s390/zcrypt: provide apfs failure code on type 86 error reply

The apfs field (AP final status) is set on transport
protocol failures (reply code 0x90) for type 86 replies.
For CCA cprbs this value is copied into the xcrb status
field which gives userspace a hint for the failure reason.
However, for EP11 cprbs there is no such status field
in the xcrb struct. So now regardless of the request
type, if a reply type 86 with transport protocol failure
is seen, the apfs value is printed as part of the debug
message. So the user has a chance to see the apfs value
without using a special build kernel.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>

diff --git a/drivers/s390/crypto/zcrypt_api.c b/drivers/s390/crypto/zcrypt_api.c
index 26f1cd6..bb7ed34 100644 (file)
--- a/drivers/s390/crypto/zcrypt_api.c
+++ b/drivers/s390/crypto/zcrypt_api.c
@@ -822,6 +822,7 @@ static long _zcrypt_send_cprb(struct ap_perms *perms,
 
        trace_s390_zcrypt_req(xcRB, TB_ZSECSENDCPRB);
 
+       xcRB->status = 0;
        ap_init_message(&ap_msg);
        rc = get_cprb_fc(xcRB, &ap_msg, &func_code, &domain);
        if (rc)
@@ -1321,7 +1322,8 @@ static long zcrypt_unlocked_ioctl(struct file *filp, unsigned int cmd,
                                rc = _zcrypt_send_cprb(perms, &xcRB);
                        } while (rc == -EAGAIN);
                if (rc)
-                       ZCRYPT_DBF(DBF_DEBUG, "ioctl ZSENDCPRB rc=%d\n", rc);
+                       ZCRYPT_DBF(DBF_DEBUG, "ioctl ZSENDCPRB rc=%d status=0x%x\n",
+                                  rc, xcRB.status);
                if (copy_to_user(uxcRB, &xcRB, sizeof(xcRB)))
                        return -EFAULT;
                return rc;

diff --git a/drivers/s390/crypto/zcrypt_error.h b/drivers/s390/crypto/zcrypt_error.h
index 663dbda..240b27f 100644 (file)
--- a/drivers/s390/crypto/zcrypt_error.h
+++ b/drivers/s390/crypto/zcrypt_error.h
@@ -14,6 +14,7 @@
 #include <linux/atomic.h>
 #include "zcrypt_debug.h"
 #include "zcrypt_api.h"
+#include "zcrypt_msgtype6.h"
 
 /**
  * Reply Messages
@@ -112,6 +113,27 @@ static inline int convert_error(struct zcrypt_queue *zq,
                           card, queue, ehdr->reply_code);
                return -EAGAIN;
        case REP82_ERROR_TRANSPORT_FAIL:
+               /* Card or infrastructure failure, disable card */
+               atomic_set(&zcrypt_rescan_req, 1);
+               zq->online = 0;
+               pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
+                      card, queue);
+               /* For type 86 response show the apfs value (failure reason) */
+               if (ehdr->type == TYPE86_RSP_CODE) {
+                       struct {
+                               struct type86_hdr hdr;
+                               struct type86_fmt2_ext fmt2;
+                       } __packed * head = reply->message;
+                       unsigned int apfs = *((u32 *)head->fmt2.apfs);
+
+                       ZCRYPT_DBF(DBF_ERR,
+                                  "device=%02x.%04x reply=0x%02x apfs=0x%x => online=0 rc=EAGAIN\n",
+                                  card, queue, apfs, ehdr->reply_code);
+               } else
+                       ZCRYPT_DBF(DBF_ERR,
+                                  "device=%02x.%04x reply=0x%02x => online=0 rc=EAGAIN\n",
+                                  card, queue, ehdr->reply_code);
+               return -EAGAIN;
        case REP82_ERROR_MACHINE_FAILURE:
        //   REP88_ERROR_MODULE_FAILURE         // '10' CEX2A
                /* If a card fails disable it and repeat the request. */