285809Sscottl return -EINVAL; 267285809Sscottl 268285809Sscottl if(table != DEK_TABLE_0 && table != DEK_TABLE_1) 269285809Sscottl return -EINVAL; 270285809Sscottl 271285809Sscottl i += careful_write(buf, i, PAGE_SIZE, "Table %d\n", table); 272285809Sscottl i += careful_write(buf, i, PAGE_SIZE, "=======\n"); 273285809Sscottl for(dek_index = 0; dek_index < DEK_MAX_TABLE_ITEMS; dek_index++) { 274285809Sscottl i += careful_write(buf, i, PAGE_SIZE, " %4d: %08x\n", dek_index, pCard->dek_kek_map[table][dek_index].kekIndex); 275285809Sscottl } 276285809Sscottl i += sprintf(buf + i, "\n"); 277285809Sscottl 278285809Sscottl /* BUG if we return more than a single page of data */ 279285809Sscottl //BUG_ON(i > PAGE_SIZE); 280285809Sscottl if (i > PAGE_SIZE) 281285809Sscottl i = PAGE_SIZE; 282285809Sscottl 283285809Sscottl return i; 284285809Sscottl} 285285809Sscottl 286285809Sscottl/****************************************************************************** 287285809Sscottlshow_dek_kek_map0(): 288285809Sscottl 289285809SscottlPurpose: 290285809SscottlParameters: 291285809SscottlReturn: 292285809SscottlNote: 293285809Sscottl******************************************************************************/ 294285809Sscottlssize_t 295285809Sscottl 296285809Sscottlshow_dek_kek_map0(struct device *dev, struct device_attribute *attr, char *buf) 297285809Sscottl{ 298285809Sscottl return show_dek_kek_map(dev, buf, 0); 299285809Sscottl} 300285809Sscottl 301285809Sscottl/****************************************************************************** 302285809Sscottlshow_dek_kek_map1(): 303285809Sscottl 304285809SscottlPurpose: 305285809SscottlParameters: 306285809SscottlReturn: 307285809SscottlNote: 308285809Sscottl******************************************************************************/ 309285809Sscottlssize_t 310285809Sscottlshow_dek_kek_map1(struct device *dev, struct device_attribute *attr, char *buf) 311285809Sscottl{ 312285809Sscottl return show_dek_kek_map(dev, buf, 1); 313285809Sscottl} 314285809Sscottl 315285809Sscottl/****************************************************************************** 316285809Sscottlshow_target_dek_map(): 317285809Sscottl 318285809SscottlPurpose: 319285809SscottlParameters: 320285809SscottlReturn: 321285809SscottlNote: 322285809Sscottl******************************************************************************/ 323285809Sscottlssize_t 324285809Sscottlshow_target_dek_map(struct device *dev, struct device_attribute *attr, char *buf) 325285809Sscottl{ 326285809Sscottl int i = 0; 327285809Sscottl unsigned int chan, device, lun = 0; 328285809Sscottl ag_encrypt_map_t *p; 329285809Sscottl struct list_head *lh; 330285809Sscottl struct Scsi_Host *sh = class_to_shost(dev); 331285809Sscottl ag_card_t *pCard = (ag_card_t *) sh->hostdata; 332285809Sscottl 333285809Sscottl if(!pCard->encrypt) 334285809Sscottl return -EINVAL; 335285809Sscottl 336285809Sscottl for(chan = 0; chan <= AGTIAPI_MAX_CHANNEL_NUM; chan++) { 337285809Sscottl for(device = 0; device < pCard->devDiscover; device++) { 338285809Sscottl#ifdef REPORT_ALL_LUNS 339285809Sscottl for(lun = 0; lun < AGTIAPI_MAX_LUN; lun++) { 340285809Sscottl#endif 341285809Sscottl lh = MAP_TABLE_ENTRY(pCard, chan, device, lun); 342285809Sscottl if(lh) { 343285809Sscottl list_for_each_entry(p, lh, list) { 344285809Sscottl if(p->dekIndex != DEK_INDEX_INVALID) 345285809Sscottl i += careful_write(buf, i, PAGE_SIZE, " %u:%u:%u: %x %8x %8x %16lx %16lx %08x:%08x %1x\n", chan, device, lun, p->dekTable, p->dekIndex, p->kekIndex, p->lbaMin, p->lbaMax, p->keyTag[1], p->keyTag[0], p->keyTagCheck); 346285809Sscottl } 347285809Sscottl } 348285809Sscottl#ifdef REPORT_ALL_LUNS 349285809Sscottl } 350285809Sscottl#endif 351285809Sscottl } 352285809Sscottl } 353285809Sscottl 354285809Sscottl if (i > PAGE_SIZE) 355285809Sscottl i = PAGE_SIZE; 356285809Sscottl 357285809Sscottl return i; 358285809Sscottl} 359285809Sscottl 360285809Sscottl 361285809Sscottl/****************************************************************************** 362285809Sscottlagtiapi_AddDek(): 363285809Sscottl 364285809SscottlPurpose: 365285809SscottlParameters: 366285809SscottlReturn: 367285809SscottlNote: 368285809Sscottl******************************************************************************/ 369285809Sscottlstatic int 370285809Sscottlagtiapi_AddDek(ag_card_t *pCard, bit32 dek_table, bit32 dek_index, bit32 blob_format, bit32 entry_sz, tiEncryptDekBlob_t *dek_blob, U32_64 *addr) 371285809Sscottl{ 372285809Sscottl ag_resource_info_t *pRscInfo = &pCard->pCardInfo->tiRscInfo; 373285809Sscottl tiEncryptDekBlob_t *pDekTable; 374285809Sscottl char *p; 375285809Sscottl 376285809Sscottl if (dek_index >= DEK_MAX_TABLE_ITEMS) { 377285809Sscottl printf("%s: Bad dek index 0x%x (MAX: 0x%x).\n", __FUNCTION__, dek_index, DEK_MAX_TABLE_ITEMS); 378285809Sscottl return -E_DEK_INDEX; 379285809Sscottl } 380285809Sscottl 381285809Sscottl switch(dek_table) { 382285809Sscottl case DEK_TABLE_0: 383285809Sscottl pDekTable = pRscInfo->tiLoLevelResource.loLevelMem.mem[DEK_MEM_INDEX_1].virtPtr; 384285809Sscottl break; 385285809Sscottl case DEK_TABLE_1: 386285809Sscottl pDekTable = pRscInfo->tiLoLevelResource.loLevelMem.mem[DEK_MEM_INDEX_2].virtPtr; 387285809Sscottl break; 388285809Sscottl default: 389285809Sscottl printf("%s: Unknown dek table %d\n", __FUNCTION__, dek_table); 390285809Sscottl return -E_DEK_TABLE; 391285809Sscottl } 392285809Sscottl 393285809Sscottl #ifdef __VMKLNX__ 394285809Sscottl *addr = (U32_64) __pa(&pDekTable[0]); 395285809Sscottl #else 396285809Sscottl *addr = (U32_64) virt_to_phys(&pDekTable[0]); 397285809Sscottl #endif 398285809Sscottl 399285809Sscottl p = (char *) &pDekTable[0] + (dek_index * pCard->dek_size); 400285809Sscottl 401285809Sscottl printf("%s: Base: %p, Index: %08x, Virt: %p Size: %d\n", __FUNCTION__, pDekTable, dek_index, &pDekTable[dek_index], pCard->dek_size); 402285809Sscottl memcpy(p, dek_blob, pCard->dek_size); 403285809Sscottl wmb(); 404285809Sscottl 405285809Sscottl /* Flush entry */ 406285809Sscottl ostiCacheFlush(&pCard->tiRoot, NULL, p, pCard->dek_size); 407285809Sscottl 408285809Sscottl return 0; 409285809Sscottl} 410285809Sscottl 411285809Sscottl/****************************************************************************** 412285809Sscottlagtiapi_MapDekKek(): 413285809Sscottl 414285809SscottlPurpose: 415285809SscottlParameters: 416285809SscottlReturn: 417285809SscottlNote: 418285809Sscottl******************************************************************************/ 419285809Sscottlstatic int 420285809Sscottlagtiapi_MapDekKek(ag_card_t *pCard, bit32 dek_table, bit32 dek_index, bit32 kek_index) 421285809Sscottl{ 422285809Sscottl if (dek_index >= DEK_MAX_TABLE_ITEMS) { 423285809Sscottl printf("%s: Bad dek index 0x%x (MAX: 0x%x).\n", __FUNCTION__, dek_index, DEK_MAX_TABLE_ITEMS); 424285809Sscottl return -E_DEK_INDEX; 425285809Sscottl } 426285809Sscottl 427285809Sscottl if (dek_table >= DEK_MAX_TABLES) { 428285809Sscottl printf("%s: Bad dek table.\n", __FUNCTION__); 429285809Sscottl return -E_DEK_TABLE; 430285809Sscottl } 431285809Sscottl 432285809Sscottl if (kek_index >= KEK_TABLE_MAX_ENTRY) { 433285809Sscottl printf("%s: Bad kek index.\n", __FUNCTION__); 434285809Sscottl return -E_KEK_INDEX; 435285809Sscottl } 436285809Sscottl 437285809Sscottl pCard->dek_kek_map[dek_table][dek_index].kekIndex = kek_index; 438285809Sscottl return 0; 439285809Sscottl} 440285809Sscottl 441285809Sscottl/****************************************************************************** 442285809Sscottlagtiapi_AddKek(): 443285809Sscottl 444285809SscottlPurpose: 445285809SscottlParameters: 446285809SscottlReturn: 447285809SscottlNote: 448285809Sscottl******************************************************************************/ 449285809Sscottlstatic int 450285809Sscottlagtiapi_AddKek(ag_card_t *pCard, bit32 kek_index, bit32 wrapper_kek_index, tiEncryptKekBlob_t *kek_blob) 451285809Sscottl{ 452285809Sscottl if (kek_index >= KEK_TABLE_MAX_ENTRY) { 453285809Sscottl printf("%s: Bad kek index.\n", __FUNCTION__); 454285809Sscottl return -E_KEK_INDEX; 455285809Sscottl } 456285809Sscottl if (wrapper_kek_index >= KEK_TABLE_MAX_ENTRY) { 457285809Sscottl printf("%s: Bad kek wrapper index.\n", __FUNCTION__); 458285809Sscottl return -E_KEK_INDEX; 459285809Sscottl } 460285809Sscottl pCard->kek_table[kek_index].wrapperIndex = wrapper_kek_index; 461285809Sscottl memcpy(&pCard->kek_table[kek_index].kekBlob, kek_blob, sizeof(tiEncryptKekBlob_t)); 462285809Sscottl return 0; 463285809Sscottl} 464285809Sscottl 465285809Sscottl/****************************************************************************** 466285809Sscottlagtiapi_MapDek(): 467285809Sscottl 468285809SscottlPurpose: 469285809SscottlParameters: 470285809SscottlReturn: 471285809SscottlNote: 472285809Sscottl******************************************************************************/ 473285809Sscottlstatic int 474285809Sscottlagtiapi_MapDek(ag_card_t *pCard, EncryptDeviceDekMap_t *dek_map) 475285809Sscottl{ 476285809Sscottl int found = 0; 477285809Sscottl bit32 chan, device, lun; 478285809Sscottl bit32 dek_table, dek_index, kek_index; 479285809Sscottl unsigned long long lba_min, lba_max; 480285809Sscottl ag_encrypt_map_t *p, *n; 481285809Sscottl struct list_head *lh; 482285809Sscottl 483285809Sscottl chan = dek_map->channel; 484285809Sscottl device = dek_map->device; 485285809Sscottl lun = dek_map->lun; 486285809Sscottl 487285809Sscottl lba_min = dek_map->dekMapEntry[0].startLBA; 488285809Sscottl lba_max = dek_map->dekMapEntry[0].endLBA; 489285809Sscottl 490285809Sscottl dek_table = dek_map->dekMapEntry[0].dek.dekTable; 491285809Sscottl dek_index = dek_map->dekMapEntry[0].dek.dekIndex; 492285809Sscottl 493285809Sscottl /* Sanity check channel, device, lun */ 494285809Sscottl if (chan > AGTIAPI_MAX_CHANNEL_NUM) { 495285809Sscottl printf("%s: Bad channel %d.\n", __FUNCTION__, chan); 496285809Sscottl return -E_CHANNEL_INDEX; 497285809Sscottl } 498285809Sscottl if (device >= pCard->devDiscover) { 499285809Sscottl printf("%s: Bad device %d.\n", __FUNCTION__, device); 500285809Sscottl return -E_DEVICE_INDEX; 501285809Sscottl } 502285809Sscottl if (lun >= AGTIAPI_MAX_LUN) { 503285809Sscottl printf("%s: Bad lun %d.\n", __FUNCTION__, lun); 504285809Sscottl return -E_LUN_INDEX; 505285809Sscottl } 506285809Sscottl 507285809Sscottl /* Sanity check dek index */ 508285809Sscottl if (dek_index >= DEK_MAX_TABLE_ITEMS) { 509285809Sscottl printf("%s: Bad dek index 0x%x (MAX: 0x%x).\n", __FUNCTION__, dek_index, DEK_MAX_TABLE_ITEMS); 510285809Sscottl return -E_DEK_INDEX; 511285809Sscottl } 512285809Sscottl 513285809Sscottl /* Sanity check dek table */ 514285809Sscottl if (dek_table >= DEK_MAX_TABLES) { 515285809Sscottl printf("%s: Bad dek table %d.\n", __FUNCTION__, dek_table); 516285809Sscottl return -E_DEK_TABLE; 517285809Sscottl } 518285809Sscottl 519285809Sscottl /* Check that lba min and lba max are sane */ 520285809Sscottl if (lba_min >= lba_max) { 521285809Sscottl printf("%s: Bad lba min and lba max: %llx %llx.\n", __FUNCTION__, lba_min, lba_max); 522285809Sscottl return -E_LBA_RANGE; 523285809Sscottl } 524285809Sscottl 525285809Sscottl /* dek_table and dek_index are valid, look up kek */ 526285809Sscottl kek_index = pCard->dek_kek_map[dek_table][dek_index].kekIndex; 527285809Sscottl 528285809Sscottl lh = MAP_TABLE_ENTRY(pCard, chan, device, lun); 529285809Sscottl 530285809Sscottl if (dek_map->dekMapEntry[0].flags & ENCRYPT_DEK_MAP_ENTRY_CLEAR) { 531285809Sscottl /* Delete the entry */ 532285809Sscottl found = 0; 533285809Sscottl list_for_each_entry_safe(p, n, lh, list) { 534285809Sscottl if (p->lbaMin == lba_min && 535285809Sscottl p->lbaMax == lba_max && 536285809Sscottl p->dekTable == dek_table && 537285809Sscottl p->dekIndex == dek_index && 538285809Sscottl p->kekIndex == kek_index) { 539285809Sscottl /* Entry found, unlink and reclaim it */ 540285809Sscottl found = 1; 541285809Sscottl list_del(&p->list); 542285809Sscottl mempool_free(p, pCard->map_mempool); 543285809Sscottl } 544285809Sscottl } 545285809Sscottl if (!found) { 546285809Sscottl printf("%s: Entry %x %x %x %llx %llx not found.\n", __FUNCTION__, dek_table, dek_index, kek_index, lba_min, lba_max); 547285809Sscottl return -E_NOT_FOUND; 548285809Sscottl } 549285809Sscottl } else if (dek_map->dekMapEntry[0].flags & ENCRYPT_DEK_MAP_ENTRY_VALID) { 550285809Sscottl /* Add the entry */ 551285809Sscottl 552285809Sscottl p = (ag_encrypt_map_t *)uma_zalloc(pCard->map_cache, M_WAITOK); //Encryption 553285809Sscottl if (!p) { 554285809Sscottl printf("%s: Unable to allocate from memory pool.\n", __FUNCTION__); 555285809Sscottl return -E_MEMPOOL_ALLOC; 556285809Sscottl } 557285809Sscottl 558285809Sscottl /* Populate it */ 559285809Sscottl p->lbaMin = lba_min; 560285809Sscottl p->lbaMax = lba_max; 561285809Sscottl p->dekTable = dek_table; 562285809Sscottl p->dekIndex = dek_index; 563285809Sscottl p->kekIndex = kek_index; 564285809Sscottl p->keyTagCheck = dek_map->keytag_check; 565285809Sscottl memcpy(&p->keyTag, &dek_map->keytag, sizeof(p->keyTag)); 566285809Sscottl 567285809Sscottl /* Test to see if this new mapping overlaps an existing mapping */ 568285809Sscottl list_for_each_entry(n, lh, list) { 569285809Sscottl /* 570285809Sscottl * Check if the start lba falls in existing range || 571285809Sscottl * Check if the end lba falls in existing range || 572285809Sscottl * Check if the start lba of the existing range falls in the new range 573285809Sscottl */ 574285809Sscottl if (((p->lbaMin >= n->lbaMin) && (p->lbaMin <= n->lbaMax)) || 575285809Sscottl ((p->lbaMax >= n->lbaMin) && (p->lbaMax <= n->lbaMax)) || 576285809Sscottl ((n->lbaMin >= p->lbaMin) && (n->lbaMin <= p->lbaMax))) { 577285809Sscottl printf("%s: WARNING: New entry lba range overlap: %llx - %llx vs %llx - %llx.\n", __FUNCTION__, p->lbaMin, p->lbaMax, n->lbaMin, n->lbaMax); 578285809Sscottl } 579285809Sscottl } 580285809Sscottl 581285809Sscottl /* Link it in to list at the head so it takes precedence */ 582285809Sscottl list_add(&p->list, lh); 583285809Sscottl 584285809Sscottl /* TODO: Decide if/how to refcount each dek/kek index used by the mapping */ 585285809Sscottl 586285809Sscottl } else { 587285809Sscottl printf("%s: Bad flags %08x\n", __FUNCTION__, dek_map->dekMapEntry[0].flags); 588285809Sscottl return -E_FLAGS; 589285809Sscottl } 590285809Sscottl 591285809Sscottl return 0; 592285809Sscottl} 593285809Sscottl#endif 594285809Sscottl#ifdef HIALEAH_ENCRYPTION 595285809Sscottl/****************************************************************************** 596285809Sscottlagtiapi_SetupEncryption(): 597285809Sscottl 598285809SscottlPurpose: 599285809SscottlParameters: 600285809SscottlReturn: 601285809SscottlNote: 602285809Sscottl******************************************************************************/ 603285809Sscottlint 604285809Sscottlagtiapi_SetupEncryption(struct agtiapi_softc *pCard) 605285809Sscottl{ 606285809Sscottl tiRoot_t *tiRoot = (tiRoot_t *) &pCard->tiRoot; 607285809Sscottl bit32 status = tiSuccess; 608285809Sscottl printf("agtiapi_SetupEncryption: HIALEAH_ENCRYPTION\n"); 609285809Sscottl if (pCard->encrypt == agTRUE) 610285809Sscottl { 611285809Sscottl status = tiCOMEncryptGetInfo(tiRoot); 612285809Sscottl printf("agtiapi_SetupEncryption: HIALEAH_ENCRYPTION tiCOMEncryptGetInfo Status 0x%x\n",status); 613285809Sscottl 614285809Sscottl if(status == 1 ) 615285809Sscottl { 616285809Sscottl status = tiCOMEncryptHilSet(tiRoot ); 617285809Sscottl if (status) { 618285809Sscottl pCard->encrypt = agFALSE; 619285809Sscottl printf("agtiapi_SetupEncryption: HIALEAH_ENCRYPTION not set\n"); 620285809Sscottl } 621285809Sscottl } 622285809Sscottl } 623285809Sscottl return 0; 624285809Sscottl} 625285809Sscottl#ifdef ENCRYPT_ENHANCE 626285809Sscottl/****************************************************************************** 627285809Sscottlagtiapi_SetupEncryptionPools(): 628285809Sscottl 629285809SscottlPurpose: 630285809SscottlParameters: 631285809SscottlReturn: 632285809SscottlNote: 633285809Sscottl******************************************************************************/ 634285809Sscottlint 635285809Sscottlagtiapi_SetupEncryptionPools(struct agtiapi_softc *pCard) 636285809Sscottl{ 637285809Sscottl /* Configure encryption memory pool */ 638285809Sscottl memset(pCard->map_cache_name, 0, sizeof(pCard->map_cache_name)); 639285809Sscottl snprintf(pCard->map_cache_name, sizeof(pCard->map_cache_name) - 1, "map_cache_%d", pCard->cardNo); 640285809Sscottl 641285809Sscottl//zone allocation 642285809Sscottl pCard->map_cache = uma_zcreate(pCard->map_cache_name, sizeof(ag_encrypt_map_t),NULL, NULL, NULL, NULL, 0, 0); 643285809Sscottl if(!pCard->map_cache) { 644285809Sscottl /* 645285809Sscottl * This error may be due to an existing cache in the kernel 646285809Sscottl * from an earlier kmem_cache that wasn't properly freed 647285809Sscottl */ 648285809Sscottl printf("Unable to create uma_zcreate cache for encryption map mempool.\n"); 649285809Sscottl return -EFAULT; 650285809Sscottl } 651285809Sscottl uma_zone_set_max(pCard->map_cache, ENCRYPTION_MAP_MEMPOOL_SIZE); 652285809Sscottl 653285809Sscottl 654285809Sscottl /* Configure encryption IO error pool */ 655285809Sscottl INIT_LIST_HEAD(&pCard->ioerr_queue); 656285809Sscottl/*#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,34)) // #### 657285809Sscottl pCard->ioerr_queue_lock = SPIN_LOCK_UNLOCKED; 658285809Sscottl#else */ 659285809Sscottl pCard->ioerr_queue_lock = AG_SPIN_UNLOCK(pCard->ioerr_queue_lock); 660285809Sscottl//#endif 661285809Sscottl 662285809Sscottl 663285809Sscottl memset(pCard->ioerr_cache_name, 0, sizeof(pCard->ioerr_cache_name)); 664285809Sscottl snprintf(pCard->ioerr_cache_name, sizeof(pCard->ioerr_cache_name) - 1, "ioerr_cache_%d", pCard->cardNo); 665285809Sscottl 666285809Sscottl pCard->ioerr_cache = uma_zcreate(pCard->ioerr_cache_name, sizeof(ag_encrypt_ioerr_t), NULL, NULL, NULL, NULL, 0, 0); 667285809Sscottl if(!pCard->ioerr_cache) { 668285809Sscottl /* 669285809Sscottl * This error may be due to an existing cache in the kernel 670285809Sscottl * from an earlier kmem_cache that wasn't properly freed 671285809Sscottl */ 672285809Sscottl printf("Unable to create kmem cache for encryption IO error mempool.\n"); 673285809Sscottl return -EFAULT; 674285809Sscottl } 675285809Sscottl uma_zone_set_max(pCard->ioerr_cache, ENCRYPTION_IO_ERR_MEMPOOL_SIZE); 676285809Sscottl 677285809Sscottl /* Set cipher mode to something invalid */ 678285809Sscottl pCard->cipher_mode = CIPHER_MODE_INVALID; 679285809Sscottl 680285809Sscottl return 0; 681285809Sscottl} 682285809Sscottl#endif 683285809Sscottl/****************************************************************************** 684285809Sscottlagtiapi_CleanupEncryption(): 685285809Sscottl 686285809SscottlPurpose: 687285809SscottlParameters: 688285809SscottlReturn: 689285809SscottlNote: 690285809Sscottl******************************************************************************/ 691285809Sscottlvoid 692285809Sscottlagtiapi_CleanupEncryption(struct agtiapi_softc *pCard) 693285809Sscottl{ 694285809Sscottl#ifdef ENCRYPT_ENHANCE 695285809Sscottl if(pCard->encrypt_map) { 696285809Sscottl int chan, device, lun; 697285809Sscottl struct list_head *lh; 698285809Sscottl ag_encrypt_map_t *p, *n; 699285809Sscottl 700285809Sscottl for (chan = 0; chan < (AGTIAPI_MAX_CHANNEL_NUM + 1); chan++) { 701285809Sscottl for (device = 0; device < pCard->devDiscover; device++) { 702285809Sscottl for (lun = 0; lun < AGTIAPI_MAX_LUN; lun++) { 703285809Sscottl lh = MAP_TABLE_ENTRY(pCard, chan, device, lun); 704285809Sscottl list_for_each_entry_safe(p, n, lh, list) { 705285809Sscottl // mempool_free(p, pCard->map_mempool); 706285809Sscottl } 707285809Sscottl } 708285809Sscottl } 709285809Sscottl } 710285809Sscottl vfree(pCard->encrypt_map); 711285809Sscottl pCard->encrypt_map = NULL; 712285809Sscottl } 713285809Sscottl#endif 714285809Sscottl} 715285809Sscottl 716285809Sscottl#ifdef ENCRYPT_ENHANCE 717285809Sscottl/****************************************************************************** 718285809Sscottlagtiapi_CleanupEncryptionPools(): 719285809Sscottl 720285809SscottlPurpose: 721285809SscottlParameters: 722285809SscottlReturn: 723285809SscottlNote: 724285809Sscottl******************************************************************************/ 725285809Sscottlvoid 726285809Sscottlagtiapi_CleanupEncryptionPools(struct agtiapi_softc *pCard) 727285809Sscottl{ 728285809Sscottl ag_encrypt_ioerr_t *ioerr, *tmp; 729285809Sscottl atomic_set(&ioerr_queue_count); 730285809Sscottl 731285809Sscottl /* 732285809Sscottl * TODO: check "outstanding_encrypted_io_count" for non-zero 733285809Sscottl * and free all mempool items prior to destroying pool 734285809Sscottl */ 735285809Sscottl 736285809Sscottl /* Clean up memory pools */ 737285809Sscottl if (pCard->map_mempool) { 738285809Sscottl mempool_destroy(pCard->map_mempool); 739285809Sscottl printf("Encryption Map mempool released.\n"); 740285809Sscottl pCard->map_mempool = NULL; 741285809Sscottl } 742285809Sscottl 743285809Sscottl /* Clean up kmem cache */ 744285809Sscottl if (pCard->map_cache) { 745285809Sscottl kmem_cache_destroy(pCard->map_cache); 746285809Sscottl printf("Kernel memory cache %s released.\n", pCard->map_cache_name); 747285809Sscottl pCard->map_cache = NULL; 748285809Sscottl } 749285809Sscottl 750285809Sscottl /* Clean up memory pools */ 751285809Sscottl list_for_each_entry_safe(ioerr, tmp, &pCard->ioerr_queue, list) { 752285809Sscottl list_del_init(&ioerr->list); 753285809Sscottl mempool_free(ioerr, pCard->ioerr_mempool); 754285809Sscottl atomic_dec(&ioerr_queue_count); 755285809Sscottl } 756285809Sscottl 757285809Sscottl if (pCard->ioerr_mempool) { 758285809Sscottl mempool_destroy(pCard->ioerr_mempool); 759285809Sscottl printf("Encryption IO Error mempool released.\n"); 760285809Sscottl pCard->ioerr_mempool = NULL; 761285809Sscottl } 762285809Sscottl 763285809Sscottl /* Clean up kmem cache */ 764285809Sscottl if (pCard->ioerr_cache) { 765285809Sscottl kmem_cache_destroy(pCard->ioerr_cache); 766285809Sscottl printf("Kernel memory cache %s released.\n", pCard->ioerr_cache_name); 767285809Sscottl pCard->ioerr_cache = NULL; 768285809Sscottl } 769285809Sscottl} 770285809Sscottl 771285809Sscottl/****************************************************************************** 772285809Sscottlagtiapi_EncryptionIoctl(): 773285809Sscottl 774285809SscottlPurpose: 775285809SscottlParameters: 776285809SscottlReturn: 777285809SscottlNote: 778285809Sscottl******************************************************************************/ 779285809Sscottlint 780285809Sscottlagtiapi_EncryptionIoctl(struct agtiapi_softc *pCard, IoctlEncrypt_t *pIoctlPayload) 781285809Sscottl{ 782285809Sscottl int rv, rc = 0, skip_wait = 0; 783285809Sscottl tiRoot_t *tiRoot = (tiRoot_t *) &pCard->tiRoot; 784285809Sscottl IoctlTISAEncrypt_t *ioctl_data = &pIoctlPayload->body; 785285809Sscottl pIoctlPayload->hdr.Status = IOCTL_ERR_STATUS_INVALID_CODE; 786285809Sscottl pCard->ioctl_data = (void *) ioctl_data; 787285809Sscottl init_completion(&pCard->ioctl_completion); 788285809Sscottl 789285809Sscottl /* Check that the system is quiesced */ 790285809Sscottl if (atomic_read(&outstanding_encrypted_io_count) != 0) 791285809Sscottl printf("%s: WARNING: Attempting encryption management update with outstanding encrypted IOs!\n", __FUNCTION__); 792285809Sscottl 793285809Sscottlprintf("%s: Minor %d\n", __FUNCTION__, pIoctlPayload->hdr.MinorFunction); 794285809Sscottl switch(pIoctlPayload->hdr.MinorFunction) { 795285809Sscottl case IOCTL_MN_ENCRYPTION_GET_INFO: 796285809Sscottl { 797285809Sscottl //IoctlEncryptGetInfo_t *get_info = (IoctlEncryptGetInfo_t *) &ioctl_data->request; 798285809Sscottl rc = tiCOMEncryptGetInfo(tiRoot); 799285809Sscottl } 800285809Sscottl break; 801285809Sscottl case IOCTL_MN_ENCRYPTION_SET_MODE: 802285809Sscottl { 803285809Sscottl u32 reg_val = 0, new_cipher_mode = 0; 804285809Sscottl IoctlEncryptSetMode_t *set_mode = (IoctlEncryptSetMode_t *) &ioctl_data->request; 805285809Sscottl 806285809Sscottl printf("%s: input %08x\n", __FUNCTION__, set_mode->securityCipherMode); 807285809Sscottl 808285809Sscottl /* Set security mode */ 809285809Sscottl if(TI_ENCRYPT_SEC_MODE_FACT_INIT) 810285809Sscottl if(set_mode->securityCipherMode & TI_ENCRYPT_SEC_MODE_FACT_INIT) { 811285809Sscottl reg_val |= TI_ENCRYPT_SEC_MODE_FACT_INIT; 812285809Sscottl pCard->dek_size = DEK_SIZE_PLAIN; 813285809Sscottl } 814285809Sscottl if(set_mode->securityCipherMode & TI_ENCRYPT_SEC_MODE_A) { 815285809Sscottl reg_val |= TI_ENCRYPT_SEC_MODE_A; 816285809Sscottl pCard->dek_size = DEK_SIZE_ENCRYPT; 817285809Sscottl } else if(set_mode->securityCipherMode & TI_ENCRYPT_SEC_MODE_B) { 818285809Sscottl reg_val |= TI_ENCRYPT_SEC_MODE_B; 819285809Sscottl pCard->dek_size = DEK_SIZE_ENCRYPT; 820285809Sscottl } 821285809Sscottl 822285809Sscottl /* Set cipher mode */ 823285809Sscottl if(set_mode->securityCipherMode & TI_ENCRYPT_ATTRIB_CIPHER_XTS) { 824285809Sscottl reg_val |= TI_ENCRYPT_ATTRIB_CIPHER_XTS; 825285809Sscottl new_cipher_mode = TI_ENCRYPT_MODE_XTS_AES; 826285809Sscottl } 827285809Sscottl 828285809Sscottl printf("%s: Setting security cipher mode to: 0x%08x\n", __FUNCTION__, reg_val); 829285809Sscottl pCard->cipher_mode = new_cipher_mode; 830285809Sscottl 831285809Sscottl rc = tiCOMEncryptSetMode(tiRoot, reg_val); 832285809Sscottl } 833285809Sscottl break; 834285809Sscottl case IOCTL_MN_ENCRYPTION_KEK_ADD: 835285809Sscottl { 836285809Sscottl tiEncryptKekBlob_t kek_blob; 837285809Sscottl IoctlEncryptKekAdd_t *kek_add = (IoctlEncryptKekAdd_t *) &ioctl_data->request; 838285809Sscottl printf("%s: Add kek at index 0x%x wrapper 0x%x format 0x%x\n", __FUNCTION__, kek_add->kekIndex, kek_add->wrapperKekIndex, kek_add->blobFormat); 839285809Sscottl 840285809Sscottl /* Copy kek_blob from user pointer to local buffer */ 841285809Sscottl if(access_ok(VERIFY_READ, kek_add->EncryptKekBlob, sizeof(kek_blob))) { 842285809Sscottl printf("%s: Starting copy from user %p to kernel %p\n", __FUNCTION__, kek_add->EncryptKekBlob, &kek_blob); 843285809Sscottl if((rv = copy_from_user(&kek_blob, kek_add->EncryptKekBlob, sizeof(kek_blob))) != 0) { 844285809Sscottl printf("%s: Copy error, %d left\n", __FUNCTION__, rv); 845285809Sscottl return IOCTL_CALL_FAIL; 846285809Sscottl } 847285809Sscottl rc = tiCOMEncryptKekAdd(tiRoot, kek_add->kekIndex, kek_add->wrapperKekIndex, kek_add->blobFormat, &kek_blob); 848285809Sscottl 849285809Sscottl /* Add kek to local kek table (in case of chip reset) */ 850285809Sscottl if(rc == tiSuccess) { 851285809Sscottl if(agtiapi_AddKek(pCard, kek_add->kekIndex, kek_add->wrapperKekIndex, &kek_blob) < 0) { 852285809Sscottl return IOCTL_CALL_FAIL; 853285809Sscottl } 854285809Sscottl } 855285809Sscottl } else { 856285809Sscottl return IOCTL_CALL_FAIL; 857285809Sscottl } 858285809Sscottl } 859285809Sscottl break; 860285809Sscottl case IOCTL_MN_ENCRYPTION_DEK_ADD: 861285809Sscottl { 862285809Sscottl tiEncryptDekBlob_t dek_blob; /* Copied in */ 863285809Sscottl IoctlEncryptDekAdd_t *dek_add = (IoctlEncryptDekAdd_t *) &ioctl_data->request; 864285809Sscottl bit32 kek_index = dek_add->kekIndex; 865285809Sscottl bit32 dek_index = dek_add->dekIndex; 866285809Sscottl bit32 dek_table = dek_add->dekTable; 867285809Sscottl bit32 blob_format = dek_add->dekBlobFormat; 868285809Sscottl bit32 entry_sz = dek_add->dekTableKeyEntrySize; 869285809Sscottl U32_64 addr = 0; 870285809Sscottl bit32 addr_table[2]; 871285809Sscottl memset(addr_table, 0, sizeof(addr_table)); 872285809Sscottl 873285809Sscottl printf("%s: Add dek at index 0x%x, table %x, kek index %x, blob format %x, entry size %x\n", __FUNCTION__, dek_index, dek_table, kek_index, blob_format, entry_sz); 874285809Sscottl 875285809Sscottl /* Copy dek_blob from user pointer to local buffer */ 876285809Sscottl if(access_ok(VERIFY_READ, dek_add->dekBlob, sizeof(dek_blob))) { 877285809Sscottl printf("%s: Starting copy from user %p to kernel %p\n", __FUNCTION__, dek_add->dekBlob, &dek_blob); 878285809Sscottl if((rv = copy_from_user(&dek_blob, dek_add->dekBlob, sizeof(dek_blob))) != 0) { 879285809Sscottl printf("%s: Copy error, %d left\n", __FUNCTION__, rv); 880285809Sscottl return IOCTL_CALL_FAIL; 881285809Sscottl } 882285809Sscottl 883285809Sscottl /* Add DEK to local table */ 884285809Sscottl if (agtiapi_AddDek(pCard, dek_table, dek_index, blob_format, entry_sz, &dek_blob, &addr) < 0) { 885285809Sscottl return IOCTL_CALL_FAIL; 886285809Sscottl } 887285809Sscottl memcpy(addr_table, &addr, sizeof(addr)); 888285809Sscottl 889285809Sscottl /* Add DEK-KEK association in local table */ 890285809Sscottl if (agtiapi_MapDekKek(pCard, dek_table, dek_index, kek_index) < 0) { 891285809Sscottl return IOCTL_CALL_FAIL; 892285809Sscottl } 893285809Sscottl 894285809Sscottl /* Push DEK to chip */ 895285809Sscottl rc = tiCOMEncryptDekAdd(tiRoot, kek_index, dek_table, addr_table[1], addr_table[0], dek_index, 1, blob_format, entry_sz); 896285809Sscottl } else { 897285809Sscottl return IOCTL_CALL_FAIL; 898285809Sscottl } 899285809Sscottl } 900285809Sscottl break; 901285809Sscottl case IOCTL_MN_ENCRYPTION_DEK_INVALID: 902285809Sscottl { 903285809Sscottl IoctlEncryptDekInvalidate_t *dek_to_invalidate = (IoctlEncryptDekInvalidate_t *) &ioctl_data->request; 904285809Sscottl printf("%s: Invalidating dek at index 0x%x, table %x\n", __FUNCTION__, dek_to_invalidate->dek.dekIndex, dek_to_invalidate->dek.dekTable); 905285809Sscottl 906285809Sscottl rc = tiCOMEncryptDekInvalidate(tiRoot, dek_to_invalidate->dek.dekTable, dek_to_invalidate->dek.dekIndex); 907285809Sscottl /* TODO: What to do in local tables? Mark it? */ 908285809Sscottl } 909285809Sscottl break; 910285809Sscottl case IOCTL_MN_ENCRYPTION_KEK_NVRAM: 911285809Sscottl { 912285809Sscottl rc = tiError; 913285809Sscottl } 914285809Sscottl break; 915285809Sscottl case IOCTL_MN_ENCRYPTION_DEK_ASSIGN: 916285809Sscottl { 917285809Sscottl IoctlEncryptDekMapTable_t *p_dek_map = (IoctlEncryptDekMapTable_t *) &ioctl_data->request; 918285809Sscottl 919285809Sscottl /* Fill in host */ 920285809Sscottl p_dek_map->dekMap[0].host = (bit32) pCard->pHost->host_no; 921285809Sscottl 922285809Sscottl printf("%s: Host %u: Mapping %u:%u:%u (%llx to %llx) to dek at index 0x%x, table %x, keytag %08x:%08x\n", __FUNCTION__, p_dek_map->dekMap[0].host, p_dek_map->dekMap[0].channel, p_dek_map->dekMap[0].device, p_dek_map->dekMap[0].lun, p_dek_map->dekMap[0].dekMapEntry[0].startLBA, p_dek_map->dekMap[0].dekMapEntry[0].endLBA, p_dek_map->dekMap[0].dekMapEntry[0].dek.dekIndex, p_dek_map->dekMap[0].dekMapEntry[0].dek.dekTable, p_dek_map->dekMap[0].keytag[1], p_dek_map->dekMap[0].keytag[0]); 923285809Sscottl 924285809Sscottl /* Create a mapping in local tables */ 925285809Sscottl if (agtiapi_MapDek(pCard, &p_dek_map->dekMap[0]) < 0) { 926285809Sscottl pIoctlPayload->hdr.Status = IOCTL_ERR_STATUS_INVALID_CODE; 927285809Sscottl return IOCTL_CALL_FAIL; 928285809Sscottl } 929285809Sscottl 930285809Sscottl rc = tiSuccess; 931285809Sscottl skip_wait = 1; 932285809Sscottl ioctl_data->encryptFunction = encryptSetDekMap; 933285809Sscottl ioctl_data->status = tiSuccess; 934285809Sscottl ioctl_data->subEvent = 0; 935285809Sscottl } 936285809Sscottl break; 937285809Sscottl case IOCTL_MN_ENCRYPTION_ERROR_QUERY: 938285809Sscottl { 939285809Sscottl unsigned long flags, i, query_flag; 940285809Sscottl ag_encrypt_ioerr_t *ioerr, *tmp; 941285809Sscottl IoctlEncryptErrorQuery_t *perr = (IoctlEncryptErrorQuery_t *) &ioctl_data->request; 942285809Sscottl 943285809Sscottl printf("%s: query flag %x\n", __FUNCTION__, perr->query_flag); 944285809Sscottl query_flag = perr->query_flag; 945285809Sscottl 946285809Sscottl /* initialize */ 947285809Sscottl memset(perr, 0, sizeof(IoctlEncryptErrorQuery_t)); 948285809Sscottl 949285809Sscottlerror_query_restart: 950285809Sscottl /* Take spinlock */ 951285809Sscottl // spin_lock_irqsave(&pCard->ioerr_queue_lock, flags); 952285809Sscottl AG_SPIN_LOCK_IRQ(&pCard->ioerr_queue_lock, flags); 953285809Sscottl 954285809Sscottl /* Walk list */ 955285809Sscottl i = 0; 956285809Sscottl list_for_each_entry_safe(ioerr, tmp, &pCard->ioerr_queue, list) { 957285809Sscottl if (i >= 32) 958285809Sscottl break; 959285809Sscottl 960285809Sscottl perr->valid_mask |= (1 << i); 961285809Sscottl memcpy(&perr->error[i], &ioerr->ioerr, sizeof(IoctlEncryptIOError_t)); 962285809Sscottl list_del_init(&ioerr->list); 963285809Sscottl mempool_free(ioerr, pCard->ioerr_mempool); 964285809Sscottl i++; 965285809Sscottl atomic_dec(&ioerr_queue_count); 966285809Sscottl } 967285809Sscottl 968285809Sscottl /* Release spinlock */ 969285809Sscottl // spin_unlock_irqrestore(&pCard->ioerr_queue_lock, flags); 970285809Sscottl AG_SPIN_UNLOCK_IRQ(&pCard->ioerr_queue_lock, flags); //for test 971285809Sscottl 972285809Sscottl if (!perr->valid_mask) { 973285809Sscottl /* No encryption IO error events, check flags to see if blocking wait OK */ 974285809Sscottl if (query_flag == ERROR_QUERY_FLAG_BLOCK) { 975285809Sscottl if (wait_event_interruptible(ioerr_waitq, (atomic_read(&ioerr_queue_count)))) { 976285809Sscottl /* Awoken by signal */ 977285809Sscottl return IOCTL_CALL_FAIL; 978285809Sscottl } else { 979285809Sscottl /* Awoken by IO error */ 980285809Sscottl goto error_query_restart; 981285809Sscottl } 982285809Sscottl } 983285809Sscottl } 984285809Sscottl rc = tiSuccess; 985285809Sscottl skip_wait = 1; 986285809Sscottl ioctl_data->encryptFunction = encryptErrorQuery; 987285809Sscottl ioctl_data->status = tiSuccess; 988285809Sscottl ioctl_data->subEvent = 0; 989285809Sscottl } 990285809Sscottl break; 991285809Sscottl default: 992285809Sscottl printf("%s: Unrecognized Minor Function %d\n", __FUNCTION__, pIoctlPayload->hdr.MinorFunction); 993285809Sscottl pIoctlPayload->hdr.Status = IOCTL_ERR_STATUS_INVALID_CODE; 994285809Sscottl return IOCTL_CALL_FAIL; 995285809Sscottl break; 996285809Sscottl } 997285809Sscottl 998285809Sscottl /* Demux rc */ 999285809Sscottl switch(rc) { 1000285809Sscottl case tiSuccess: 1001285809Sscottl if(!skip_wait) 1002285809Sscottl wait_for_completion(&pCard->ioctl_completion); 1003285809Sscottl /* Maybe: wait_for_completion_timeout() */ 1004285809Sscottl pIoctlPayload->hdr.Status = ioctl_data->status; 1005285809Sscottl break; 1006285809Sscottl case tiNotSupported: 1007285809Sscottl pIoctlPayload->hdr.Status = IOCTL_ERR_STATUS_NOT_SUPPORTED; 1008285809Sscottl break; 1009285809Sscottl default: 1010285809Sscottl printf("%s: Status: %d\n", __FUNCTION__, rc); 1011285809Sscottl pIoctlPayload->hdr.Status = IOCTL_ERR_STATUS_INVALID_CODE; 1012285809Sscottl break; 1013285809Sscottl } 1014285809Sscottl 1015285809Sscottl printf("%s: Encryption ioctl %d successful.\n", __FUNCTION__, pIoctlPayload->hdr.MinorFunction); 1016285809Sscottl return IOCTL_CALL_SUCCESS; 1017285809Sscottl} 1018285809Sscottl#endif 1019285809Sscottl/****************************************************************************** 1020285809Sscottlagtiapi_SetupEncryptedIO(): 1021285809Sscottl 1022285809SscottlPurpose: 1023285809SscottlParameters: 1024285809SscottlReturn: 1025285809SscottlNote: 1026285809Sscottl******************************************************************************/ 1027285809Sscottlint 1028285809Sscottlagtiapi_SetupEncryptedIO(struct agtiapi_softc *pCard, ccb_t *pccb, unsigned long long block) 1029285809Sscottl{ 1030285809Sscottl 1031285809Sscottl pCard->cipher_mode = TI_ENCRYPT_ATTRIB_CIPHER_XTS; 1032285809Sscottl /* Check that cipher mode is set properly */ 1033285809Sscottl if (pCard->cipher_mode == CIPHER_MODE_INVALID) { 1034285809Sscottl printf("%s: Cipher mode not yet set.\n", __FUNCTION__); 1035285809Sscottl return -E_BAD_CIPHER_MODE; 1036285809Sscottl } 1037285809Sscottl 1038285809Sscottl memset(&(pccb->tiSuperScsiRequest.Encrypt), 0, sizeof(pccb->tiSuperScsiRequest.Encrypt)); 1039285809Sscottl pccb->tiSuperScsiRequest.Encrypt.keyTagCheck = FALSE; 1040285809Sscottl pccb->tiSuperScsiRequest.Encrypt.encryptMode = pCard->cipher_mode; 1041285809Sscottl pccb->tiSuperScsiRequest.Encrypt.tweakVal_W0 = block; 1042285809Sscottl if(pccb->tiSuperScsiRequest.scsiCmnd.cdb[0] == READ_16 || 1043285809Sscottl pccb->tiSuperScsiRequest.scsiCmnd.cdb[0] == WRITE_16) 1044285809Sscottl { 1045285809Sscottl pccb->tiSuperScsiRequest.Encrypt.tweakVal_W0 = ((pccb->tiSuperScsiRequest.scsiCmnd.cdb[6] << 24 ) | 1046285809Sscottl (pccb->tiSuperScsiRequest.scsiCmnd.cdb[7] << 16 ) | 1047285809Sscottl (pccb->tiSuperScsiRequest.scsiCmnd.cdb[8] << 8 ) | 1048285809Sscottl (pccb->tiSuperScsiRequest.scsiCmnd.cdb[9])); 1049285809Sscottl pccb->tiSuperScsiRequest.Encrypt.tweakVal_W1 = ((pccb->tiSuperScsiRequest.scsiCmnd.cdb[2] << 24 ) | 1050285809Sscottl (pccb->tiSuperScsiRequest.scsiCmnd.cdb[3] << 16 ) | 1051285809Sscottl (pccb->tiSuperScsiRequest.scsiCmnd.cdb[4] << 8 ) | 1052285809Sscottl (pccb->tiSuperScsiRequest.scsiCmnd.cdb[5])); 1053285809Sscottl } 1054285809Sscottl /* Mark IO as valid encrypted IO */ 1055285809Sscottl pccb->flags |= ENCRYPTED_IO; 1056285809Sscottl pccb->tiSuperScsiRequest.flags = TI_SCSI_INITIATOR_ENCRYPT; 1057285809Sscottl 1058285809Sscottl /* Bump refcount (atomic) */ 1059285809Sscottl atomic_inc(&outstanding_encrypted_io_count); 1060285809Sscottl return 0; 1061285809Sscottl} 1062285809Sscottl 1063285809Sscottl/****************************************************************************** 1064285809Sscottlagtiapi_CleanupEncryptedIO(): 1065285809Sscottl 1066285809SscottlPurpose: 1067285809SscottlParameters: 1068285809SscottlReturn: 1069285809SscottlNote: 1070285809Sscottl******************************************************************************/ 1071285809Sscottlvoid 1072285809Sscottlagtiapi_CleanupEncryptedIO(struct agtiapi_softc *pCard, ccb_t *pccb) 1073285809Sscottl{ 1074285809Sscottl if ((pccb->flags & ENCRYPTED_IO)) { 1075285809Sscottl /* Decrement refcount */ 1076285809Sscottl atomic_dec(&outstanding_encrypted_io_count); 1077285809Sscottl } 1078285809Sscottl pccb->tiSuperScsiRequest.flags &= ~TI_SCSI_INITIATOR_ENCRYPT; 1079285809Sscottl pccb->flags &= ~ENCRYPTED_IO; 1080285809Sscottl} 1081285809Sscottl#ifdef ENCRYPT_ENHANCE 1082285809Sscottl/****************************************************************************** 1083285809Sscottlagtiapi_HandleEncryptedIOFailure(): 1084285809Sscottl 1085285809SscottlPurpose: 1086285809SscottlParameters: 1087285809SscottlReturn: 1088285809SscottlNote: 1089285809Sscottl******************************************************************************/ 1090285809Sscottlvoid 1091285809Sscottlagtiapi_HandleEncryptedIOFailure(ag_device_t *pDev, ccb_t *pccb) 1092285809Sscottl{ 1093285809Sscottl unsigned long flags, qdepth; 1094285809Sscottl struct scsi_cmnd *cmd; 1095285809Sscottl ag_encrypt_ioerr_t *perr; 1096285809Sscottl ag_card_t *pCard; 1097285809Sscottl 1098285809Sscottl cmd = pccb->cmd; 1099285809Sscottl if (!cmd) { 1100285809Sscottl printf("%s: Malformed pccb %p.\n", __FUNCTION__, pccb); 1101285809Sscottl return; 1102285809Sscottl } 1103285809Sscottl 1104285809Sscottl pCard = pDev->pCard; 1105285809Sscottl 1106285809Sscottl /* Sanity check */ 1107285809Sscottl if (!(pccb->flags & ENCRYPTED_IO)) { 1108285809Sscottl printf("%s: Skipping IO %lx: Not Encrypted.\n", __FUNCTION__, cmd->serial_number); 1109285809Sscottl return; 1110285809Sscottl } 1111285809Sscottl 1112285809Sscottl /* Check queue depth against max */ 1113285809Sscottl qdepth = atomic_read(&ioerr_queue_count); 1114285809Sscottl if (qdepth >= IOERR_QUEUE_DEPTH_MAX) { 1115285809Sscottl printf("%s: Not queueing IO error due to queue full: %lu entries.\n", __FUNCTION__, qdepth); 1116285809Sscottl return; 1117285809Sscottl } 1118285809Sscottl 1119285809Sscottl /* Get a container for the ag_encrypt_ioerr_t item from the mempool */ 1120285809Sscottl// perr = mempool_alloc(pCard->ioerr_mempool, GFP_ATOMIC); 1121285809Sscottl p = (ag_encrypt_map_t *)uma_zalloc(pCard->map_cache, M_WAITOK); //Encryption 1122285809Sscottl if (!perr) { 1123285809Sscottl printf("%s: Mempool allocation failure.\n", __FUNCTION__); 1124285809Sscottl return; 1125285809Sscottl } 1126285809Sscottl 1127285809Sscottl /* Populate ag_encrypt_ioerr_t container */ 1128285809Sscottl perr->ioerr.error_id = cmd->serial_number; 1129285809Sscottl perr->ioerr.timestamp = cmd->jiffies_at_alloc; 1130285809Sscottl perr->ioerr.host = (unsigned int) cmd->device->host->host_no; 1131285809Sscottl perr->ioerr.channel = cmd->device->channel; 1132285809Sscottl perr->ioerr.device = cmd->device->id; 1133285809Sscottl perr->ioerr.lun = cmd->device->lun; 1134285809Sscottl perr->ioerr.scsi_cmd = (unsigned int) cmd->cmnd[0]; 1135285809Sscottl perr->ioerr.dek_index = pccb->tiSuperScsiRequest.Encrypt.dekInfo.dekIndex; 1136285809Sscottl perr->ioerr.dek_table = pccb->tiSuperScsiRequest.Encrypt.dekInfo.dekTable; 1137285809Sscottl perr->ioerr.kek_index = pccb->tiSuperScsiRequest.Encrypt.kekIndex; 1138285809Sscottl perr->ioerr.keytag_check = pccb->tiSuperScsiRequest.Encrypt.keyTagCheck; 1139285809Sscottl perr->ioerr.encrypt_mode = pccb->tiSuperScsiRequest.Encrypt.encryptMode; 1140285809Sscottl perr->ioerr.keytag[0] = pccb->tiSuperScsiRequest.Encrypt.keyTag_W0; 1141285809Sscottl perr->ioerr.keytag[1] = pccb->tiSuperScsiRequest.Encrypt.keyTag_W1; 1142285809Sscottl 1143285809Sscottl switch(pccb->scsiStatus) { 1144285809Sscottl case tiDetailDekKeyCacheMiss: 1145285809Sscottl case tiDetailDekIVMismatch: 1146285809Sscottl perr->ioerr.error_type = pccb->scsiStatus; 1147285809Sscottl break; 1148285809Sscottl default: 1149285809Sscottl printf("%s: Unrecognized encrypted IO completion error status: %d\n", __FUNCTION__, pccb->scsiStatus); 1150285809Sscottl perr->ioerr.error_type = 0xffffffff; 1151285809Sscottl break; 1152285809Sscottl } 1153285809Sscottl 1154285809Sscottl /* Link IO err into queue */ 1155285809Sscottl AG_SPIN_LOCK_IRQ(&pCard->ioerr_queue_lock, flags); 1156285809Sscottl list_add_tail(&perr->list, &pCard->ioerr_queue); 1157285809Sscottl AG_SPIN_UNLOCK_IRQ(&pCard->ioerr_queue_lock, flags); 1158285809Sscottl 1159285809Sscottl /* Notify any wait queue waiters that an IO error has occurred */ 1160285809Sscottl atomic_inc(&ioerr_queue_count); 1161285809Sscottl wake_up_interruptible(&ioerr_waitq); 1162285809Sscottl 1163285809Sscottl} 1164285809Sscottl#endif 1165285809Sscottl#endif 1166