From: Harald Freudenberger Date: Mon, 27 Apr 2026 16:43:14 +0000 (+0200) Subject: s390/ap: Implement SE bind and associate uevents X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=4179c39842273d3452db062ef73f850327bfd638;p=thirdparty%2Fkernel%2Flinux.git s390/ap: Implement SE bind and associate uevents Notify userspace about two important events on AP queues when run within Secure Execution (SE) environment: - Send AP CHANGE uevent with "SE_BIND=1" on successful bind operation on this AP queue device. - Send AP CHANGE uevent with "SE_ASSOC=" on successful association operation with the secret of the reported index on this AP queue device. Note there is no SE unbind/unassociate event. Unbind/unassociate can have different triggers and technically there is no signaling done which the AP code could catch. A user space application can, if this information is crucial, query the sysfs attribute se_bind on the AP queue which runs a synchronous TAPQ. If the attribute returns with "unbound" a reset took place and SE bind and associate states are unbound and unassociated. Suggested-by: Marc Hartmayer mhartmay@linux.ibm.com Signed-off-by: Harald Freudenberger Reviewed-by: Holger Dengler Signed-off-by: Alexander Gordeev --- diff --git a/drivers/s390/crypto/ap_bus.c b/drivers/s390/crypto/ap_bus.c index f24e27add721d..6a7497db5fb95 100644 --- a/drivers/s390/crypto/ap_bus.c +++ b/drivers/s390/crypto/ap_bus.c @@ -744,6 +744,23 @@ void ap_send_online_uevent(struct ap_device *ap_dev, int online) } EXPORT_SYMBOL(ap_send_online_uevent); +void ap_send_se_bind_uevent(struct ap_device *ap_dev) +{ + char *envp[] = { "SE_BIND=1", NULL }; + + kobject_uevent_env(&ap_dev->device.kobj, KOBJ_CHANGE, envp); +} + +void ap_send_se_assoc_uevent(struct ap_device *ap_dev, unsigned int assoc_idx) +{ + char buf[32]; + char *envp[] = { buf, NULL }; + + snprintf(buf, sizeof(buf), "SE_ASSOC=%u", assoc_idx); + + kobject_uevent_env(&ap_dev->device.kobj, KOBJ_CHANGE, envp); +} + static void ap_send_mask_changed_uevent(unsigned long *newapm, unsigned long *newaqm) { diff --git a/drivers/s390/crypto/ap_bus.h b/drivers/s390/crypto/ap_bus.h index 04ea256ecf919..ca5e142c9b249 100644 --- a/drivers/s390/crypto/ap_bus.h +++ b/drivers/s390/crypto/ap_bus.h @@ -373,5 +373,7 @@ int ap_wait_apqn_bindings_complete(unsigned long timeout); void ap_send_config_uevent(struct ap_device *ap_dev, bool cfg); void ap_send_online_uevent(struct ap_device *ap_dev, int online); +void ap_send_se_bind_uevent(struct ap_device *ap_dev); +void ap_send_se_assoc_uevent(struct ap_device *ap_dev, unsigned int assoc_idx); #endif /* _AP_BUS_H_ */ diff --git a/drivers/s390/crypto/ap_queue.c b/drivers/s390/crypto/ap_queue.c index ca9819e6f7e76..232b786d81d14 100644 --- a/drivers/s390/crypto/ap_queue.c +++ b/drivers/s390/crypto/ap_queue.c @@ -478,6 +478,7 @@ static enum ap_sm_wait ap_sm_assoc_wait(struct ap_queue *aq) pr_debug("queue 0x%02x.%04x associated with %u\n", AP_QID_CARD(aq->qid), AP_QID_QUEUE(aq->qid), aq->assoc_idx); + ap_send_se_assoc_uevent(&aq->ap_dev, aq->assoc_idx); return AP_SM_WAIT_NONE; case AP_BS_Q_USABLE_NO_SECURE_KEY: /* association still pending */ @@ -1023,6 +1024,7 @@ static ssize_t se_bind_store(struct device *dev, /* SE bind was successful */ AP_DBF_INFO("%s bapq(0x%02x.%04x) success\n", __func__, AP_QID_CARD(aq->qid), AP_QID_QUEUE(aq->qid)); + ap_send_se_bind_uevent(&aq->ap_dev); rc = count; out: