freebsd-skq/sys/dev/pms/freebsd/driver/common/lxencrypt.c
rlibby e45b99967e pms/freebsd: fix compiler warnings
- A number of unused variable warnings,
 - a missing prototype warning (actually a dead function),
 - and a potential use of an uninitialized variable.

Reviewed by:	pfg
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12683
2017-10-21 07:23:45 +00:00

1166 lines
41 KiB
C

/*******************************************************************************
*Copyright (c) 2014 PMC-Sierra, Inc. All rights reserved.
*
*Redistribution and use in source and binary forms, with or without modification, are permitted provided
*that the following conditions are met:
*1. Redistributions of source code must retain the above copyright notice, this list of conditions and the
*following disclaimer.
*2. Redistributions in binary form must reproduce the above copyright notice,
*this list of conditions and the following disclaimer in the documentation and/or other materials provided
*with the distribution.
*
*THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED
*WARRANTIES,INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
*FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
*FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
*NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
*BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
*LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
*SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE
*
* $FreeBSD$
*
*******************************************************************************/
/*******************************************************************************
**
** Version Control Information:
**
** $Revision: 113920 $
** $Author: mcleanda $
** $Date: 2012-05-08 11:30:44 -0700 (Tue, 08 May 2012) $
** $Id: lxencrypt.c 113920 2012-05-08 18:30:44Z mcleanda $
**
*******************************************************************************/
#include <dev/pms/RefTisa/tisa/sassata/common/tdioctl.h>
#include <dev/pms/RefTisa/tisa/api/titypes.h>
#include <dev/pms/freebsd/driver/common/lxencrypt.h>
#include <sys/param.h>
#include <sys/queue.h>
#include <vm/uma.h>
#ifdef ENCRYPT_ENHANCE
static atomic_t ioerr_queue_count;
/******************************************************************************
careful_write():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
static int
careful_write(char *buf, int offset, int max, const char *fmt, ...)
{
static char s[PAGE_SIZE]; /* Assumes serialization */
va_list args;
int i;
if(offset > max)
return 0;
s[PAGE_SIZE - 1] = '\0';
va_start(args, fmt);
i = vsnprintf(s, PAGE_SIZE - 1, fmt, args);
if((offset + i) > max)
return 0;
memcpy(buf + offset, s, i);
va_end(args);
return i;
}
/******************************************************************************
set_dek_table_entry():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
static inline int
set_dek_table_entry(struct device *dev, const char *buf, size_t len, dek_table_e table)
{
int index;
struct Scsi_Host *shost = class_to_shost(dev);
struct agtiapi_softc *pCard = (struct agtiapi_softc *) shost->hostdata;
/* Check permissions */
if(!capable(CAP_SYS_ADMIN))
return -EACCES;
if(!pCard->encrypt)
return -EINVAL;
if(table != DEK_TABLE_0 && table != DEK_TABLE_1)
return -EINVAL;
sscanf(buf, "%d", &index);
if(index >= 0 && index < DEK_MAX_TABLE_ITEMS) {
pCard->dek_index[table] = index;
return strlen(buf);
}
return -EINVAL;
}
/******************************************************************************
set_dek_table_entry0():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
ssize_t
set_dek_table_entry0(struct device *dev, struct device_attribute *attr, const char *buf, size_t len)
{
return set_dek_table_entry(dev, buf, len, DEK_TABLE_0);
}
/******************************************************************************
set_dek_table_entry1():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
ssize_t
set_dek_table_entry1(struct device *dev, struct device_attribute *attr, const char *buf, size_t len)
{
return set_dek_table_entry(dev, buf, len, DEK_TABLE_1);
}
/******************************************************************************
show_dek_table_entry():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
static inline int
show_dek_table_entry(struct device *dev, char *buf, unsigned int table)
{
int i = 0, j;
unsigned char *p;
struct Scsi_Host *sh = class_to_shost(dev);
ag_card_t *pCard = (ag_card_t *) sh->hostdata;
ag_card_info_t *pCardInfo = pCard->pCardInfo;
ag_resource_info_t *pRscInfo = &pCardInfo->tiRscInfo;
tiEncryptDekBlob_t *pDekTable = NULL;
if(!pCard->encrypt)
return -EINVAL;
if(table == DEK_TABLE_0)
pDekTable = pRscInfo->tiLoLevelResource.loLevelMem.mem[DEK_MEM_INDEX_1].virtPtr;
else if(table == DEK_TABLE_1)
pDekTable = pRscInfo->tiLoLevelResource.loLevelMem.mem[DEK_MEM_INDEX_2].virtPtr;
if(pDekTable == NULL)
return -EINVAL;
if(pCard->dek_index[table] >= 0 || pCard->dek_index[table] < DEK_MAX_TABLE_ITEMS) {
i += careful_write(buf, i, PAGE_SIZE, "%4d: ", pCard->dek_index[table]);
p = (unsigned char *) &pDekTable[pCard->dek_index[table]];
for(j = 0; j < sizeof(tiEncryptDekBlob_t); j++) {
i += careful_write(buf, i, PAGE_SIZE, "%02x", p[j]);
}
i += careful_write(buf, i, PAGE_SIZE, "\n");
} else {
i += careful_write(buf, i, PAGE_SIZE, "Bad DEK index %d; range: 0 - %d\n", pCard->dek_index[table], DEK_MAX_TABLE_ITEMS);
}
/* BUG if we return more than a single page of data */
//BUG_ON(i > PAGE_SIZE);
if (i > PAGE_SIZE)
i = PAGE_SIZE;
return i;
}
/******************************************************************************
show_dek_table_entry0():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
ssize_t
show_dek_table_entry0(struct device *dev, struct device_attribute *attr, char *buf)
{
return show_dek_table_entry(dev, buf, DEK_TABLE_0);
}
/******************************************************************************
show_dek_table_entry1():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
ssize_t
show_dek_table_entry1(struct device *dev, struct device_attribute *attr, char *buf)
{
return show_dek_table_entry(dev, buf, DEK_TABLE_1);
}
/******************************************************************************
show_kek_table():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
ssize_t
show_kek_table(struct device *dev, struct device_attribute *attr, char *buf)
{
int i = 0, j, kek_index;
unsigned char *p;
struct Scsi_Host *sh = class_to_shost(dev);
ag_card_t *pCard = (ag_card_t *) sh->hostdata;
if(!pCard->encrypt)
return -EINVAL;
for(kek_index = 0; kek_index < KEK_TABLE_MAX_ENTRY; kek_index++) {
i += careful_write(buf, i, PAGE_SIZE, " %4d: %08x ", kek_index, pCard->kek_table[kek_index].wrapperIndex);
p = (unsigned char *) &pCard->kek_table[kek_index].kekBlob;
for(j = 0; j < sizeof(tiEncryptKekBlob_t); j++) {
i += careful_write(buf, i, PAGE_SIZE, "%02x", p[j]);
}
i += careful_write(buf, i, PAGE_SIZE, "\n");
}
i += careful_write(buf, i, PAGE_SIZE, "\n");
/* BUG if we return more than a single page of data */
//BUG_ON(i > PAGE_SIZE);
if (i > PAGE_SIZE)
i = PAGE_SIZE;
return i;
}
/******************************************************************************
show_dek_kek_map():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
static inline int
show_dek_kek_map(struct device *dev, char *buf, unsigned int table)
{
int i = 0, dek_index;
struct Scsi_Host *sh = class_to_shost(dev);
ag_card_t *pCard = (ag_card_t *) sh->hostdata;
if(!pCard->encrypt)
return -EINVAL;
if(table != DEK_TABLE_0 && table != DEK_TABLE_1)
return -EINVAL;
i += careful_write(buf, i, PAGE_SIZE, "Table %d\n", table);
i += careful_write(buf, i, PAGE_SIZE, "=======\n");
for(dek_index = 0; dek_index < DEK_MAX_TABLE_ITEMS; dek_index++) {
i += careful_write(buf, i, PAGE_SIZE, " %4d: %08x\n", dek_index, pCard->dek_kek_map[table][dek_index].kekIndex);
}
i += sprintf(buf + i, "\n");
/* BUG if we return more than a single page of data */
//BUG_ON(i > PAGE_SIZE);
if (i > PAGE_SIZE)
i = PAGE_SIZE;
return i;
}
/******************************************************************************
show_dek_kek_map0():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
ssize_t
show_dek_kek_map0(struct device *dev, struct device_attribute *attr, char *buf)
{
return show_dek_kek_map(dev, buf, 0);
}
/******************************************************************************
show_dek_kek_map1():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
ssize_t
show_dek_kek_map1(struct device *dev, struct device_attribute *attr, char *buf)
{
return show_dek_kek_map(dev, buf, 1);
}
/******************************************************************************
show_target_dek_map():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
ssize_t
show_target_dek_map(struct device *dev, struct device_attribute *attr, char *buf)
{
int i = 0;
unsigned int chan, device, lun = 0;
ag_encrypt_map_t *p;
struct list_head *lh;
struct Scsi_Host *sh = class_to_shost(dev);
ag_card_t *pCard = (ag_card_t *) sh->hostdata;
if(!pCard->encrypt)
return -EINVAL;
for(chan = 0; chan <= AGTIAPI_MAX_CHANNEL_NUM; chan++) {
for(device = 0; device < pCard->devDiscover; device++) {
#ifdef REPORT_ALL_LUNS
for(lun = 0; lun < AGTIAPI_MAX_LUN; lun++) {
#endif
lh = MAP_TABLE_ENTRY(pCard, chan, device, lun);
if(lh) {
list_for_each_entry(p, lh, list) {
if(p->dekIndex != DEK_INDEX_INVALID)
i += careful_write(buf, i, PAGE_SIZE, " %u:%u:%u: %x %8x %8x %16lx %16lx %08x:%08x %1x\n", chan, device, lun, p->dekTable, p->dekIndex, p->kekIndex, p->lbaMin, p->lbaMax, p->keyTag[1], p->keyTag[0], p->keyTagCheck);
}
}
#ifdef REPORT_ALL_LUNS
}
#endif
}
}
if (i > PAGE_SIZE)
i = PAGE_SIZE;
return i;
}
/******************************************************************************
agtiapi_AddDek():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
static int
agtiapi_AddDek(ag_card_t *pCard, bit32 dek_table, bit32 dek_index, bit32 blob_format, bit32 entry_sz, tiEncryptDekBlob_t *dek_blob, U32_64 *addr)
{
ag_resource_info_t *pRscInfo = &pCard->pCardInfo->tiRscInfo;
tiEncryptDekBlob_t *pDekTable;
char *p;
if (dek_index >= DEK_MAX_TABLE_ITEMS) {
printf("%s: Bad dek index 0x%x (MAX: 0x%x).\n", __FUNCTION__, dek_index, DEK_MAX_TABLE_ITEMS);
return -E_DEK_INDEX;
}
switch(dek_table) {
case DEK_TABLE_0:
pDekTable = pRscInfo->tiLoLevelResource.loLevelMem.mem[DEK_MEM_INDEX_1].virtPtr;
break;
case DEK_TABLE_1:
pDekTable = pRscInfo->tiLoLevelResource.loLevelMem.mem[DEK_MEM_INDEX_2].virtPtr;
break;
default:
printf("%s: Unknown dek table %d\n", __FUNCTION__, dek_table);
return -E_DEK_TABLE;
}
#ifdef __VMKLNX__
*addr = (U32_64) __pa(&pDekTable[0]);
#else
*addr = (U32_64) virt_to_phys(&pDekTable[0]);
#endif
p = (char *) &pDekTable[0] + (dek_index * pCard->dek_size);
printf("%s: Base: %p, Index: %08x, Virt: %p Size: %d\n", __FUNCTION__, pDekTable, dek_index, &pDekTable[dek_index], pCard->dek_size);
memcpy(p, dek_blob, pCard->dek_size);
wmb();
/* Flush entry */
ostiCacheFlush(&pCard->tiRoot, NULL, p, pCard->dek_size);
return 0;
}
/******************************************************************************
agtiapi_MapDekKek():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
static int
agtiapi_MapDekKek(ag_card_t *pCard, bit32 dek_table, bit32 dek_index, bit32 kek_index)
{
if (dek_index >= DEK_MAX_TABLE_ITEMS) {
printf("%s: Bad dek index 0x%x (MAX: 0x%x).\n", __FUNCTION__, dek_index, DEK_MAX_TABLE_ITEMS);
return -E_DEK_INDEX;
}
if (dek_table >= DEK_MAX_TABLES) {
printf("%s: Bad dek table.\n", __FUNCTION__);
return -E_DEK_TABLE;
}
if (kek_index >= KEK_TABLE_MAX_ENTRY) {
printf("%s: Bad kek index.\n", __FUNCTION__);
return -E_KEK_INDEX;
}
pCard->dek_kek_map[dek_table][dek_index].kekIndex = kek_index;
return 0;
}
/******************************************************************************
agtiapi_AddKek():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
static int
agtiapi_AddKek(ag_card_t *pCard, bit32 kek_index, bit32 wrapper_kek_index, tiEncryptKekBlob_t *kek_blob)
{
if (kek_index >= KEK_TABLE_MAX_ENTRY) {
printf("%s: Bad kek index.\n", __FUNCTION__);
return -E_KEK_INDEX;
}
if (wrapper_kek_index >= KEK_TABLE_MAX_ENTRY) {
printf("%s: Bad kek wrapper index.\n", __FUNCTION__);
return -E_KEK_INDEX;
}
pCard->kek_table[kek_index].wrapperIndex = wrapper_kek_index;
memcpy(&pCard->kek_table[kek_index].kekBlob, kek_blob, sizeof(tiEncryptKekBlob_t));
return 0;
}
/******************************************************************************
agtiapi_MapDek():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
static int
agtiapi_MapDek(ag_card_t *pCard, EncryptDeviceDekMap_t *dek_map)
{
int found = 0;
bit32 chan, device, lun;
bit32 dek_table, dek_index, kek_index;
unsigned long long lba_min, lba_max;
ag_encrypt_map_t *p, *n;
struct list_head *lh;
chan = dek_map->channel;
device = dek_map->device;
lun = dek_map->lun;
lba_min = dek_map->dekMapEntry[0].startLBA;
lba_max = dek_map->dekMapEntry[0].endLBA;
dek_table = dek_map->dekMapEntry[0].dek.dekTable;
dek_index = dek_map->dekMapEntry[0].dek.dekIndex;
/* Sanity check channel, device, lun */
if (chan > AGTIAPI_MAX_CHANNEL_NUM) {
printf("%s: Bad channel %d.\n", __FUNCTION__, chan);
return -E_CHANNEL_INDEX;
}
if (device >= pCard->devDiscover) {
printf("%s: Bad device %d.\n", __FUNCTION__, device);
return -E_DEVICE_INDEX;
}
if (lun >= AGTIAPI_MAX_LUN) {
printf("%s: Bad lun %d.\n", __FUNCTION__, lun);
return -E_LUN_INDEX;
}
/* Sanity check dek index */
if (dek_index >= DEK_MAX_TABLE_ITEMS) {
printf("%s: Bad dek index 0x%x (MAX: 0x%x).\n", __FUNCTION__, dek_index, DEK_MAX_TABLE_ITEMS);
return -E_DEK_INDEX;
}
/* Sanity check dek table */
if (dek_table >= DEK_MAX_TABLES) {
printf("%s: Bad dek table %d.\n", __FUNCTION__, dek_table);
return -E_DEK_TABLE;
}
/* Check that lba min and lba max are sane */
if (lba_min >= lba_max) {
printf("%s: Bad lba min and lba max: %llx %llx.\n", __FUNCTION__, lba_min, lba_max);
return -E_LBA_RANGE;
}
/* dek_table and dek_index are valid, look up kek */
kek_index = pCard->dek_kek_map[dek_table][dek_index].kekIndex;
lh = MAP_TABLE_ENTRY(pCard, chan, device, lun);
if (dek_map->dekMapEntry[0].flags & ENCRYPT_DEK_MAP_ENTRY_CLEAR) {
/* Delete the entry */
found = 0;
list_for_each_entry_safe(p, n, lh, list) {
if (p->lbaMin == lba_min &&
p->lbaMax == lba_max &&
p->dekTable == dek_table &&
p->dekIndex == dek_index &&
p->kekIndex == kek_index) {
/* Entry found, unlink and reclaim it */
found = 1;
list_del(&p->list);
mempool_free(p, pCard->map_mempool);
}
}
if (!found) {
printf("%s: Entry %x %x %x %llx %llx not found.\n", __FUNCTION__, dek_table, dek_index, kek_index, lba_min, lba_max);
return -E_NOT_FOUND;
}
} else if (dek_map->dekMapEntry[0].flags & ENCRYPT_DEK_MAP_ENTRY_VALID) {
/* Add the entry */
p = (ag_encrypt_map_t *)uma_zalloc(pCard->map_cache, M_WAITOK); //Encryption
if (!p) {
printf("%s: Unable to allocate from memory pool.\n", __FUNCTION__);
return -E_MEMPOOL_ALLOC;
}
/* Populate it */
p->lbaMin = lba_min;
p->lbaMax = lba_max;
p->dekTable = dek_table;
p->dekIndex = dek_index;
p->kekIndex = kek_index;
p->keyTagCheck = dek_map->keytag_check;
memcpy(&p->keyTag, &dek_map->keytag, sizeof(p->keyTag));
/* Test to see if this new mapping overlaps an existing mapping */
list_for_each_entry(n, lh, list) {
/*
* Check if the start lba falls in existing range ||
* Check if the end lba falls in existing range ||
* Check if the start lba of the existing range falls in the new range
*/
if (((p->lbaMin >= n->lbaMin) && (p->lbaMin <= n->lbaMax)) ||
((p->lbaMax >= n->lbaMin) && (p->lbaMax <= n->lbaMax)) ||
((n->lbaMin >= p->lbaMin) && (n->lbaMin <= p->lbaMax))) {
printf("%s: WARNING: New entry lba range overlap: %llx - %llx vs %llx - %llx.\n", __FUNCTION__, p->lbaMin, p->lbaMax, n->lbaMin, n->lbaMax);
}
}
/* Link it in to list at the head so it takes precedence */
list_add(&p->list, lh);
/* TODO: Decide if/how to refcount each dek/kek index used by the mapping */
} else {
printf("%s: Bad flags %08x\n", __FUNCTION__, dek_map->dekMapEntry[0].flags);
return -E_FLAGS;
}
return 0;
}
#endif
#ifdef HIALEAH_ENCRYPTION
/******************************************************************************
agtiapi_SetupEncryption():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
int
agtiapi_SetupEncryption(struct agtiapi_softc *pCard)
{
tiRoot_t *tiRoot = (tiRoot_t *) &pCard->tiRoot;
bit32 status = tiSuccess;
printf("agtiapi_SetupEncryption: HIALEAH_ENCRYPTION\n");
if (pCard->encrypt == agTRUE)
{
status = tiCOMEncryptGetInfo(tiRoot);
printf("agtiapi_SetupEncryption: HIALEAH_ENCRYPTION tiCOMEncryptGetInfo Status 0x%x\n",status);
if(status == 1 )
{
status = tiCOMEncryptHilSet(tiRoot );
if (status) {
pCard->encrypt = agFALSE;
printf("agtiapi_SetupEncryption: HIALEAH_ENCRYPTION not set\n");
}
}
}
return 0;
}
#ifdef ENCRYPT_ENHANCE
/******************************************************************************
agtiapi_SetupEncryptionPools():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
int
agtiapi_SetupEncryptionPools(struct agtiapi_softc *pCard)
{
/* Configure encryption memory pool */
memset(pCard->map_cache_name, 0, sizeof(pCard->map_cache_name));
snprintf(pCard->map_cache_name, sizeof(pCard->map_cache_name) - 1, "map_cache_%d", pCard->cardNo);
//zone allocation
pCard->map_cache = uma_zcreate(pCard->map_cache_name, sizeof(ag_encrypt_map_t),NULL, NULL, NULL, NULL, 0, 0);
if(!pCard->map_cache) {
/*
* This error may be due to an existing cache in the kernel
* from an earlier kmem_cache that wasn't properly freed
*/
printf("Unable to create uma_zcreate cache for encryption map mempool.\n");
return -EFAULT;
}
uma_zone_set_max(pCard->map_cache, ENCRYPTION_MAP_MEMPOOL_SIZE);
/* Configure encryption IO error pool */
INIT_LIST_HEAD(&pCard->ioerr_queue);
/*#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,34)) // ####
pCard->ioerr_queue_lock = SPIN_LOCK_UNLOCKED;
#else */
pCard->ioerr_queue_lock = AG_SPIN_UNLOCK(pCard->ioerr_queue_lock);
//#endif
memset(pCard->ioerr_cache_name, 0, sizeof(pCard->ioerr_cache_name));
snprintf(pCard->ioerr_cache_name, sizeof(pCard->ioerr_cache_name) - 1, "ioerr_cache_%d", pCard->cardNo);
pCard->ioerr_cache = uma_zcreate(pCard->ioerr_cache_name, sizeof(ag_encrypt_ioerr_t), NULL, NULL, NULL, NULL, 0, 0);
if(!pCard->ioerr_cache) {
/*
* This error may be due to an existing cache in the kernel
* from an earlier kmem_cache that wasn't properly freed
*/
printf("Unable to create kmem cache for encryption IO error mempool.\n");
return -EFAULT;
}
uma_zone_set_max(pCard->ioerr_cache, ENCRYPTION_IO_ERR_MEMPOOL_SIZE);
/* Set cipher mode to something invalid */
pCard->cipher_mode = CIPHER_MODE_INVALID;
return 0;
}
#endif
/******************************************************************************
agtiapi_CleanupEncryption():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
void
agtiapi_CleanupEncryption(struct agtiapi_softc *pCard)
{
#ifdef ENCRYPT_ENHANCE
if(pCard->encrypt_map) {
int chan, device, lun;
struct list_head *lh;
ag_encrypt_map_t *p, *n;
for (chan = 0; chan < (AGTIAPI_MAX_CHANNEL_NUM + 1); chan++) {
for (device = 0; device < pCard->devDiscover; device++) {
for (lun = 0; lun < AGTIAPI_MAX_LUN; lun++) {
lh = MAP_TABLE_ENTRY(pCard, chan, device, lun);
list_for_each_entry_safe(p, n, lh, list) {
// mempool_free(p, pCard->map_mempool);
}
}
}
}
vfree(pCard->encrypt_map);
pCard->encrypt_map = NULL;
}
#endif
}
#ifdef ENCRYPT_ENHANCE
/******************************************************************************
agtiapi_CleanupEncryptionPools():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
void
agtiapi_CleanupEncryptionPools(struct agtiapi_softc *pCard)
{
ag_encrypt_ioerr_t *ioerr, *tmp;
atomic_set(&ioerr_queue_count);
/*
* TODO: check "outstanding_encrypted_io_count" for non-zero
* and free all mempool items prior to destroying pool
*/
/* Clean up memory pools */
if (pCard->map_mempool) {
mempool_destroy(pCard->map_mempool);
printf("Encryption Map mempool released.\n");
pCard->map_mempool = NULL;
}
/* Clean up kmem cache */
if (pCard->map_cache) {
kmem_cache_destroy(pCard->map_cache);
printf("Kernel memory cache %s released.\n", pCard->map_cache_name);
pCard->map_cache = NULL;
}
/* Clean up memory pools */
list_for_each_entry_safe(ioerr, tmp, &pCard->ioerr_queue, list) {
list_del_init(&ioerr->list);
mempool_free(ioerr, pCard->ioerr_mempool);
atomic_dec(&ioerr_queue_count);
}
if (pCard->ioerr_mempool) {
mempool_destroy(pCard->ioerr_mempool);
printf("Encryption IO Error mempool released.\n");
pCard->ioerr_mempool = NULL;
}
/* Clean up kmem cache */
if (pCard->ioerr_cache) {
kmem_cache_destroy(pCard->ioerr_cache);
printf("Kernel memory cache %s released.\n", pCard->ioerr_cache_name);
pCard->ioerr_cache = NULL;
}
}
/******************************************************************************
agtiapi_EncryptionIoctl():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
int
agtiapi_EncryptionIoctl(struct agtiapi_softc *pCard, IoctlEncrypt_t *pIoctlPayload)
{
int rv, rc = 0, skip_wait = 0;
tiRoot_t *tiRoot = (tiRoot_t *) &pCard->tiRoot;
IoctlTISAEncrypt_t *ioctl_data = &pIoctlPayload->body;
pIoctlPayload->hdr.Status = IOCTL_ERR_STATUS_INVALID_CODE;
pCard->ioctl_data = (void *) ioctl_data;
init_completion(&pCard->ioctl_completion);
/* Check that the system is quiesced */
if (atomic_read(&outstanding_encrypted_io_count) != 0)
printf("%s: WARNING: Attempting encryption management update with outstanding encrypted IOs!\n", __FUNCTION__);
printf("%s: Minor %d\n", __FUNCTION__, pIoctlPayload->hdr.MinorFunction);
switch(pIoctlPayload->hdr.MinorFunction) {
case IOCTL_MN_ENCRYPTION_GET_INFO:
{
//IoctlEncryptGetInfo_t *get_info = (IoctlEncryptGetInfo_t *) &ioctl_data->request;
rc = tiCOMEncryptGetInfo(tiRoot);
}
break;
case IOCTL_MN_ENCRYPTION_SET_MODE:
{
u32 reg_val = 0, new_cipher_mode = 0;
IoctlEncryptSetMode_t *set_mode = (IoctlEncryptSetMode_t *) &ioctl_data->request;
printf("%s: input %08x\n", __FUNCTION__, set_mode->securityCipherMode);
/* Set security mode */
if(TI_ENCRYPT_SEC_MODE_FACT_INIT)
if(set_mode->securityCipherMode & TI_ENCRYPT_SEC_MODE_FACT_INIT) {
reg_val |= TI_ENCRYPT_SEC_MODE_FACT_INIT;
pCard->dek_size = DEK_SIZE_PLAIN;
}
if(set_mode->securityCipherMode & TI_ENCRYPT_SEC_MODE_A) {
reg_val |= TI_ENCRYPT_SEC_MODE_A;
pCard->dek_size = DEK_SIZE_ENCRYPT;
} else if(set_mode->securityCipherMode & TI_ENCRYPT_SEC_MODE_B) {
reg_val |= TI_ENCRYPT_SEC_MODE_B;
pCard->dek_size = DEK_SIZE_ENCRYPT;
}
/* Set cipher mode */
if(set_mode->securityCipherMode & TI_ENCRYPT_ATTRIB_CIPHER_XTS) {
reg_val |= TI_ENCRYPT_ATTRIB_CIPHER_XTS;
new_cipher_mode = TI_ENCRYPT_MODE_XTS_AES;
}
printf("%s: Setting security cipher mode to: 0x%08x\n", __FUNCTION__, reg_val);
pCard->cipher_mode = new_cipher_mode;
rc = tiCOMEncryptSetMode(tiRoot, reg_val);
}
break;
case IOCTL_MN_ENCRYPTION_KEK_ADD:
{
tiEncryptKekBlob_t kek_blob;
IoctlEncryptKekAdd_t *kek_add = (IoctlEncryptKekAdd_t *) &ioctl_data->request;
printf("%s: Add kek at index 0x%x wrapper 0x%x format 0x%x\n", __FUNCTION__, kek_add->kekIndex, kek_add->wrapperKekIndex, kek_add->blobFormat);
/* Copy kek_blob from user pointer to local buffer */
if(access_ok(VERIFY_READ, kek_add->EncryptKekBlob, sizeof(kek_blob))) {
printf("%s: Starting copy from user %p to kernel %p\n", __FUNCTION__, kek_add->EncryptKekBlob, &kek_blob);
if((rv = copy_from_user(&kek_blob, kek_add->EncryptKekBlob, sizeof(kek_blob))) != 0) {
printf("%s: Copy error, %d left\n", __FUNCTION__, rv);
return IOCTL_CALL_FAIL;
}
rc = tiCOMEncryptKekAdd(tiRoot, kek_add->kekIndex, kek_add->wrapperKekIndex, kek_add->blobFormat, &kek_blob);
/* Add kek to local kek table (in case of chip reset) */
if(rc == tiSuccess) {
if(agtiapi_AddKek(pCard, kek_add->kekIndex, kek_add->wrapperKekIndex, &kek_blob) < 0) {
return IOCTL_CALL_FAIL;
}
}
} else {
return IOCTL_CALL_FAIL;
}
}
break;
case IOCTL_MN_ENCRYPTION_DEK_ADD:
{
tiEncryptDekBlob_t dek_blob; /* Copied in */
IoctlEncryptDekAdd_t *dek_add = (IoctlEncryptDekAdd_t *) &ioctl_data->request;
bit32 kek_index = dek_add->kekIndex;
bit32 dek_index = dek_add->dekIndex;
bit32 dek_table = dek_add->dekTable;
bit32 blob_format = dek_add->dekBlobFormat;
bit32 entry_sz = dek_add->dekTableKeyEntrySize;
U32_64 addr = 0;
bit32 addr_table[2];
memset(addr_table, 0, sizeof(addr_table));
printf("%s: Add dek at index 0x%x, table %x, kek index %x, blob format %x, entry size %x\n", __FUNCTION__, dek_index, dek_table, kek_index, blob_format, entry_sz);
/* Copy dek_blob from user pointer to local buffer */
if(access_ok(VERIFY_READ, dek_add->dekBlob, sizeof(dek_blob))) {
printf("%s: Starting copy from user %p to kernel %p\n", __FUNCTION__, dek_add->dekBlob, &dek_blob);
if((rv = copy_from_user(&dek_blob, dek_add->dekBlob, sizeof(dek_blob))) != 0) {
printf("%s: Copy error, %d left\n", __FUNCTION__, rv);
return IOCTL_CALL_FAIL;
}
/* Add DEK to local table */
if (agtiapi_AddDek(pCard, dek_table, dek_index, blob_format, entry_sz, &dek_blob, &addr) < 0) {
return IOCTL_CALL_FAIL;
}
memcpy(addr_table, &addr, sizeof(addr));
/* Add DEK-KEK association in local table */
if (agtiapi_MapDekKek(pCard, dek_table, dek_index, kek_index) < 0) {
return IOCTL_CALL_FAIL;
}
/* Push DEK to chip */
rc = tiCOMEncryptDekAdd(tiRoot, kek_index, dek_table, addr_table[1], addr_table[0], dek_index, 1, blob_format, entry_sz);
} else {
return IOCTL_CALL_FAIL;
}
}
break;
case IOCTL_MN_ENCRYPTION_DEK_INVALID:
{
IoctlEncryptDekInvalidate_t *dek_to_invalidate = (IoctlEncryptDekInvalidate_t *) &ioctl_data->request;
printf("%s: Invalidating dek at index 0x%x, table %x\n", __FUNCTION__, dek_to_invalidate->dek.dekIndex, dek_to_invalidate->dek.dekTable);
rc = tiCOMEncryptDekInvalidate(tiRoot, dek_to_invalidate->dek.dekTable, dek_to_invalidate->dek.dekIndex);
/* TODO: What to do in local tables? Mark it? */
}
break;
case IOCTL_MN_ENCRYPTION_KEK_NVRAM:
{
rc = tiError;
}
break;
case IOCTL_MN_ENCRYPTION_DEK_ASSIGN:
{
IoctlEncryptDekMapTable_t *p_dek_map = (IoctlEncryptDekMapTable_t *) &ioctl_data->request;
/* Fill in host */
p_dek_map->dekMap[0].host = (bit32) pCard->pHost->host_no;
printf("%s: Host %u: Mapping %u:%u:%u (%llx to %llx) to dek at index 0x%x, table %x, keytag %08x:%08x\n", __FUNCTION__, p_dek_map->dekMap[0].host, p_dek_map->dekMap[0].channel, p_dek_map->dekMap[0].device, p_dek_map->dekMap[0].lun, p_dek_map->dekMap[0].dekMapEntry[0].startLBA, p_dek_map->dekMap[0].dekMapEntry[0].endLBA, p_dek_map->dekMap[0].dekMapEntry[0].dek.dekIndex, p_dek_map->dekMap[0].dekMapEntry[0].dek.dekTable, p_dek_map->dekMap[0].keytag[1], p_dek_map->dekMap[0].keytag[0]);
/* Create a mapping in local tables */
if (agtiapi_MapDek(pCard, &p_dek_map->dekMap[0]) < 0) {
pIoctlPayload->hdr.Status = IOCTL_ERR_STATUS_INVALID_CODE;
return IOCTL_CALL_FAIL;
}
rc = tiSuccess;
skip_wait = 1;
ioctl_data->encryptFunction = encryptSetDekMap;
ioctl_data->status = tiSuccess;
ioctl_data->subEvent = 0;
}
break;
case IOCTL_MN_ENCRYPTION_ERROR_QUERY:
{
unsigned long flags, i, query_flag;
ag_encrypt_ioerr_t *ioerr, *tmp;
IoctlEncryptErrorQuery_t *perr = (IoctlEncryptErrorQuery_t *) &ioctl_data->request;
printf("%s: query flag %x\n", __FUNCTION__, perr->query_flag);
query_flag = perr->query_flag;
/* initialize */
memset(perr, 0, sizeof(IoctlEncryptErrorQuery_t));
error_query_restart:
/* Take spinlock */
// spin_lock_irqsave(&pCard->ioerr_queue_lock, flags);
AG_SPIN_LOCK_IRQ(&pCard->ioerr_queue_lock, flags);
/* Walk list */
i = 0;
list_for_each_entry_safe(ioerr, tmp, &pCard->ioerr_queue, list) {
if (i >= 32)
break;
perr->valid_mask |= (1 << i);
memcpy(&perr->error[i], &ioerr->ioerr, sizeof(IoctlEncryptIOError_t));
list_del_init(&ioerr->list);
mempool_free(ioerr, pCard->ioerr_mempool);
i++;
atomic_dec(&ioerr_queue_count);
}
/* Release spinlock */
// spin_unlock_irqrestore(&pCard->ioerr_queue_lock, flags);
AG_SPIN_UNLOCK_IRQ(&pCard->ioerr_queue_lock, flags); //for test
if (!perr->valid_mask) {
/* No encryption IO error events, check flags to see if blocking wait OK */
if (query_flag == ERROR_QUERY_FLAG_BLOCK) {
if (wait_event_interruptible(ioerr_waitq, (atomic_read(&ioerr_queue_count)))) {
/* Awoken by signal */
return IOCTL_CALL_FAIL;
} else {
/* Awoken by IO error */
goto error_query_restart;
}
}
}
rc = tiSuccess;
skip_wait = 1;
ioctl_data->encryptFunction = encryptErrorQuery;
ioctl_data->status = tiSuccess;
ioctl_data->subEvent = 0;
}
break;
default:
printf("%s: Unrecognized Minor Function %d\n", __FUNCTION__, pIoctlPayload->hdr.MinorFunction);
pIoctlPayload->hdr.Status = IOCTL_ERR_STATUS_INVALID_CODE;
return IOCTL_CALL_FAIL;
break;
}
/* Demux rc */
switch(rc) {
case tiSuccess:
if(!skip_wait)
wait_for_completion(&pCard->ioctl_completion);
/* Maybe: wait_for_completion_timeout() */
pIoctlPayload->hdr.Status = ioctl_data->status;
break;
case tiNotSupported:
pIoctlPayload->hdr.Status = IOCTL_ERR_STATUS_NOT_SUPPORTED;
break;
default:
printf("%s: Status: %d\n", __FUNCTION__, rc);
pIoctlPayload->hdr.Status = IOCTL_ERR_STATUS_INVALID_CODE;
break;
}
printf("%s: Encryption ioctl %d successful.\n", __FUNCTION__, pIoctlPayload->hdr.MinorFunction);
return IOCTL_CALL_SUCCESS;
}
#endif
/******************************************************************************
agtiapi_SetupEncryptedIO():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
int
agtiapi_SetupEncryptedIO(struct agtiapi_softc *pCard, ccb_t *pccb, unsigned long long block)
{
pCard->cipher_mode = TI_ENCRYPT_ATTRIB_CIPHER_XTS;
/* Check that cipher mode is set properly */
if (pCard->cipher_mode == CIPHER_MODE_INVALID) {
printf("%s: Cipher mode not yet set.\n", __FUNCTION__);
return -E_BAD_CIPHER_MODE;
}
memset(&(pccb->tiSuperScsiRequest.Encrypt), 0, sizeof(pccb->tiSuperScsiRequest.Encrypt));
pccb->tiSuperScsiRequest.Encrypt.keyTagCheck = FALSE;
pccb->tiSuperScsiRequest.Encrypt.encryptMode = pCard->cipher_mode;
pccb->tiSuperScsiRequest.Encrypt.tweakVal_W0 = block;
if(pccb->tiSuperScsiRequest.scsiCmnd.cdb[0] == READ_16 ||
pccb->tiSuperScsiRequest.scsiCmnd.cdb[0] == WRITE_16)
{
pccb->tiSuperScsiRequest.Encrypt.tweakVal_W0 = ((pccb->tiSuperScsiRequest.scsiCmnd.cdb[6] << 24 ) |
(pccb->tiSuperScsiRequest.scsiCmnd.cdb[7] << 16 ) |
(pccb->tiSuperScsiRequest.scsiCmnd.cdb[8] << 8 ) |
(pccb->tiSuperScsiRequest.scsiCmnd.cdb[9]));
pccb->tiSuperScsiRequest.Encrypt.tweakVal_W1 = ((pccb->tiSuperScsiRequest.scsiCmnd.cdb[2] << 24 ) |
(pccb->tiSuperScsiRequest.scsiCmnd.cdb[3] << 16 ) |
(pccb->tiSuperScsiRequest.scsiCmnd.cdb[4] << 8 ) |
(pccb->tiSuperScsiRequest.scsiCmnd.cdb[5]));
}
/* Mark IO as valid encrypted IO */
pccb->flags |= ENCRYPTED_IO;
pccb->tiSuperScsiRequest.flags = TI_SCSI_INITIATOR_ENCRYPT;
/* Bump refcount (atomic) */
atomic_inc(&outstanding_encrypted_io_count);
return 0;
}
/******************************************************************************
agtiapi_CleanupEncryptedIO():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
void
agtiapi_CleanupEncryptedIO(struct agtiapi_softc *pCard, ccb_t *pccb)
{
if ((pccb->flags & ENCRYPTED_IO)) {
/* Decrement refcount */
atomic_dec(&outstanding_encrypted_io_count);
}
pccb->tiSuperScsiRequest.flags &= ~TI_SCSI_INITIATOR_ENCRYPT;
pccb->flags &= ~ENCRYPTED_IO;
}
#ifdef ENCRYPT_ENHANCE
/******************************************************************************
agtiapi_HandleEncryptedIOFailure():
Purpose:
Parameters:
Return:
Note:
******************************************************************************/
void
agtiapi_HandleEncryptedIOFailure(ag_device_t *pDev, ccb_t *pccb)
{
unsigned long flags, qdepth;
struct scsi_cmnd *cmd;
ag_encrypt_ioerr_t *perr;
ag_card_t *pCard;
cmd = pccb->cmd;
if (!cmd) {
printf("%s: Malformed pccb %p.\n", __FUNCTION__, pccb);
return;
}
pCard = pDev->pCard;
/* Sanity check */
if (!(pccb->flags & ENCRYPTED_IO)) {
printf("%s: Skipping IO %lx: Not Encrypted.\n", __FUNCTION__, cmd->serial_number);
return;
}
/* Check queue depth against max */
qdepth = atomic_read(&ioerr_queue_count);
if (qdepth >= IOERR_QUEUE_DEPTH_MAX) {
printf("%s: Not queueing IO error due to queue full: %lu entries.\n", __FUNCTION__, qdepth);
return;
}
/* Get a container for the ag_encrypt_ioerr_t item from the mempool */
// perr = mempool_alloc(pCard->ioerr_mempool, GFP_ATOMIC);
p = (ag_encrypt_map_t *)uma_zalloc(pCard->map_cache, M_WAITOK); //Encryption
if (!perr) {
printf("%s: Mempool allocation failure.\n", __FUNCTION__);
return;
}
/* Populate ag_encrypt_ioerr_t container */
perr->ioerr.error_id = cmd->serial_number;
perr->ioerr.timestamp = cmd->jiffies_at_alloc;
perr->ioerr.host = (unsigned int) cmd->device->host->host_no;
perr->ioerr.channel = cmd->device->channel;
perr->ioerr.device = cmd->device->id;
perr->ioerr.lun = cmd->device->lun;
perr->ioerr.scsi_cmd = (unsigned int) cmd->cmnd[0];
perr->ioerr.dek_index = pccb->tiSuperScsiRequest.Encrypt.dekInfo.dekIndex;
perr->ioerr.dek_table = pccb->tiSuperScsiRequest.Encrypt.dekInfo.dekTable;
perr->ioerr.kek_index = pccb->tiSuperScsiRequest.Encrypt.kekIndex;
perr->ioerr.keytag_check = pccb->tiSuperScsiRequest.Encrypt.keyTagCheck;
perr->ioerr.encrypt_mode = pccb->tiSuperScsiRequest.Encrypt.encryptMode;
perr->ioerr.keytag[0] = pccb->tiSuperScsiRequest.Encrypt.keyTag_W0;
perr->ioerr.keytag[1] = pccb->tiSuperScsiRequest.Encrypt.keyTag_W1;
switch(pccb->scsiStatus) {
case tiDetailDekKeyCacheMiss:
case tiDetailDekIVMismatch:
perr->ioerr.error_type = pccb->scsiStatus;
break;
default:
printf("%s: Unrecognized encrypted IO completion error status: %d\n", __FUNCTION__, pccb->scsiStatus);
perr->ioerr.error_type = 0xffffffff;
break;
}
/* Link IO err into queue */
AG_SPIN_LOCK_IRQ(&pCard->ioerr_queue_lock, flags);
list_add_tail(&perr->list, &pCard->ioerr_queue);
AG_SPIN_UNLOCK_IRQ(&pCard->ioerr_queue_lock, flags);
/* Notify any wait queue waiters that an IO error has occurred */
atomic_inc(&ioerr_queue_count);
wake_up_interruptible(&ioerr_waitq);
}
#endif
#endif