s390/ap: Implement SE bind and associate uevents

Notify userspace about two important events on AP queues
when run within Secure Execution (SE) environment:
- Send AP CHANGE uevent with "SE_BIND=1" on successful bind
  operation on this AP queue device.
- Send AP CHANGE uevent with "SE_ASSOC=<association_index>"
  on successful association operation with the secret of the
  reported index on this AP queue device.

Note there is no SE unbind/unassociate event. Unbind/unassociate
can have different triggers and technically there is no signaling
done which the AP code could catch. A user space application can,
if this information is crucial, query the sysfs attribute se_bind
on the AP queue which runs a synchronous TAPQ. If the attribute
returns with "unbound" a reset took place and SE bind and associate
states are unbound and unassociated.

Suggested-by: Marc Hartmayer mhartmay@linux.ibm.com
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>

diff --git a/drivers/s390/crypto/ap_bus.c b/drivers/s390/crypto/ap_bus.c
index f24e27add721d1a97da3e1c3d4bf30f63575e8a5..6a7497db5fb95228dfab17f9fc05a7316d1f1c32 100644 (file)
--- a/drivers/s390/crypto/ap_bus.c
+++ b/drivers/s390/crypto/ap_bus.c
@@ -744,6 +744,23 @@ void ap_send_online_uevent(struct ap_device *ap_dev, int online)
 }
 EXPORT_SYMBOL(ap_send_online_uevent);
 
+void ap_send_se_bind_uevent(struct ap_device *ap_dev)
+{
+       char *envp[] = { "SE_BIND=1", NULL };
+
+       kobject_uevent_env(&ap_dev->device.kobj, KOBJ_CHANGE, envp);
+}
+
+void ap_send_se_assoc_uevent(struct ap_device *ap_dev, unsigned int assoc_idx)
+{
+       char buf[32];
+       char *envp[] = { buf, NULL };
+
+       snprintf(buf, sizeof(buf), "SE_ASSOC=%u", assoc_idx);
+
+       kobject_uevent_env(&ap_dev->device.kobj, KOBJ_CHANGE, envp);
+}
+
 static void ap_send_mask_changed_uevent(unsigned long *newapm,
                                        unsigned long *newaqm)
 {

diff --git a/drivers/s390/crypto/ap_bus.h b/drivers/s390/crypto/ap_bus.h
index 04ea256ecf9196588d9b944530168263d6cb65ba..ca5e142c9b249a4478928d04de281a54386d1885 100644 (file)
--- a/drivers/s390/crypto/ap_bus.h
+++ b/drivers/s390/crypto/ap_bus.h
@@ -373,5 +373,7 @@ int ap_wait_apqn_bindings_complete(unsigned long timeout);
 
 void ap_send_config_uevent(struct ap_device *ap_dev, bool cfg);
 void ap_send_online_uevent(struct ap_device *ap_dev, int online);
+void ap_send_se_bind_uevent(struct ap_device *ap_dev);
+void ap_send_se_assoc_uevent(struct ap_device *ap_dev, unsigned int assoc_idx);
 
 #endif /* _AP_BUS_H_ */

diff --git a/drivers/s390/crypto/ap_queue.c b/drivers/s390/crypto/ap_queue.c
index ca9819e6f7e7617cb3d34accc0d3dc41406170c8..232b786d81d140d051d5c16336cc396858887f95 100644 (file)
--- a/drivers/s390/crypto/ap_queue.c
+++ b/drivers/s390/crypto/ap_queue.c
@@ -478,6 +478,7 @@ static enum ap_sm_wait ap_sm_assoc_wait(struct ap_queue *aq)
                pr_debug("queue 0x%02x.%04x associated with %u\n",
                         AP_QID_CARD(aq->qid),
                         AP_QID_QUEUE(aq->qid), aq->assoc_idx);
+               ap_send_se_assoc_uevent(&aq->ap_dev, aq->assoc_idx);
                return AP_SM_WAIT_NONE;
        case AP_BS_Q_USABLE_NO_SECURE_KEY:
                /* association still pending */
@@ -1023,6 +1024,7 @@ static ssize_t se_bind_store(struct device *dev,
        /* SE bind was successful */
        AP_DBF_INFO("%s bapq(0x%02x.%04x) success\n", __func__,
                    AP_QID_CARD(aq->qid), AP_QID_QUEUE(aq->qid));
+       ap_send_se_bind_uevent(&aq->ap_dev);
        rc = count;
 
 out: