Avoid beyond bounds copy while caching ACL
[zen-stable.git] / drivers / char / hw_random / via-rng.c
blobd0387a84eec1363ff40a05854ecaf48f51f63701
1 /*
2 * RNG driver for VIA RNGs
4 * Copyright 2005 (c) MontaVista Software, Inc.
6 * with the majority of the code coming from:
8 * Hardware driver for the Intel/AMD/VIA Random Number Generators (RNG)
9 * (c) Copyright 2003 Red Hat Inc <jgarzik@redhat.com>
11 * derived from
13 * Hardware driver for the AMD 768 Random Number Generator (RNG)
14 * (c) Copyright 2001 Red Hat Inc
16 * derived from
18 * Hardware driver for Intel i810 Random Number Generator (RNG)
19 * Copyright 2000,2001 Jeff Garzik <jgarzik@pobox.com>
20 * Copyright 2000,2001 Philipp Rumpf <prumpf@mandrakesoft.com>
22 * This file is licensed under the terms of the GNU General Public
23 * License version 2. This program is licensed "as is" without any
24 * warranty of any kind, whether express or implied.
27 #include <crypto/padlock.h>
28 #include <linux/module.h>
29 #include <linux/kernel.h>
30 #include <linux/hw_random.h>
31 #include <linux/delay.h>
32 #include <asm/io.h>
33 #include <asm/msr.h>
34 #include <asm/cpufeature.h>
35 #include <asm/i387.h>
40 enum {
41 VIA_STRFILT_CNT_SHIFT = 16,
42 VIA_STRFILT_FAIL = (1 << 15),
43 VIA_STRFILT_ENABLE = (1 << 14),
44 VIA_RAWBITS_ENABLE = (1 << 13),
45 VIA_RNG_ENABLE = (1 << 6),
46 VIA_NOISESRC1 = (1 << 8),
47 VIA_NOISESRC2 = (1 << 9),
48 VIA_XSTORE_CNT_MASK = 0x0F,
50 VIA_RNG_CHUNK_8 = 0x00, /* 64 rand bits, 64 stored bits */
51 VIA_RNG_CHUNK_4 = 0x01, /* 32 rand bits, 32 stored bits */
52 VIA_RNG_CHUNK_4_MASK = 0xFFFFFFFF,
53 VIA_RNG_CHUNK_2 = 0x02, /* 16 rand bits, 32 stored bits */
54 VIA_RNG_CHUNK_2_MASK = 0xFFFF,
55 VIA_RNG_CHUNK_1 = 0x03, /* 8 rand bits, 32 stored bits */
56 VIA_RNG_CHUNK_1_MASK = 0xFF,
60 * Investigate using the 'rep' prefix to obtain 32 bits of random data
61 * in one insn. The upside is potentially better performance. The
62 * downside is that the instruction becomes no longer atomic. Due to
63 * this, just like familiar issues with /dev/random itself, the worst
64 * case of a 'rep xstore' could potentially pause a cpu for an
65 * unreasonably long time. In practice, this condition would likely
66 * only occur when the hardware is failing. (or so we hope :))
68 * Another possible performance boost may come from simply buffering
69 * until we have 4 bytes, thus returning a u32 at a time,
70 * instead of the current u8-at-a-time.
72 * Padlock instructions can generate a spurious DNA fault, so
73 * we have to call them in the context of irq_ts_save/restore()
76 static inline u32 xstore(u32 *addr, u32 edx_in)
78 u32 eax_out;
79 int ts_state;
81 ts_state = irq_ts_save();
83 asm(".byte 0x0F,0xA7,0xC0 /* xstore %%edi (addr=%0) */"
84 : "=m" (*addr), "=a" (eax_out), "+d" (edx_in), "+D" (addr));
86 irq_ts_restore(ts_state);
87 return eax_out;
90 static int via_rng_data_present(struct hwrng *rng, int wait)
92 char buf[16 + PADLOCK_ALIGNMENT - STACK_ALIGN] __attribute__
93 ((aligned(STACK_ALIGN)));
94 u32 *via_rng_datum = (u32 *)PTR_ALIGN(&buf[0], PADLOCK_ALIGNMENT);
95 u32 bytes_out;
96 int i;
98 /* We choose the recommended 1-byte-per-instruction RNG rate,
99 * for greater randomness at the expense of speed. Larger
100 * values 2, 4, or 8 bytes-per-instruction yield greater
101 * speed at lesser randomness.
103 * If you change this to another VIA_CHUNK_n, you must also
104 * change the ->n_bytes values in rng_vendor_ops[] tables.
105 * VIA_CHUNK_8 requires further code changes.
107 * A copy of MSR_VIA_RNG is placed in eax_out when xstore
108 * completes.
111 for (i = 0; i < 20; i++) {
112 *via_rng_datum = 0; /* paranoia, not really necessary */
113 bytes_out = xstore(via_rng_datum, VIA_RNG_CHUNK_1);
114 bytes_out &= VIA_XSTORE_CNT_MASK;
115 if (bytes_out || !wait)
116 break;
117 udelay(10);
119 rng->priv = *via_rng_datum;
120 return bytes_out ? 1 : 0;
123 static int via_rng_data_read(struct hwrng *rng, u32 *data)
125 u32 via_rng_datum = (u32)rng->priv;
127 *data = via_rng_datum;
129 return 1;
132 static int via_rng_init(struct hwrng *rng)
134 struct cpuinfo_x86 *c = &cpu_data(0);
135 u32 lo, hi, old_lo;
137 /* VIA Nano CPUs don't have the MSR_VIA_RNG anymore. The RNG
138 * is always enabled if CPUID rng_en is set. There is no
139 * RNG configuration like it used to be the case in this
140 * register */
141 if ((c->x86 == 6) && (c->x86_model >= 0x0f)) {
142 if (!cpu_has_xstore_enabled) {
143 printk(KERN_ERR PFX "can't enable hardware RNG "
144 "if XSTORE is not enabled\n");
145 return -ENODEV;
147 return 0;
150 /* Control the RNG via MSR. Tread lightly and pay very close
151 * close attention to values written, as the reserved fields
152 * are documented to be "undefined and unpredictable"; but it
153 * does not say to write them as zero, so I make a guess that
154 * we restore the values we find in the register.
156 rdmsr(MSR_VIA_RNG, lo, hi);
158 old_lo = lo;
159 lo &= ~(0x7f << VIA_STRFILT_CNT_SHIFT);
160 lo &= ~VIA_XSTORE_CNT_MASK;
161 lo &= ~(VIA_STRFILT_ENABLE | VIA_STRFILT_FAIL | VIA_RAWBITS_ENABLE);
162 lo |= VIA_RNG_ENABLE;
163 lo |= VIA_NOISESRC1;
165 /* Enable secondary noise source on CPUs where it is present. */
167 /* Nehemiah stepping 8 and higher */
168 if ((c->x86_model == 9) && (c->x86_mask > 7))
169 lo |= VIA_NOISESRC2;
171 /* Esther */
172 if (c->x86_model >= 10)
173 lo |= VIA_NOISESRC2;
175 if (lo != old_lo)
176 wrmsr(MSR_VIA_RNG, lo, hi);
178 /* perhaps-unnecessary sanity check; remove after testing if
179 unneeded */
180 rdmsr(MSR_VIA_RNG, lo, hi);
181 if ((lo & VIA_RNG_ENABLE) == 0) {
182 printk(KERN_ERR PFX "cannot enable VIA C3 RNG, aborting\n");
183 return -ENODEV;
186 return 0;
190 static struct hwrng via_rng = {
191 .name = "via",
192 .init = via_rng_init,
193 .data_present = via_rng_data_present,
194 .data_read = via_rng_data_read,
198 static int __init mod_init(void)
200 int err;
202 if (!cpu_has_xstore)
203 return -ENODEV;
204 printk(KERN_INFO "VIA RNG detected\n");
205 err = hwrng_register(&via_rng);
206 if (err) {
207 printk(KERN_ERR PFX "RNG registering failed (%d)\n",
208 err);
209 goto out;
211 out:
212 return err;
215 static void __exit mod_exit(void)
217 hwrng_unregister(&via_rng);
220 module_init(mod_init);
221 module_exit(mod_exit);
223 MODULE_DESCRIPTION("H/W RNG driver for VIA CPU with PadLock");
224 MODULE_LICENSE("GPL");