• Harald Freudenberger's avatar
    s390/zcrypt: Introduce Failure Injection feature · 27c4f673
    Harald Freudenberger authored
    Introduce a way to specify additional debug flags with an crpyto
    request to be able to trigger certain failures within the zcrypt
    device drivers and/or ap core code.
    
    This failure injection possibility is only enabled with a kernel debug
    build CONFIG_ZCRYPT_DEBUG) and should never be available on a regular
    kernel running in production environment.
    
    Details:
    
    * The ioctl(ICARSAMODEXPO) get's a struct ica_rsa_modexpo. If the
      leftmost bit of the 32 bit unsigned int inputdatalength field is
      set, the uppermost 16 bits are separated and used as debug flag
      value. The process is checked to have the CAP_SYS_ADMIN capability
      enabled or EPERM is returned.
    
    * The ioctl(ICARSACRT) get's a struct ica_rsa_modexpo_crt. If the
      leftmost bit of the 32 bit unsigned int inputdatalength field is set,
      the uppermost 16 bits are separated and used als debug flag
      value. The process is checked to have the CAP_SYS_ADMIN capability
      enabled or EPERM is returned.
    
    * The ioctl(ZSECSENDCPRB) used to send CCA CPRBs get's a struct
      ica_xcRB. If the leftmost bit of the 32 bit unsigned int status
      field is set, the uppermost 16 bits of this field are used as debug
      flag value. The process is checked to have the CAP_SYS_ADMIN
      capability enabled or EPERM is returned.
    
    * The ioctl(ZSENDEP11CPRB) used to send EP11 CPRBs get's a struct
      ep11_urb. If the leftmost bit of the 64 bit unsigned int req_len
      field is set, the uppermost 16 bits of this field are used as debug
      flag value. The process is checked to have the CAP_SYS_ADMIN
      capability enabled or EPERM is returned.
    
    So it is possible to send an additional 16 bit value to the zcrypt API
    to be used to carry a failure injection command which may trigger
    special behavior within the zcrypt API and layers below. This 16 bit
    value is for the rest of the test referred as 'fi command' for Failure
    Injection.
    
    The lower 8 bits of the fi command construct a numerical argument in
    the range of 1-255 and is the 'fi action' to be performed with the
    request or the resulting reply:
    
    * 0x00 (all requests): No failure injection action but flags may be
      provided which may affect the processing of the request or reply.
    * 0x01 (only CCA CPRBs): The CPRB's agent_ID field is set to
      'FF'. This results in an reply code 0x90 (Transport-Protocol
      Failure).
    * 0x02 (only CCA CPRBs): After the APQN to send to has been chosen,
      the domain field within the CPRB is overwritten with value 99 to
      enforce an reply with RY 0x8A.
    * 0x03 (all requests): At NQAP invocation the invalid qid value 0xFF00
      is used causing an response code of 0x01 (AP queue not valid).
    
    The upper 8 bits of the fi command may carry bit flags which may
    influence the processing of an request or response:
    
    * 0x01: No retry. If this bit is set, the usual loop in the zcrypt API
      which retries an CPRB up to 10 times when the lower layers return
      with EAGAIN is abandoned after the first attempt to send the CPRB.
    * 0x02: Toggle special. Toggles the special bit on this request. This
      should result in an reply code RY~0x41 and result in an ioctl
      failure with errno EINVAL.
    
    This failure injection possibilities may get some further extensions
    in the future. As of now this is a starting point for Continuous Test
    and Integration to trigger some failures and watch for the reaction of
    the ap bus and zcrypt device driver code.
    Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
    Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
    27c4f673
ap_bus.h 11 KB