1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 27 /* 28 * OPL IPSec Key Management Driver. 29 * 30 * This driver runs on a OPL Domain. It processes requests received 31 * from the OPL Service Processor (SP) via mailbox message. It passes 32 * these requests to the sckmd daemon by means of an /ioctl interface. 33 * 34 * Requests received from the SP consist of IPsec security associations 35 * (SAs) needed to secure the communication between SC and Domain daemons 36 * communicating using DSCP. 37 */ 38 39 #include <sys/types.h> 40 #include <sys/cmn_err.h> 41 #include <sys/kmem.h> 42 #include <sys/errno.h> 43 #include <sys/file.h> 44 #include <sys/open.h> 45 #include <sys/stat.h> 46 #include <sys/conf.h> 47 #include <sys/ddi.h> 48 #include <sys/cmn_err.h> 49 #include <sys/sunddi.h> 50 #include <sys/sunndi.h> 51 #include <sys/ddi_impldefs.h> 52 #include <sys/ndi_impldefs.h> 53 #include <sys/modctl.h> 54 #include <sys/disp.h> 55 #include <sys/note.h> 56 #include <sys/byteorder.h> 57 #include <sys/sdt.h> 58 59 #include <sys/scfd/scfdscpif.h> 60 #include <sys/oplkm_msg.h> 61 #include <sys/sckm_io.h> 62 #include <sys/oplkm.h> 63 64 #define OKM_NODENAME "oplkmdrv" /* Node name */ 65 #define OKM_TARGET_ID 0 /* Target ID */ 66 #define OKM_SM_TOUT 5000 /* small timeout (5msec) */ 67 #define OKM_LG_TOUT 50000 /* large timeout (50msec) */ 68 #define OKM_MB_TOUT 10000000 /* Mailbox timeout (10sec) */ 69 70 okms_t okms_global; /* Global instance structure */ 71 72 #ifdef DEBUG 73 uint32_t okm_debug = DBG_WARN; 74 #endif 75 76 /* 77 * Prototypes for the module related functions. 78 */ 79 int okm_attach(dev_info_t *devi, ddi_attach_cmd_t cmd); 80 int okm_detach(dev_info_t *devi, ddi_detach_cmd_t cmd); 81 int okm_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result); 82 int okm_open(dev_t *devp, int flag, int otyp, struct cred *cred); 83 int okm_close(dev_t dev, int flag, int otyp, struct cred *cred); 84 int okm_ioctl(dev_t dev, int cmd, intptr_t data, int flag, 85 cred_t *cred, int *rvalp); 86 87 /* 88 * Prototypes for the internal functions. 89 */ 90 int okm_get_req(okms_t *okmsp, sckm_ioctl_getreq_t *ireqp, 91 intptr_t data, int flag); 92 int okm_process_req(okms_t *okmsp, okm_req_hdr_t *reqp, uint32_t len, 93 sckm_ioctl_getreq_t *ireqp, intptr_t data, int flag); 94 int okm_process_status(okms_t *okmsp, sckm_ioctl_status_t *ireply); 95 void okm_event_handler(scf_event_t event, void *arg); 96 int okm_send_reply(okms_t *okmsp, uint32_t transid, uint32_t status, 97 uint32_t sadb_err, uint32_t sadb_ver); 98 int block_until_ready(okms_t *okmsp); 99 static int okm_copyin_ioctl_getreq(intptr_t userarg, 100 sckm_ioctl_getreq_t *driverarg, int flag); 101 static int okm_copyout_ioctl_getreq(sckm_ioctl_getreq_t *driverarg, 102 intptr_t userarg, int flag); 103 static void okm_cleanup(okms_t *okmsp); 104 static int okm_mbox_init(okms_t *okmsp); 105 static void okm_mbox_fini(okms_t *okmsp); 106 static clock_t okm_timeout_val(int error); 107 108 109 struct cb_ops okm_cb_ops = { 110 okm_open, /* open */ 111 okm_close, /* close */ 112 nodev, /* strategy */ 113 nodev, /* print */ 114 nodev, /* dump */ 115 nodev, /* read */ 116 nodev, /* write */ 117 okm_ioctl, /* ioctl */ 118 nodev, /* devmap */ 119 nodev, /* mmap */ 120 nodev, /* segmap */ 121 nochpoll, /* poll */ 122 ddi_prop_op, /* prop_op */ 123 0, /* streamtab */ 124 D_NEW | D_MP /* Driver compatibility flag */ 125 }; 126 127 struct dev_ops okm_ops = { 128 DEVO_REV, /* devo_rev, */ 129 0, /* refcnt */ 130 okm_info, /* get_dev_info */ 131 nulldev, /* identify */ 132 nulldev, /* probe */ 133 okm_attach, /* attach */ 134 okm_detach, /* detach */ 135 nodev, /* reset */ 136 &okm_cb_ops, /* driver operations */ 137 (struct bus_ops *)0, /* no bus operations */ 138 NULL, /* power */ 139 ddi_quiesce_not_needed, /* quiesce */ 140 }; 141 142 struct modldrv modldrv = { 143 &mod_driverops, 144 "OPL Key Management Driver", 145 &okm_ops, 146 }; 147 148 struct modlinkage modlinkage = { 149 MODREV_1, 150 &modldrv, 151 NULL 152 }; 153 154 155 /* 156 * _init - Module's init routine. 157 */ 158 int 159 _init(void) 160 { 161 int ret; 162 163 if ((ret = mod_install(&modlinkage)) != 0) { 164 cmn_err(CE_WARN, "mod_install failed, error = %d", ret); 165 } 166 return (ret); 167 } 168 169 /* 170 * _fini - Module's fini routine. 171 */ 172 int 173 _fini(void) 174 { 175 int ret; 176 177 if ((ret = mod_remove(&modlinkage)) != 0) { 178 return (ret); 179 } 180 return (ret); 181 } 182 183 /* 184 * _info - Module's info routine. 185 */ 186 int 187 _info(struct modinfo *modinfop) 188 { 189 return (mod_info(&modlinkage, modinfop)); 190 } 191 192 /* 193 * okm_attach - Module's attach routine. 194 * 195 * Description: Initializes the modules state structure and create 196 * the minor device node. 197 */ 198 int 199 okm_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 200 { 201 int instance; 202 okms_t *okmsp = &okms_global; 203 204 instance = ddi_get_instance(dip); 205 206 /* Only one instance is supported. */ 207 if (instance != 0) { 208 return (DDI_FAILURE); 209 } 210 211 if (cmd != DDI_ATTACH) { 212 return (DDI_FAILURE); 213 } 214 215 okmsp->km_dip = dip; 216 okmsp->km_major = ddi_driver_major(dip); 217 okmsp->km_inst = instance; 218 219 /* 220 * Get an interrupt block cookie corresponding to the 221 * interrupt priority of the event handler. 222 * Assert that the event priority is not redefined to 223 * some other priority. 224 */ 225 /* LINTED */ 226 ASSERT(SCF_EVENT_PRI == DDI_SOFTINT_LOW); 227 if (ddi_get_soft_iblock_cookie(dip, SCF_EVENT_PRI, 228 &okmsp->km_ibcookie) != DDI_SUCCESS) { 229 cmn_err(CE_WARN, "ddi_get_soft_iblock_cookie failed."); 230 return (DDI_FAILURE); 231 } 232 mutex_init(&okmsp->km_lock, NULL, MUTEX_DRIVER, 233 (void *)okmsp->km_ibcookie); 234 okmsp->km_clean |= OKM_CLEAN_LOCK; 235 cv_init(&okmsp->km_wait, NULL, CV_DRIVER, NULL); 236 okmsp->km_clean |= OKM_CLEAN_CV; 237 238 /* 239 * set clean_node ahead as remove_node has to be called even 240 * if create node fails. 241 */ 242 okmsp->km_clean |= OKM_CLEAN_NODE; 243 if (ddi_create_minor_node(dip, OKM_NODENAME, S_IFCHR, 244 instance, NULL, NULL) == DDI_FAILURE) { 245 cmn_err(CE_WARN, "Device node creation failed"); 246 okm_cleanup(okmsp); 247 return (DDI_FAILURE); 248 } 249 250 ddi_set_driver_private(dip, (caddr_t)okmsp); 251 ddi_report_dev(dip); 252 return (DDI_SUCCESS); 253 } 254 255 /* 256 * okm_detach - Module's detach routine. 257 * 258 * Description: Cleans up the module's state structures and any other 259 * relevant data. 260 */ 261 int 262 okm_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 263 { 264 okms_t *okmsp; 265 266 if (cmd != DDI_DETACH) { 267 return (DDI_FAILURE); 268 } 269 270 if ((okmsp = ddi_get_driver_private(dip)) == NULL) { 271 return (DDI_FAILURE); 272 } 273 274 mutex_enter(&okmsp->km_lock); 275 /* 276 * Check if the mailbox is still in use. 277 */ 278 if (okmsp->km_state & OKM_MB_INITED) { 279 mutex_exit(&okmsp->km_lock); 280 cmn_err(CE_WARN, "Detach failure: Mailbox in use"); 281 return (DDI_FAILURE); 282 } 283 mutex_exit(&okmsp->km_lock); 284 okm_cleanup(okmsp); 285 ddi_set_driver_private(dip, NULL); 286 return (DDI_SUCCESS); 287 } 288 289 /* 290 * okm_info - Module's info routine. 291 */ 292 /* ARGSUSED */ 293 int 294 okm_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result) 295 { 296 okms_t *okmsp; 297 minor_t minor; 298 int ret = DDI_FAILURE; 299 300 switch (infocmd) { 301 case DDI_INFO_DEVT2DEVINFO: 302 minor = getminor((dev_t)arg); 303 okmsp = ddi_get_driver_private(dip); 304 if (okmsp == NULL) { 305 *result = NULL; 306 } else { 307 *result = okmsp->km_dip; 308 ret = DDI_SUCCESS; 309 } 310 break; 311 312 case DDI_INFO_DEVT2INSTANCE: 313 minor = getminor((dev_t)arg); 314 *result = (void *)(uintptr_t)minor; 315 ret = DDI_SUCCESS; 316 317 default: 318 break; 319 } 320 return (ret); 321 } 322 323 /* 324 * okm_open - Device open routine. 325 * 326 * Description: Initializes the mailbox and waits until the mailbox 327 * gets connected. Only one open at a time is supported. 328 */ 329 /*ARGSUSED*/ 330 int 331 okm_open(dev_t *devp, int flag, int otyp, struct cred *cred) 332 { 333 okms_t *okmsp = &okms_global; 334 int ret = 0; 335 336 DPRINTF(DBG_DRV, ("okm_open: called\n")); 337 mutex_enter(&okmsp->km_lock); 338 if (okmsp->km_state & OKM_OPENED) { 339 /* Only one open supported */ 340 mutex_exit(&okmsp->km_lock); 341 DPRINTF(DBG_WARN, ("okm_open: already opened\n")); 342 return (EBUSY); 343 } 344 okmsp->km_state |= OKM_OPENED; 345 ret = block_until_ready(okmsp); 346 if (ret != 0) { 347 okmsp->km_state &= ~OKM_OPENED; 348 } 349 mutex_exit(&okmsp->km_lock); 350 DPRINTF(DBG_DRV, ("okm_open: ret=%d\n", ret)); 351 return (ret); 352 } 353 354 /* 355 * block_until_ready - Function to wait until the mailbox is ready to use. 356 * 357 * Description: It initializes the mailbox and waits for the mailbox 358 * state to transition to connected. 359 */ 360 int 361 block_until_ready(okms_t *okmsp) 362 { 363 int ret = 0; 364 365 DPRINTF(DBG_DRV, ("block_until_ready: called\n")); 366 ASSERT(MUTEX_HELD(&okmsp->km_lock)); 367 368 if (okmsp->km_state & OKM_MB_DISC) { 369 DPRINTF(DBG_DRV, ("block_until_ready: closing the mailbox\n")); 370 okm_mbox_fini(okmsp); 371 } 372 if (okmsp->km_state & OKM_MB_CONN) { 373 DPRINTF(DBG_DRV, ("block_until_ready: mailbox connected\n")); 374 return (0); 375 } 376 /* 377 * Initialize mailbox. 378 */ 379 if ((ret = okm_mbox_init(okmsp)) != 0) { 380 DPRINTF(DBG_MBOX, 381 ("block_until_ready: mailbox init failed ret=%d\n", ret)); 382 return (ret); 383 } 384 DPRINTF(DBG_DRV, ("block_until_ready: ret=%d", ret)); 385 return (ret); 386 } 387 388 /* 389 * okm_close - Device close routine. 390 * 391 * Description: Closes the mailbox. 392 */ 393 /*ARGSUSED*/ 394 int 395 okm_close(dev_t dev, int flag, int otyp, struct cred *cred) 396 { 397 okms_t *okmsp = &okms_global; 398 399 DPRINTF(DBG_DRV, ("okm_close: called\n")); 400 /* Close the lower layer first */ 401 mutex_enter(&okmsp->km_lock); 402 okm_mbox_fini(okmsp); 403 okmsp->km_state = 0; 404 mutex_exit(&okmsp->km_lock); 405 return (0); 406 } 407 408 409 /* 410 * okm_ioctl - Device ioctl routine. 411 * 412 * Description: Processes ioctls from the daemon. 413 */ 414 /*ARGSUSED*/ 415 int 416 okm_ioctl(dev_t dev, int cmd, intptr_t data, int flag, cred_t *cred, int *rvalp) 417 { 418 okms_t *okmsp = &okms_global; 419 sckm_ioctl_getreq_t ireq; 420 sckm_ioctl_status_t istatus; 421 int ret = 0; 422 423 switch (cmd) { 424 case SCKM_IOCTL_GETREQ: 425 426 DPRINTF(DBG_DRV, ("okm_ioctl: GETREQ\n")); 427 if (okm_copyin_ioctl_getreq(data, &ireq, flag)) { 428 return (EFAULT); 429 } 430 431 ret = okm_get_req(okmsp, &ireq, data, flag); 432 DPRINTF(DBG_DRV, ("okm_ioctl: GETREQ ret=%d\n", ret)); 433 break; 434 435 case SCKM_IOCTL_STATUS: 436 437 DPRINTF(DBG_DRV, ("okm_ioctl: STATUS\n")); 438 if (ddi_copyin((caddr_t)data, &istatus, 439 sizeof (sckm_ioctl_status_t), flag)) { 440 return (EFAULT); 441 } 442 ret = okm_process_status(okmsp, &istatus); 443 DPRINTF(DBG_DRV, ("okm_ioctl: STATUS ret=%d\n", ret)); 444 break; 445 446 default: 447 DPRINTF(DBG_DRV, ("okm_ioctl: UNKNOWN ioctl\n")); 448 ret = EINVAL; 449 } 450 return (ret); 451 } 452 453 /* 454 * okm_get_req - Get a request from the mailbox. 455 * 456 * Description: It blocks until a message is received, then processes 457 * the message and returns it to the requestor. 458 */ 459 int 460 okm_get_req(okms_t *okmsp, sckm_ioctl_getreq_t *ireqp, intptr_t data, int flag) 461 { 462 okm_req_hdr_t *reqp; 463 caddr_t msgbuf; 464 uint32_t len; 465 int ret; 466 467 DPRINTF(DBG_DRV, ("okm_getreq: called\n")); 468 mutex_enter(&okmsp->km_lock); 469 if ((ret = block_until_ready(okmsp)) != 0) { 470 mutex_exit(&okmsp->km_lock); 471 DPRINTF(DBG_WARN, ("okm_getreq: failed ret=%d\n", ret)); 472 return (ret); 473 } 474 475 if (okmsp->km_reqp != NULL) { 476 DPRINTF(DBG_DRV, ("okm_getreq: req cached\n")); 477 reqp = okmsp->km_reqp; 478 len = okmsp->km_reqlen; 479 okmsp->km_reqp = NULL; 480 okmsp->km_reqlen = 0; 481 } else { 482 retry: 483 while (OKM_MBOX_READY(okmsp) && 484 ((ret = scf_mb_canget(okmsp->km_target, 485 okmsp->km_key, &len)) != 0)) { 486 if (ret != ENOMSG) { 487 DPRINTF(DBG_WARN, ("okm_getreq: Unknown " 488 "mbox failure=%d\n", ret)); 489 mutex_exit(&okmsp->km_lock); 490 return (EIO); 491 } 492 DPRINTF(DBG_MBOX, ("okm_getreq: waiting for mesg\n")); 493 if (cv_wait_sig(&okmsp->km_wait, 494 &okmsp->km_lock) <= 0) { 495 mutex_exit(&okmsp->km_lock); 496 DPRINTF(DBG_DRV, ("okm_getreq:interrupted\n")); 497 return (EINTR); 498 } 499 } 500 if (!OKM_MBOX_READY(okmsp)) { 501 mutex_exit(&okmsp->km_lock); 502 DPRINTF(DBG_WARN, ("okm_getreq: mailbox not ready\n")); 503 return (EIO); 504 } 505 ASSERT(len != 0); 506 msgbuf = kmem_alloc(len, KM_SLEEP); 507 okmsp->km_sg_rcv.msc_dptr = msgbuf; 508 okmsp->km_sg_rcv.msc_len = len; 509 510 DPRINTF(DBG_MBOX, ("okm_getreq: getmsg\n")); 511 ret = scf_mb_getmsg(okmsp->km_target, okmsp->km_key, len, 1, 512 &okmsp->km_sg_rcv, 0); 513 if (ret == ENOMSG || ret == EMSGSIZE) { 514 kmem_free(msgbuf, len); 515 DPRINTF(DBG_MBOX, ("okm_getreq: nomsg ret=%d\n", ret)); 516 goto retry; 517 } else if (ret != 0) { 518 kmem_free(msgbuf, len); 519 mutex_exit(&okmsp->km_lock); 520 DPRINTF(DBG_WARN, 521 ("okm_getreq: Unknown mbox failure=%d\n", ret)); 522 return (EIO); 523 } 524 525 /* check message length */ 526 if (len < sizeof (okm_req_hdr_t)) { 527 /* protocol error, drop message */ 528 kmem_free(msgbuf, len); 529 mutex_exit(&okmsp->km_lock); 530 DPRINTF(DBG_WARN, ("okm_getreq: Bad message\n")); 531 return (EBADMSG); 532 } 533 534 reqp = (okm_req_hdr_t *)msgbuf; 535 reqp->krq_version = ntohl(reqp->krq_version); 536 reqp->krq_transid = ntohl(reqp->krq_transid); 537 reqp->krq_cmd = ntohl(reqp->krq_cmd); 538 reqp->krq_reserved = ntohl(reqp->krq_reserved); 539 540 /* check version of the message received */ 541 if (reqp->krq_version != OKM_PROTOCOL_VERSION) { 542 okm_send_reply(okmsp, reqp->krq_transid, 543 OKM_ERR_VERSION, 0, 0); 544 kmem_free(msgbuf, len); 545 mutex_exit(&okmsp->km_lock); 546 DPRINTF(DBG_WARN, ("okm_getreq: Unknown version=%d\n", 547 reqp->krq_version)); 548 return (EBADMSG); 549 } 550 } 551 552 /* process message */ 553 ret = okm_process_req(okmsp, reqp, len, ireqp, data, flag); 554 if (okmsp->km_reqp == NULL) { 555 /* 556 * The message is not saved, so free the buffer. 557 */ 558 kmem_free(reqp, len); 559 } 560 mutex_exit(&okmsp->km_lock); 561 DPRINTF(DBG_DRV, ("okm_getreq: ret=%d\n", ret)); 562 return (ret); 563 } 564 565 566 /* 567 * okm_process_req - Process the request. 568 * 569 * Description: Validate the request and then give the request to the 570 * daemon. 571 */ 572 int 573 okm_process_req(okms_t *okmsp, okm_req_hdr_t *reqp, uint32_t len, 574 sckm_ioctl_getreq_t *ireqp, intptr_t data, int flag) 575 { 576 void *req_datap = (void *)(((char *)reqp) + sizeof (okm_req_hdr_t)); 577 int sadb_msglen = len - sizeof (okm_req_hdr_t); 578 579 DPRINTF(DBG_DRV, ("okm_process_req: called\n")); 580 DUMP_REQ(reqp, len); 581 582 switch (reqp->krq_cmd) { 583 case OKM_MSG_SADB: 584 /* sanity check request */ 585 if (sadb_msglen <= 0) { 586 okm_send_reply(okmsp, reqp->krq_transid, 587 OKM_ERR_SADB_MSG, 0, 0); 588 DPRINTF(DBG_WARN, ("okm_process_req: bad message\n")); 589 return (EBADMSG); 590 } 591 592 /* 593 * Save the message, prior to giving it to the daemon. 594 */ 595 okmsp->km_reqp = reqp; 596 okmsp->km_reqlen = len; 597 598 if (ireqp->buf_len < len) { 599 DPRINTF(DBG_WARN, 600 ("okm_process_req: not enough space\n")); 601 return (ENOSPC); 602 } 603 604 ireqp->transid = reqp->krq_transid; 605 ireqp->type = SCKM_IOCTL_REQ_SADB; 606 if (ddi_copyout(req_datap, ireqp->buf, sadb_msglen, flag)) { 607 DPRINTF(DBG_WARN, 608 ("okm_process_req: copyout failed\n")); 609 return (EFAULT); 610 } 611 ireqp->buf_len = sadb_msglen; 612 if (okm_copyout_ioctl_getreq(ireqp, data, flag)) { 613 DPRINTF(DBG_WARN, 614 ("okm_process_req: copyout failed\n")); 615 return (EFAULT); 616 } 617 break; 618 619 default: 620 cmn_err(CE_WARN, "Unknown cmd 0x%x received", reqp->krq_cmd); 621 /* 622 * Received an unknown command, send corresponding 623 * error message. 624 */ 625 okm_send_reply(okmsp, reqp->krq_transid, OKM_ERR_BAD_CMD, 0, 0); 626 return (EBADMSG); 627 } 628 DPRINTF(DBG_DRV, ("okm_process_req: ret=0\n")); 629 return (0); 630 } 631 632 /* 633 * okm_process_status - Process the status from the daemon. 634 * 635 * Description: Processes the status received from the daemon and sends 636 * corresponding message to the SP. 637 */ 638 int 639 okm_process_status(okms_t *okmsp, sckm_ioctl_status_t *ireply) 640 { 641 uint32_t status; 642 uint32_t sadb_msg_errno = 0; 643 uint32_t sadb_msg_version = 0; 644 okm_req_hdr_t *reqp = okmsp->km_reqp; 645 int ret; 646 647 DPRINTF(DBG_DRV, ("okm_process_status: called\n")); 648 mutex_enter(&okmsp->km_lock); 649 if ((ret = block_until_ready(okmsp)) != 0) { 650 mutex_exit(&okmsp->km_lock); 651 DPRINTF(DBG_WARN, 652 ("okm_process_status: Unknown failure=%d\n", ret)); 653 return (ret); 654 } 655 656 /* fail if no status is expected, or if it does not match */ 657 if (!okmsp->km_reqp || (reqp->krq_transid != ireply->transid)) { 658 mutex_exit(&okmsp->km_lock); 659 DPRINTF(DBG_WARN, 660 ("okm_process_status: req/transid mismatch\n")); 661 return (EINVAL); 662 } 663 664 switch (ireply->status) { 665 case SCKM_IOCTL_STAT_SUCCESS: 666 DPRINTF(DBG_DRV, ("okm_process_status: SUCCESS\n")); 667 status = OKM_SUCCESS; 668 break; 669 case SCKM_IOCTL_STAT_ERR_PFKEY: 670 DPRINTF(DBG_DRV, ("okm_process_status: PFKEY ERROR\n")); 671 status = OKM_ERR_SADB_PFKEY; 672 sadb_msg_errno = ireply->sadb_msg_errno; 673 break; 674 case SCKM_IOCTL_STAT_ERR_REQ: 675 DPRINTF(DBG_DRV, ("okm_process_status: REQ ERROR\n")); 676 status = OKM_ERR_DAEMON; 677 break; 678 case SCKM_IOCTL_STAT_ERR_VERSION: 679 DPRINTF(DBG_DRV, ("okm_process_status: SADB VERSION ERROR\n")); 680 status = OKM_ERR_SADB_VERSION; 681 sadb_msg_version = ireply->sadb_msg_version; 682 break; 683 case SCKM_IOCTL_STAT_ERR_TIMEOUT: 684 DPRINTF(DBG_DRV, ("okm_process_status: TIMEOUT ERR\n")); 685 status = OKM_ERR_SADB_TIMEOUT; 686 break; 687 case SCKM_IOCTL_STAT_ERR_OTHER: 688 DPRINTF(DBG_DRV, ("okm_process_status: OTHER ERR\n")); 689 status = OKM_ERR_DAEMON; 690 break; 691 case SCKM_IOCTL_STAT_ERR_SADB_TYPE: 692 DPRINTF(DBG_DRV, ("okm_process_status: SADB TYPE ERR\n")); 693 status = OKM_ERR_SADB_BAD_TYPE; 694 break; 695 default: 696 cmn_err(CE_WARN, "SCKM daemon returned invalid status %d\n", 697 ireply->status); 698 status = OKM_ERR_DAEMON; 699 } 700 ret = okm_send_reply(okmsp, ireply->transid, status, 701 sadb_msg_errno, sadb_msg_version); 702 /* 703 * Clean up the cached request now. 704 */ 705 if (ret == 0) { 706 kmem_free(okmsp->km_reqp, okmsp->km_reqlen); 707 okmsp->km_reqp = NULL; 708 okmsp->km_reqlen = 0; 709 } 710 mutex_exit(&okmsp->km_lock); 711 DPRINTF(DBG_DRV, ("okm_process_status: ret=%d\n", ret)); 712 return (ret); 713 } 714 715 /* 716 * okm_copyin_ioctl_getreq - copy-in the ioctl request from the daemon. 717 */ 718 719 static int 720 okm_copyin_ioctl_getreq(intptr_t userarg, sckm_ioctl_getreq_t *driverarg, 721 int flag) 722 { 723 #ifdef _MULTI_DATAMODEL 724 switch (ddi_model_convert_from(flag & FMODELS)) { 725 case DDI_MODEL_ILP32: { 726 sckm_ioctl_getreq32_t driverarg32; 727 if (ddi_copyin((caddr_t)userarg, &driverarg32, 728 sizeof (sckm_ioctl_getreq32_t), flag)) { 729 return (EFAULT); 730 } 731 driverarg->transid = driverarg32.transid; 732 driverarg->type = driverarg32.type; 733 driverarg->buf = (caddr_t)(uintptr_t)driverarg32.buf; 734 driverarg->buf_len = driverarg32.buf_len; 735 break; 736 } 737 case DDI_MODEL_NONE: { 738 if (ddi_copyin((caddr_t)userarg, &driverarg, 739 sizeof (sckm_ioctl_getreq_t), flag)) { 740 return (EFAULT); 741 } 742 break; 743 } 744 } 745 #else /* ! _MULTI_DATAMODEL */ 746 if (ddi_copyin((caddr_t)userarg, &driverarg, 747 sizeof (sckm_ioctl_getreq_t), flag)) { 748 return (EFAULT); 749 } 750 #endif /* _MULTI_DATAMODEL */ 751 return (0); 752 } 753 754 755 /* 756 * okm_copyout_ioctl_getreq - copy-out the request to the daemon. 757 */ 758 static int 759 okm_copyout_ioctl_getreq(sckm_ioctl_getreq_t *driverarg, intptr_t userarg, 760 int flag) 761 { 762 #ifdef _MULTI_DATAMODEL 763 switch (ddi_model_convert_from(flag & FMODELS)) { 764 case DDI_MODEL_ILP32: { 765 sckm_ioctl_getreq32_t driverarg32; 766 driverarg32.transid = driverarg->transid; 767 driverarg32.type = driverarg->type; 768 driverarg32.buf = (caddr32_t)(uintptr_t)driverarg->buf; 769 driverarg32.buf_len = driverarg->buf_len; 770 if (ddi_copyout(&driverarg32, (caddr_t)userarg, 771 sizeof (sckm_ioctl_getreq32_t), flag)) { 772 return (EFAULT); 773 } 774 break; 775 } 776 case DDI_MODEL_NONE: 777 if (ddi_copyout(driverarg, (caddr_t)userarg, 778 sizeof (sckm_ioctl_getreq_t), flag)) { 779 return (EFAULT); 780 } 781 break; 782 } 783 #else /* ! _MULTI_DATAMODEL */ 784 if (ddi_copyout(driverarg, (caddr_t)userarg, 785 sizeof (sckm_ioctl_getreq_t), flag)) { 786 return (EFAULT); 787 } 788 #endif /* _MULTI_DATAMODEL */ 789 return (0); 790 } 791 792 /* 793 * okm_cleanup - Cleanup routine. 794 */ 795 static void 796 okm_cleanup(okms_t *okmsp) 797 { 798 799 ASSERT(okmsp != NULL); 800 if (okmsp->km_clean & OKM_CLEAN_NODE) { 801 ddi_remove_minor_node(okmsp->km_dip, NULL); 802 } 803 if (okmsp->km_clean & OKM_CLEAN_LOCK) 804 mutex_destroy(&okmsp->km_lock); 805 if (okmsp->km_clean & OKM_CLEAN_CV) 806 cv_destroy(&okmsp->km_wait); 807 if (okmsp->km_reqp != NULL) { 808 kmem_free(okmsp->km_reqp, okmsp->km_reqlen); 809 okmsp->km_reqp = NULL; 810 okmsp->km_reqlen = 0; 811 } 812 ddi_set_driver_private(okmsp->km_dip, NULL); 813 } 814 815 /* 816 * okm_mbox_init - Mailbox specific initialization. 817 */ 818 static int 819 okm_mbox_init(okms_t *okmsp) 820 { 821 int ret; 822 clock_t tout; 823 824 ASSERT(MUTEX_HELD(&okmsp->km_lock)); 825 okmsp->km_target = OKM_TARGET_ID; 826 okmsp->km_key = DKMD_KEY; 827 okmsp->km_state &= ~OKM_MB_INITED; 828 829 /* Iterate until mailbox gets connected */ 830 while (!(okmsp->km_state & OKM_MB_CONN)) { 831 DPRINTF(DBG_MBOX, ("okm_mbox_init: calling mb_init\n")); 832 ret = scf_mb_init(okmsp->km_target, okmsp->km_key, 833 okm_event_handler, (void *)okmsp); 834 DPRINTF(DBG_MBOX, ("okm_mbox_init: mb_init ret=%d\n", ret)); 835 836 if (ret != 0) { 837 DPRINTF(DBG_MBOX, 838 ("okm_mbox_init: failed ret =%d\n", ret)); 839 DTRACE_PROBE1(okm_mbox_fail, int, ret); 840 } else { 841 okmsp->km_state |= OKM_MB_INITED; 842 843 /* Block until the mailbox is ready to communicate. */ 844 while (!(okmsp->km_state & 845 (OKM_MB_CONN | OKM_MB_DISC))) { 846 847 if (cv_wait_sig(&okmsp->km_wait, 848 &okmsp->km_lock) <= 0) { 849 /* interrupted */ 850 ret = EINTR; 851 break; 852 } 853 } 854 } 855 856 if ((ret != 0) || (okmsp->km_state & OKM_MB_DISC)) { 857 858 if (okmsp->km_state & OKM_MB_INITED) { 859 (void) scf_mb_fini(okmsp->km_target, 860 okmsp->km_key); 861 } 862 if (okmsp->km_state & OKM_MB_DISC) { 863 DPRINTF(DBG_WARN, 864 ("okm_mbox_init: mbox DISC_ERROR\n")); 865 DTRACE_PROBE1(okm_mbox_fail, 866 int, OKM_MB_DISC); 867 } 868 869 okmsp->km_state &= ~(OKM_MB_INITED | OKM_MB_DISC | 870 OKM_MB_CONN); 871 872 if (ret == EINTR) { 873 return (ret); 874 } 875 876 /* 877 * If there was failure, then wait for 878 * OKM_MB_TOUT secs and retry again. 879 */ 880 881 DPRINTF(DBG_MBOX, ("okm_mbox_init: waiting...\n")); 882 tout = ddi_get_lbolt() + drv_usectohz(OKM_MB_TOUT); 883 ret = cv_timedwait_sig(&okmsp->km_wait, 884 &okmsp->km_lock, tout); 885 if (ret == 0) { 886 /* if interrupted, return immediately. */ 887 DPRINTF(DBG_MBOX, 888 ("okm_mbox_init: interrupted\n")); 889 return (EINTR); 890 } 891 } 892 } 893 894 ret = scf_mb_ctrl(okmsp->km_target, okmsp->km_key, 895 SCF_MBOP_MAXMSGSIZE, &okmsp->km_maxsz); 896 897 /* 898 * The max msg size should be at least the size of reply 899 * we need to send. 900 */ 901 if ((ret == 0) && (okmsp->km_maxsz < sizeof (okm_rep_hdr_t))) { 902 cmn_err(CE_WARN, "Max message size expected >= %ld " 903 "but found %d\n", sizeof (okm_rep_hdr_t), okmsp->km_maxsz); 904 ret = EIO; 905 } 906 if (ret != 0) { 907 okmsp->km_state &= ~OKM_MB_INITED; 908 (void) scf_mb_fini(okmsp->km_target, okmsp->km_key); 909 } 910 DPRINTF(DBG_MBOX, ("okm_mbox_init: mb_init ret=%d\n", ret)); 911 return (ret); 912 } 913 914 /* 915 * okm_mbox_fini - Mailbox de-initialization. 916 */ 917 static void 918 okm_mbox_fini(okms_t *okmsp) 919 { 920 int ret = 0; 921 922 ASSERT(MUTEX_HELD(&okmsp->km_lock)); 923 if (okmsp->km_state & OKM_MB_INITED) { 924 DPRINTF(DBG_MBOX, ("okm_mbox_fini: calling mb_fini\n")); 925 ret = scf_mb_fini(okmsp->km_target, okmsp->km_key); 926 DPRINTF(DBG_MBOX, ("okm_mbox_fini: mb_fini ret=%d\n", ret)); 927 if (ret != 0) { 928 cmn_err(CE_WARN, 929 "Failed to close the Mailbox error=%d", ret); 930 } 931 okmsp->km_state &= ~(OKM_MB_INITED | OKM_MB_CONN | OKM_MB_DISC); 932 } 933 } 934 935 /* 936 * okm_event_handler - Mailbox event handler. 937 * 938 * Description: Implements a state machine to handle all the mailbox 939 * events. For each event, it sets the appropriate state 940 * flag and wakes up the threads waiting for that event. 941 */ 942 void 943 okm_event_handler(scf_event_t event, void *arg) 944 { 945 okms_t *okmsp = (okms_t *)arg; 946 947 DPRINTF(DBG_MBOX, ("okm_event_handler: called\n")); 948 ASSERT(okmsp != NULL); 949 mutex_enter(&okmsp->km_lock); 950 if (!(okmsp->km_state & OKM_MB_INITED)) { 951 /* 952 * Ignore all events if the state flag indicates that the 953 * mailbox not initialized, this may happen during the close. 954 */ 955 mutex_exit(&okmsp->km_lock); 956 DPRINTF(DBG_MBOX, 957 ("okm_event_handler: event=0x%X - mailbox not inited \n", 958 event)); 959 return; 960 } 961 switch (event) { 962 case SCF_MB_CONN_OK: 963 DPRINTF(DBG_MBOX, ("okm_event_handler: Event CONN_OK\n")); 964 /* 965 * Now the mailbox is ready to use, lets wake up 966 * any one waiting for this event. 967 */ 968 okmsp->km_state |= OKM_MB_CONN; 969 cv_broadcast(&okmsp->km_wait); 970 break; 971 972 case SCF_MB_MSG_DATA: 973 DPRINTF(DBG_MBOX, ("okm_event_handler: Event MSG_DATA\n")); 974 /* 975 * A message is available in the mailbox, 976 * wakeup if any one is ready to read the message. 977 */ 978 if (OKM_MBOX_READY(okmsp)) { 979 cv_broadcast(&okmsp->km_wait); 980 } 981 break; 982 983 case SCF_MB_SPACE: 984 DPRINTF(DBG_MBOX, ("okm_event_handler: Event MB_SPACE\n")); 985 /* 986 * Now the mailbox is ready to transmit, lets 987 * wakeup if any one is waiting to write. 988 */ 989 if (OKM_MBOX_READY(okmsp)) { 990 cv_broadcast(&okmsp->km_wait); 991 } 992 break; 993 case SCF_MB_DISC_ERROR: 994 DPRINTF(DBG_MBOX, ("okm_event_handler: Event DISC_ERROR\n")); 995 okmsp->km_state &= ~OKM_MB_CONN; 996 okmsp->km_state |= OKM_MB_DISC; 997 cv_broadcast(&okmsp->km_wait); 998 break; 999 default: 1000 cmn_err(CE_WARN, "Unexpected event received\n"); 1001 } 1002 mutex_exit(&okmsp->km_lock); 1003 } 1004 1005 /* 1006 * okm_send_reply - Send a mailbox reply message. 1007 */ 1008 int 1009 okm_send_reply(okms_t *okmsp, uint32_t transid, 1010 uint32_t status, uint32_t sadb_err, uint32_t sadb_ver) 1011 { 1012 okm_rep_hdr_t reply; 1013 int ret = EIO; 1014 1015 DPRINTF(DBG_DRV, ("okm_send_reply: called\n")); 1016 ASSERT(MUTEX_HELD(&okmsp->km_lock)); 1017 reply.krp_version = htonl(OKM_PROTOCOL_VERSION); 1018 reply.krp_transid = htonl(transid); 1019 reply.krp_status = htonl(status); 1020 reply.krp_sadb_errno = htonl(sadb_err); 1021 reply.krp_sadb_version = htonl(sadb_ver); 1022 okmsp->km_sg_tx.msc_dptr = (caddr_t)&reply; 1023 okmsp->km_sg_tx.msc_len = sizeof (reply); 1024 DUMP_REPLY(&reply); 1025 1026 while (OKM_MBOX_READY(okmsp)) { 1027 DPRINTF(DBG_MBOX, ("okm_send_reply: sending reply\n")); 1028 ret = scf_mb_putmsg(okmsp->km_target, okmsp->km_key, 1029 sizeof (reply), 1, &okmsp->km_sg_tx, 0); 1030 DPRINTF(DBG_MBOX, ("okm_send_reply: putmsg ret=%d\n", ret)); 1031 if (ret == EBUSY || ret == ENOSPC) { 1032 /* mailbox is busy, poll/retry */ 1033 if (cv_timedwait_sig(&okmsp->km_wait, 1034 &okmsp->km_lock, okm_timeout_val(ret)) == 0) { 1035 /* interrupted */ 1036 ret = EINTR; 1037 DPRINTF(DBG_DRV, 1038 ("okm_send_reply: interrupted\n")); 1039 break; 1040 } 1041 } else { 1042 break; 1043 } 1044 } 1045 DPRINTF(DBG_DRV, ("okm_send_reply: ret=%d\n", ret)); 1046 return (ret); 1047 } 1048 1049 /* 1050 * okm_timeout_val -- Return appropriate timeout value. 1051 * 1052 * A small timeout value is returned for EBUSY as the mailbox busy 1053 * condition may go away sooner and we are expected to poll. 1054 * 1055 * A larger timeout value is returned for ENOSPC case, as the condition 1056 * depends on the peer to release buffer space. 1057 * NOTE: there will also be an event(SCF_MB_SPACE) but a timeout is 1058 * used for reliability purposes. 1059 */ 1060 static clock_t 1061 okm_timeout_val(int error) 1062 { 1063 clock_t tval; 1064 1065 ASSERT(error == EBUSY || error == ENOSPC); 1066 1067 if (error == EBUSY) { 1068 tval = OKM_SM_TOUT; 1069 } else { 1070 tval = OKM_LG_TOUT; 1071 } 1072 return (drv_usectohz(tval)); 1073 } 1074 1075 #ifdef DEBUG 1076 static void 1077 okm_print_req(okm_req_hdr_t *reqp, uint32_t len) 1078 { 1079 uint8_t *datap = (uint8_t *)(((char *)reqp) + sizeof (okm_req_hdr_t)); 1080 int msglen = len - sizeof (okm_req_hdr_t); 1081 int i, j; 1082 #define BYTES_PER_LINE 20 1083 char bytestr[BYTES_PER_LINE * 3 + 1]; 1084 1085 if (!(okm_debug & DBG_MESG)) 1086 return; 1087 printf("OKM: Request ver=%d transid=%d cmd=%s\n", 1088 reqp->krq_version, reqp->krq_transid, 1089 ((reqp->krq_cmd == OKM_MSG_SADB) ? "MSG_SADB" : "UNKNOWN")); 1090 for (i = 0; i < msglen; ) { 1091 for (j = 0; (j < BYTES_PER_LINE) && (i < msglen); j++, i++) { 1092 sprintf(&bytestr[j * 3], "%02X ", datap[i]); 1093 } 1094 if (j != 0) { 1095 printf("\t%s\n", bytestr); 1096 } 1097 } 1098 } 1099 1100 static void 1101 okm_print_rep(okm_rep_hdr_t *repp) 1102 { 1103 if (!(okm_debug & DBG_MESG)) 1104 return; 1105 printf("OKM: Reply Ver=%d Transid=%d Status=%d ", 1106 repp->krp_version, repp->krp_transid, repp->krp_status); 1107 printf("Sadb_errno=%d Sadb_ver=%d\n", repp->krp_sadb_errno, 1108 repp->krp_sadb_version); 1109 } 1110 #endif 1111