diff options
author | Harald Freudenberger <freude@linux.ibm.com> | 2023-06-19 16:55:07 +0200 |
---|---|---|
committer | Alexander Gordeev <agordeev@linux.ibm.com> | 2023-07-03 11:19:41 +0200 |
commit | 0fdcc88bb93f8200386d5d3015115b747d3391ae (patch) | |
tree | 8673a31486436803b8f2182f2be709cc69a59f0b | |
parent | edbe28989847308406101256e10fdfb567ca9eb1 (diff) |
s390/zcrypt: cleanup some debug code
This patch removes most of the debug code which
is build in when CONFIG_ZCRYPT_DEBUG is enabled.
There is no real exploiter for this code any more and
at least one ioctl fails with this code enabled.
The CONFIG_ZCRYPT_DEBUG kernel config option still
makes sense as some debug sysfs entries can get
enabled with this and maybe long term a new better
designed debug and error injection way will get
introduced.
This patch only removes code surrounded by the named
kernel config option. This option should by default
always be off anyway. The structs and defines removed
by the patch have been used only by code surrounded
by a CONFIG_ZCRYPT_DEBUG ifdef and thus can be removed
also.
In the end this patch removes all the failure-injection
possibilities which had been available when the kernel
had been build with CONFIG_ZCRYPT_DEBUG. It has never
been used that much and was too unflexible anyway.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
-rw-r--r-- | drivers/s390/crypto/ap_bus.h | 25 | ||||
-rw-r--r-- | drivers/s390/crypto/ap_queue.c | 7 | ||||
-rw-r--r-- | drivers/s390/crypto/zcrypt_api.c | 85 | ||||
-rw-r--r-- | drivers/s390/crypto/zcrypt_api.h | 3 | ||||
-rw-r--r-- | drivers/s390/crypto/zcrypt_msgtype50.c | 10 | ||||
-rw-r--r-- | drivers/s390/crypto/zcrypt_msgtype6.c | 10 |
6 files changed, 0 insertions, 140 deletions
diff --git a/drivers/s390/crypto/ap_bus.h b/drivers/s390/crypto/ap_bus.h index 101fb324476f..c3b71032a880 100644 --- a/drivers/s390/crypto/ap_bus.h +++ b/drivers/s390/crypto/ap_bus.h @@ -233,30 +233,6 @@ struct ap_queue { typedef enum ap_sm_wait (ap_func_t)(struct ap_queue *queue); -/* failure injection cmd struct */ -struct ap_fi { - union { - u16 cmd; /* fi flags + action */ - struct { - u8 flags; /* fi flags only */ - u8 action; /* fi action only */ - }; - }; -}; - -/* all currently known fi actions */ -enum ap_fi_actions { - AP_FI_ACTION_CCA_AGENT_FF = 0x01, - AP_FI_ACTION_CCA_DOM_INVAL = 0x02, - AP_FI_ACTION_NQAP_QID_INVAL = 0x03, -}; - -/* all currently known fi flags */ -enum ap_fi_flags { - AP_FI_FLAG_NO_RETRY = 0x01, - AP_FI_FLAG_TOGGLE_SPECIAL = 0x02, -}; - struct ap_message { struct list_head list; /* Request queueing. */ unsigned long psmid; /* Message id. */ @@ -264,7 +240,6 @@ struct ap_message { size_t len; /* actual msg len in msg buffer */ size_t bufsize; /* allocated msg buffer size */ u16 flags; /* Flags, see AP_MSG_FLAG_xxx */ - struct ap_fi fi; /* Failure Injection cmd */ int rc; /* Return code for this message */ void *private; /* ap driver private pointer. */ /* receive is called from tasklet context */ diff --git a/drivers/s390/crypto/ap_queue.c b/drivers/s390/crypto/ap_queue.c index ed8f813653fe..30df83735adf 100644 --- a/drivers/s390/crypto/ap_queue.c +++ b/drivers/s390/crypto/ap_queue.c @@ -274,13 +274,6 @@ static enum ap_sm_wait ap_sm_write(struct ap_queue *aq) /* Start the next request on the queue. */ ap_msg = list_entry(aq->requestq.next, struct ap_message, list); -#ifdef CONFIG_ZCRYPT_DEBUG - if (ap_msg->fi.action == AP_FI_ACTION_NQAP_QID_INVAL) { - AP_DBF_WARN("%s fi cmd 0x%04x: forcing invalid qid 0xFF00\n", - __func__, ap_msg->fi.cmd); - qid = 0xFF00; - } -#endif status = __ap_send(qid, ap_msg->psmid, ap_msg->msg, ap_msg->len, ap_msg->flags & AP_MSG_FLAG_SPECIAL); diff --git a/drivers/s390/crypto/zcrypt_api.c b/drivers/s390/crypto/zcrypt_api.c index ae4759a193d3..64079abf3bff 100644 --- a/drivers/s390/crypto/zcrypt_api.c +++ b/drivers/s390/crypto/zcrypt_api.c @@ -661,11 +661,6 @@ static long zcrypt_rsa_modexpo(struct ap_perms *perms, ap_init_message(&ap_msg); -#ifdef CONFIG_ZCRYPT_DEBUG - if (tr && tr->fi.cmd) - ap_msg.fi.cmd = tr->fi.cmd; -#endif - if (mex->outputdatalength < mex->inputdatalength) { func_code = 0; rc = -EINVAL; @@ -771,11 +766,6 @@ static long zcrypt_rsa_crt(struct ap_perms *perms, ap_init_message(&ap_msg); -#ifdef CONFIG_ZCRYPT_DEBUG - if (tr && tr->fi.cmd) - ap_msg.fi.cmd = tr->fi.cmd; -#endif - if (crt->outputdatalength < crt->inputdatalength) { func_code = 0; rc = -EINVAL; @@ -883,16 +873,6 @@ static long _zcrypt_send_cprb(bool userspace, struct ap_perms *perms, xcrb->status = 0; ap_init_message(&ap_msg); -#ifdef CONFIG_ZCRYPT_DEBUG - if (tr && tr->fi.cmd) - ap_msg.fi.cmd = tr->fi.cmd; - if (tr && tr->fi.action == AP_FI_ACTION_CCA_AGENT_FF) { - ZCRYPT_DBF_WARN("%s fi cmd 0x%04x: forcing invalid agent_ID 'FF'\n", - __func__, tr->fi.cmd); - xcrb->agent_ID = 0x4646; - } -#endif - rc = prep_cca_ap_msg(userspace, xcrb, &ap_msg, &func_code, &domain); if (rc) goto out; @@ -982,14 +962,6 @@ static long _zcrypt_send_cprb(bool userspace, struct ap_perms *perms, if (*domain == AUTOSEL_DOM) *domain = AP_QID_QUEUE(qid); -#ifdef CONFIG_ZCRYPT_DEBUG - if (tr && tr->fi.action == AP_FI_ACTION_CCA_DOM_INVAL) { - ZCRYPT_DBF_WARN("%s fi cmd 0x%04x: forcing invalid domain\n", - __func__, tr->fi.cmd); - *domain = 99; - } -#endif - rc = pref_zq->ops->send_cprb(userspace, pref_zq, xcrb, &ap_msg); spin_lock(&zcrypt_list_lock); @@ -1058,11 +1030,6 @@ static long _zcrypt_send_ep11_cprb(bool userspace, struct ap_perms *perms, ap_init_message(&ap_msg); -#ifdef CONFIG_ZCRYPT_DEBUG - if (tr && tr->fi.cmd) - ap_msg.fi.cmd = tr->fi.cmd; -#endif - target_num = (unsigned short)xcrb->targets_num; /* empty list indicates autoselect (all available targets) */ @@ -1473,23 +1440,10 @@ static int icarsamodexpo_ioctl(struct ap_perms *perms, unsigned long arg) if (copy_from_user(&mex, umex, sizeof(mex))) return -EFAULT; -#ifdef CONFIG_ZCRYPT_DEBUG - if (mex.inputdatalength & (1U << 31)) { - if (!capable(CAP_SYS_ADMIN)) - return -EPERM; - tr.fi.cmd = (u16)(mex.inputdatalength >> 16); - } - mex.inputdatalength &= 0x0000FFFF; -#endif - do { rc = zcrypt_rsa_modexpo(perms, &tr, &mex); if (rc == -EAGAIN) tr.again_counter++; -#ifdef CONFIG_ZCRYPT_DEBUG - if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY)) - break; -#endif } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); /* on failure: retry once again after a requested rescan */ if ((rc == -ENODEV) && (zcrypt_process_rescan())) @@ -1518,23 +1472,10 @@ static int icarsacrt_ioctl(struct ap_perms *perms, unsigned long arg) if (copy_from_user(&crt, ucrt, sizeof(crt))) return -EFAULT; -#ifdef CONFIG_ZCRYPT_DEBUG - if (crt.inputdatalength & (1U << 31)) { - if (!capable(CAP_SYS_ADMIN)) - return -EPERM; - tr.fi.cmd = (u16)(crt.inputdatalength >> 16); - } - crt.inputdatalength &= 0x0000FFFF; -#endif - do { rc = zcrypt_rsa_crt(perms, &tr, &crt); if (rc == -EAGAIN) tr.again_counter++; -#ifdef CONFIG_ZCRYPT_DEBUG - if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY)) - break; -#endif } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); /* on failure: retry once again after a requested rescan */ if ((rc == -ENODEV) && (zcrypt_process_rescan())) @@ -1563,23 +1504,10 @@ static int zsecsendcprb_ioctl(struct ap_perms *perms, unsigned long arg) if (copy_from_user(&xcrb, uxcrb, sizeof(xcrb))) return -EFAULT; -#ifdef CONFIG_ZCRYPT_DEBUG - if ((xcrb.status & 0x8000FFFF) == 0x80004649 /* 'FI' */) { - if (!capable(CAP_SYS_ADMIN)) - return -EPERM; - tr.fi.cmd = (u16)(xcrb.status >> 16); - } - xcrb.status = 0; -#endif - do { rc = _zcrypt_send_cprb(true, perms, &tr, &xcrb); if (rc == -EAGAIN) tr.again_counter++; -#ifdef CONFIG_ZCRYPT_DEBUG - if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY)) - break; -#endif } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); /* on failure: retry once again after a requested rescan */ if ((rc == -ENODEV) && (zcrypt_process_rescan())) @@ -1609,23 +1537,10 @@ static int zsendep11cprb_ioctl(struct ap_perms *perms, unsigned long arg) if (copy_from_user(&xcrb, uxcrb, sizeof(xcrb))) return -EFAULT; -#ifdef CONFIG_ZCRYPT_DEBUG - if (xcrb.req_len & (1ULL << 63)) { - if (!capable(CAP_SYS_ADMIN)) - return -EPERM; - tr.fi.cmd = (u16)(xcrb.req_len >> 48); - } - xcrb.req_len &= 0x0000FFFFFFFFFFFFULL; -#endif - do { rc = _zcrypt_send_ep11_cprb(true, perms, &tr, &xcrb); if (rc == -EAGAIN) tr.again_counter++; -#ifdef CONFIG_ZCRYPT_DEBUG - if (rc == -EAGAIN && (tr.fi.flags & AP_FI_FLAG_NO_RETRY)) - break; -#endif } while (rc == -EAGAIN && tr.again_counter < TRACK_AGAIN_MAX); /* on failure: retry once again after a requested rescan */ if ((rc == -ENODEV) && (zcrypt_process_rescan())) diff --git a/drivers/s390/crypto/zcrypt_api.h b/drivers/s390/crypto/zcrypt_api.h index f299deb8b8c7..de659954c8f7 100644 --- a/drivers/s390/crypto/zcrypt_api.h +++ b/drivers/s390/crypto/zcrypt_api.h @@ -60,9 +60,6 @@ struct zcrypt_track { int again_counter; /* retry attempts counter */ int last_qid; /* last qid used */ int last_rc; /* last return code */ -#ifdef CONFIG_ZCRYPT_DEBUG - struct ap_fi fi; /* failure injection cmd */ -#endif }; /* defines related to message tracking */ diff --git a/drivers/s390/crypto/zcrypt_msgtype50.c b/drivers/s390/crypto/zcrypt_msgtype50.c index 05ace18c12b0..51f8f7a463f7 100644 --- a/drivers/s390/crypto/zcrypt_msgtype50.c +++ b/drivers/s390/crypto/zcrypt_msgtype50.c @@ -246,11 +246,6 @@ static int ICAMEX_msg_to_type50MEX_msg(struct zcrypt_queue *zq, copy_from_user(inp, mex->inputdata, mod_len)) return -EFAULT; -#ifdef CONFIG_ZCRYPT_DEBUG - if (ap_msg->fi.flags & AP_FI_FLAG_TOGGLE_SPECIAL) - ap_msg->flags ^= AP_MSG_FLAG_SPECIAL; -#endif - return 0; } @@ -338,11 +333,6 @@ static int ICACRT_msg_to_type50CRT_msg(struct zcrypt_queue *zq, copy_from_user(inp, crt->inputdata, mod_len)) return -EFAULT; -#ifdef CONFIG_ZCRYPT_DEBUG - if (ap_msg->fi.flags & AP_FI_FLAG_TOGGLE_SPECIAL) - ap_msg->flags ^= AP_MSG_FLAG_SPECIAL; -#endif - return 0; } diff --git a/drivers/s390/crypto/zcrypt_msgtype6.c b/drivers/s390/crypto/zcrypt_msgtype6.c index 2f9bf23fbb44..ce71aa54f1f0 100644 --- a/drivers/s390/crypto/zcrypt_msgtype6.c +++ b/drivers/s390/crypto/zcrypt_msgtype6.c @@ -425,11 +425,6 @@ static int xcrb_msg_to_type6cprb_msgx(bool userspace, struct ap_message *ap_msg, memcmp(function_code, "AU", 2) == 0) ap_msg->flags |= AP_MSG_FLAG_SPECIAL; -#ifdef CONFIG_ZCRYPT_DEBUG - if (ap_msg->fi.flags & AP_FI_FLAG_TOGGLE_SPECIAL) - ap_msg->flags ^= AP_MSG_FLAG_SPECIAL; -#endif - /* check CPRB minor version, set info bits in ap_message flag field */ switch (*(unsigned short *)(&msg->cprbx.func_id[0])) { case 0x5432: /* "T2" */ @@ -535,11 +530,6 @@ static int xcrb_msg_to_type6_ep11cprb_msgx(bool userspace, struct ap_message *ap if (msg->cprbx.flags & 0x20) ap_msg->flags |= AP_MSG_FLAG_SPECIAL; -#ifdef CONFIG_ZCRYPT_DEBUG - if (ap_msg->fi.flags & AP_FI_FLAG_TOGGLE_SPECIAL) - ap_msg->flags ^= AP_MSG_FLAG_SPECIAL; -#endif - /* set info bits in ap_message flag field */ if (msg->cprbx.flags & 0x80) ap_msg->flags |= AP_MSG_FLAG_ADMIN; |