Loading...
1/*
2 * Copyright © 2016 Intel Corporation
3 *
4 * Authors:
5 * Scott Bauer <scott.bauer@intel.com>
6 * Rafael Antognolli <rafael.antognolli@intel.com>
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms and conditions of the GNU General Public License,
10 * version 2, as published by the Free Software Foundation.
11 *
12 * This program is distributed in the hope it will be useful, but WITHOUT
13 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * more details.
16 */
17
18#define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
19
20#include <linux/delay.h>
21#include <linux/device.h>
22#include <linux/kernel.h>
23#include <linux/list.h>
24#include <linux/genhd.h>
25#include <linux/slab.h>
26#include <linux/uaccess.h>
27#include <uapi/linux/sed-opal.h>
28#include <linux/sed-opal.h>
29#include <linux/string.h>
30#include <linux/kdev_t.h>
31
32#include "opal_proto.h"
33
34#define IO_BUFFER_LENGTH 2048
35#define MAX_TOKS 64
36
37struct opal_step {
38 int (*fn)(struct opal_dev *dev, void *data);
39 void *data;
40};
41typedef int (cont_fn)(struct opal_dev *dev);
42
43enum opal_atom_width {
44 OPAL_WIDTH_TINY,
45 OPAL_WIDTH_SHORT,
46 OPAL_WIDTH_MEDIUM,
47 OPAL_WIDTH_LONG,
48 OPAL_WIDTH_TOKEN
49};
50
51/*
52 * On the parsed response, we don't store again the toks that are already
53 * stored in the response buffer. Instead, for each token, we just store a
54 * pointer to the position in the buffer where the token starts, and the size
55 * of the token in bytes.
56 */
57struct opal_resp_tok {
58 const u8 *pos;
59 size_t len;
60 enum opal_response_token type;
61 enum opal_atom_width width;
62 union {
63 u64 u;
64 s64 s;
65 } stored;
66};
67
68/*
69 * From the response header it's not possible to know how many tokens there are
70 * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
71 * if we start dealing with messages that have more than that, we can increase
72 * this number. This is done to avoid having to make two passes through the
73 * response, the first one counting how many tokens we have and the second one
74 * actually storing the positions.
75 */
76struct parsed_resp {
77 int num;
78 struct opal_resp_tok toks[MAX_TOKS];
79};
80
81struct opal_dev {
82 bool supported;
83 bool mbr_enabled;
84
85 void *data;
86 sec_send_recv *send_recv;
87
88 const struct opal_step *steps;
89 struct mutex dev_lock;
90 u16 comid;
91 u32 hsn;
92 u32 tsn;
93 u64 align;
94 u64 lowest_lba;
95
96 size_t pos;
97 u8 cmd[IO_BUFFER_LENGTH];
98 u8 resp[IO_BUFFER_LENGTH];
99
100 struct parsed_resp parsed;
101 size_t prev_d_len;
102 void *prev_data;
103
104 struct list_head unlk_lst;
105};
106
107
108static const u8 opaluid[][OPAL_UID_LENGTH] = {
109 /* users */
110 [OPAL_SMUID_UID] =
111 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
112 [OPAL_THISSP_UID] =
113 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
114 [OPAL_ADMINSP_UID] =
115 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
116 [OPAL_LOCKINGSP_UID] =
117 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
118 [OPAL_ENTERPRISE_LOCKINGSP_UID] =
119 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
120 [OPAL_ANYBODY_UID] =
121 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
122 [OPAL_SID_UID] =
123 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
124 [OPAL_ADMIN1_UID] =
125 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
126 [OPAL_USER1_UID] =
127 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
128 [OPAL_USER2_UID] =
129 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
130 [OPAL_PSID_UID] =
131 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
132 [OPAL_ENTERPRISE_BANDMASTER0_UID] =
133 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
134 [OPAL_ENTERPRISE_ERASEMASTER_UID] =
135 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
136
137 /* tables */
138
139 [OPAL_LOCKINGRANGE_GLOBAL] =
140 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
141 [OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
142 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
143 [OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
144 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
145 [OPAL_MBRCONTROL] =
146 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
147 [OPAL_MBR] =
148 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
149 [OPAL_AUTHORITY_TABLE] =
150 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
151 [OPAL_C_PIN_TABLE] =
152 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
153 [OPAL_LOCKING_INFO_TABLE] =
154 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
155 [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
156 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
157
158 /* C_PIN_TABLE object ID's */
159
160 [OPAL_C_PIN_MSID] =
161 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
162 [OPAL_C_PIN_SID] =
163 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
164 [OPAL_C_PIN_ADMIN1] =
165 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
166
167 /* half UID's (only first 4 bytes used) */
168
169 [OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
170 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
171 [OPAL_HALF_UID_BOOLEAN_ACE] =
172 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
173
174 /* special value for omitted optional parameter */
175 [OPAL_UID_HEXFF] =
176 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
177};
178
179/*
180 * TCG Storage SSC Methods.
181 * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
182 * Section: 6.3 Assigned UIDs
183 */
184static const u8 opalmethod[][OPAL_UID_LENGTH] = {
185 [OPAL_PROPERTIES] =
186 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
187 [OPAL_STARTSESSION] =
188 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
189 [OPAL_REVERT] =
190 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
191 [OPAL_ACTIVATE] =
192 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
193 [OPAL_EGET] =
194 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
195 [OPAL_ESET] =
196 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
197 [OPAL_NEXT] =
198 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
199 [OPAL_EAUTHENTICATE] =
200 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
201 [OPAL_GETACL] =
202 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
203 [OPAL_GENKEY] =
204 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
205 [OPAL_REVERTSP] =
206 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
207 [OPAL_GET] =
208 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
209 [OPAL_SET] =
210 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
211 [OPAL_AUTHENTICATE] =
212 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
213 [OPAL_RANDOM] =
214 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
215 [OPAL_ERASE] =
216 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
217};
218
219static int end_opal_session_error(struct opal_dev *dev);
220
221struct opal_suspend_data {
222 struct opal_lock_unlock unlk;
223 u8 lr;
224 struct list_head node;
225};
226
227/*
228 * Derived from:
229 * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
230 * Section: 5.1.5 Method Status Codes
231 */
232static const char * const opal_errors[] = {
233 "Success",
234 "Not Authorized",
235 "Unknown Error",
236 "SP Busy",
237 "SP Failed",
238 "SP Disabled",
239 "SP Frozen",
240 "No Sessions Available",
241 "Uniqueness Conflict",
242 "Insufficient Space",
243 "Insufficient Rows",
244 "Invalid Function",
245 "Invalid Parameter",
246 "Invalid Reference",
247 "Unknown Error",
248 "TPER Malfunction",
249 "Transaction Failure",
250 "Response Overflow",
251 "Authority Locked Out",
252};
253
254static const char *opal_error_to_human(int error)
255{
256 if (error == 0x3f)
257 return "Failed";
258
259 if (error >= ARRAY_SIZE(opal_errors) || error < 0)
260 return "Unknown Error";
261
262 return opal_errors[error];
263}
264
265static void print_buffer(const u8 *ptr, u32 length)
266{
267#ifdef DEBUG
268 print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
269 pr_debug("\n");
270#endif
271}
272
273static bool check_tper(const void *data)
274{
275 const struct d0_tper_features *tper = data;
276 u8 flags = tper->supported_features;
277
278 if (!(flags & TPER_SYNC_SUPPORTED)) {
279 pr_debug("TPer sync not supported. flags = %d\n",
280 tper->supported_features);
281 return false;
282 }
283
284 return true;
285}
286
287static bool check_mbrenabled(const void *data)
288{
289 const struct d0_locking_features *lfeat = data;
290 u8 sup_feat = lfeat->supported_features;
291
292 return !!(sup_feat & MBR_ENABLED_MASK);
293}
294
295static bool check_sum(const void *data)
296{
297 const struct d0_single_user_mode *sum = data;
298 u32 nlo = be32_to_cpu(sum->num_locking_objects);
299
300 if (nlo == 0) {
301 pr_debug("Need at least one locking object.\n");
302 return false;
303 }
304
305 pr_debug("Number of locking objects: %d\n", nlo);
306
307 return true;
308}
309
310static u16 get_comid_v100(const void *data)
311{
312 const struct d0_opal_v100 *v100 = data;
313
314 return be16_to_cpu(v100->baseComID);
315}
316
317static u16 get_comid_v200(const void *data)
318{
319 const struct d0_opal_v200 *v200 = data;
320
321 return be16_to_cpu(v200->baseComID);
322}
323
324static int opal_send_cmd(struct opal_dev *dev)
325{
326 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
327 dev->cmd, IO_BUFFER_LENGTH,
328 true);
329}
330
331static int opal_recv_cmd(struct opal_dev *dev)
332{
333 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
334 dev->resp, IO_BUFFER_LENGTH,
335 false);
336}
337
338static int opal_recv_check(struct opal_dev *dev)
339{
340 size_t buflen = IO_BUFFER_LENGTH;
341 void *buffer = dev->resp;
342 struct opal_header *hdr = buffer;
343 int ret;
344
345 do {
346 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
347 hdr->cp.outstandingData,
348 hdr->cp.minTransfer);
349
350 if (hdr->cp.outstandingData == 0 ||
351 hdr->cp.minTransfer != 0)
352 return 0;
353
354 memset(buffer, 0, buflen);
355 ret = opal_recv_cmd(dev);
356 } while (!ret);
357
358 return ret;
359}
360
361static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
362{
363 int ret;
364
365 ret = opal_send_cmd(dev);
366 if (ret)
367 return ret;
368 ret = opal_recv_cmd(dev);
369 if (ret)
370 return ret;
371 ret = opal_recv_check(dev);
372 if (ret)
373 return ret;
374 return cont(dev);
375}
376
377static void check_geometry(struct opal_dev *dev, const void *data)
378{
379 const struct d0_geometry_features *geo = data;
380
381 dev->align = geo->alignment_granularity;
382 dev->lowest_lba = geo->lowest_aligned_lba;
383}
384
385static int next(struct opal_dev *dev)
386{
387 const struct opal_step *step;
388 int state = 0, error = 0;
389
390 do {
391 step = &dev->steps[state];
392 if (!step->fn)
393 break;
394
395 error = step->fn(dev, step->data);
396 if (error) {
397 pr_debug("Error on step function: %d with error %d: %s\n",
398 state, error,
399 opal_error_to_human(error));
400
401 /* For each OPAL command we do a discovery0 then we
402 * start some sort of session.
403 * If we haven't passed state 1 then there was an error
404 * on discovery0 or during the attempt to start a
405 * session. Therefore we shouldn't attempt to terminate
406 * a session, as one has not yet been created.
407 */
408 if (state > 1) {
409 end_opal_session_error(dev);
410 return error;
411 }
412
413 }
414 state++;
415 } while (!error);
416
417 return error;
418}
419
420static int opal_discovery0_end(struct opal_dev *dev)
421{
422 bool found_com_id = false, supported = true, single_user = false;
423 const struct d0_header *hdr = (struct d0_header *)dev->resp;
424 const u8 *epos = dev->resp, *cpos = dev->resp;
425 u16 comid = 0;
426 u32 hlen = be32_to_cpu(hdr->length);
427
428 print_buffer(dev->resp, hlen);
429 dev->mbr_enabled = false;
430
431 if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
432 pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
433 sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
434 return -EFAULT;
435 }
436
437 epos += hlen; /* end of buffer */
438 cpos += sizeof(*hdr); /* current position on buffer */
439
440 while (cpos < epos && supported) {
441 const struct d0_features *body =
442 (const struct d0_features *)cpos;
443
444 switch (be16_to_cpu(body->code)) {
445 case FC_TPER:
446 supported = check_tper(body->features);
447 break;
448 case FC_SINGLEUSER:
449 single_user = check_sum(body->features);
450 break;
451 case FC_GEOMETRY:
452 check_geometry(dev, body);
453 break;
454 case FC_LOCKING:
455 dev->mbr_enabled = check_mbrenabled(body->features);
456 break;
457 case FC_ENTERPRISE:
458 case FC_DATASTORE:
459 /* some ignored properties */
460 pr_debug("Found OPAL feature description: %d\n",
461 be16_to_cpu(body->code));
462 break;
463 case FC_OPALV100:
464 comid = get_comid_v100(body->features);
465 found_com_id = true;
466 break;
467 case FC_OPALV200:
468 comid = get_comid_v200(body->features);
469 found_com_id = true;
470 break;
471 case 0xbfff ... 0xffff:
472 /* vendor specific, just ignore */
473 break;
474 default:
475 pr_debug("OPAL Unknown feature: %d\n",
476 be16_to_cpu(body->code));
477
478 }
479 cpos += body->length + 4;
480 }
481
482 if (!supported) {
483 pr_debug("This device is not Opal enabled. Not Supported!\n");
484 return -EOPNOTSUPP;
485 }
486
487 if (!single_user)
488 pr_debug("Device doesn't support single user mode\n");
489
490
491 if (!found_com_id) {
492 pr_debug("Could not find OPAL comid for device. Returning early\n");
493 return -EOPNOTSUPP;
494 }
495
496 dev->comid = comid;
497
498 return 0;
499}
500
501static int opal_discovery0(struct opal_dev *dev, void *data)
502{
503 int ret;
504
505 memset(dev->resp, 0, IO_BUFFER_LENGTH);
506 dev->comid = OPAL_DISCOVERY_COMID;
507 ret = opal_recv_cmd(dev);
508 if (ret)
509 return ret;
510 return opal_discovery0_end(dev);
511}
512
513static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
514{
515 if (*err)
516 return;
517 if (cmd->pos >= IO_BUFFER_LENGTH - 1) {
518 pr_debug("Error adding u8: end of buffer.\n");
519 *err = -ERANGE;
520 return;
521 }
522 cmd->cmd[cmd->pos++] = tok;
523}
524
525static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
526 bool has_sign, int len)
527{
528 u8 atom;
529 int err = 0;
530
531 atom = SHORT_ATOM_ID;
532 atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
533 atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
534 atom |= len & SHORT_ATOM_LEN_MASK;
535
536 add_token_u8(&err, cmd, atom);
537}
538
539static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
540 bool has_sign, int len)
541{
542 u8 header0;
543
544 header0 = MEDIUM_ATOM_ID;
545 header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
546 header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
547 header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
548 cmd->cmd[cmd->pos++] = header0;
549 cmd->cmd[cmd->pos++] = len;
550}
551
552static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
553{
554
555 size_t len;
556 int msb;
557
558 if (!(number & ~TINY_ATOM_DATA_MASK)) {
559 add_token_u8(err, cmd, number);
560 return;
561 }
562
563 msb = fls64(number);
564 len = DIV_ROUND_UP(msb, 8);
565
566 if (cmd->pos >= IO_BUFFER_LENGTH - len - 1) {
567 pr_debug("Error adding u64: end of buffer.\n");
568 *err = -ERANGE;
569 return;
570 }
571 add_short_atom_header(cmd, false, false, len);
572 while (len--)
573 add_token_u8(err, cmd, number >> (len * 8));
574}
575
576static void add_token_bytestring(int *err, struct opal_dev *cmd,
577 const u8 *bytestring, size_t len)
578{
579 size_t header_len = 1;
580 bool is_short_atom = true;
581
582 if (*err)
583 return;
584
585 if (len & ~SHORT_ATOM_LEN_MASK) {
586 header_len = 2;
587 is_short_atom = false;
588 }
589
590 if (len >= IO_BUFFER_LENGTH - cmd->pos - header_len) {
591 pr_debug("Error adding bytestring: end of buffer.\n");
592 *err = -ERANGE;
593 return;
594 }
595
596 if (is_short_atom)
597 add_short_atom_header(cmd, true, false, len);
598 else
599 add_medium_atom_header(cmd, true, false, len);
600
601 memcpy(&cmd->cmd[cmd->pos], bytestring, len);
602 cmd->pos += len;
603
604}
605
606static int build_locking_range(u8 *buffer, size_t length, u8 lr)
607{
608 if (length > OPAL_UID_LENGTH) {
609 pr_debug("Can't build locking range. Length OOB\n");
610 return -ERANGE;
611 }
612
613 memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
614
615 if (lr == 0)
616 return 0;
617 buffer[5] = LOCKING_RANGE_NON_GLOBAL;
618 buffer[7] = lr;
619
620 return 0;
621}
622
623static int build_locking_user(u8 *buffer, size_t length, u8 lr)
624{
625 if (length > OPAL_UID_LENGTH) {
626 pr_debug("Can't build locking range user, Length OOB\n");
627 return -ERANGE;
628 }
629
630 memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
631
632 buffer[7] = lr + 1;
633
634 return 0;
635}
636
637static void set_comid(struct opal_dev *cmd, u16 comid)
638{
639 struct opal_header *hdr = (struct opal_header *)cmd->cmd;
640
641 hdr->cp.extendedComID[0] = comid >> 8;
642 hdr->cp.extendedComID[1] = comid;
643 hdr->cp.extendedComID[2] = 0;
644 hdr->cp.extendedComID[3] = 0;
645}
646
647static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
648{
649 struct opal_header *hdr;
650 int err = 0;
651
652 add_token_u8(&err, cmd, OPAL_ENDOFDATA);
653 add_token_u8(&err, cmd, OPAL_STARTLIST);
654 add_token_u8(&err, cmd, 0);
655 add_token_u8(&err, cmd, 0);
656 add_token_u8(&err, cmd, 0);
657 add_token_u8(&err, cmd, OPAL_ENDLIST);
658
659 if (err) {
660 pr_debug("Error finalizing command.\n");
661 return -EFAULT;
662 }
663
664 hdr = (struct opal_header *) cmd->cmd;
665
666 hdr->pkt.tsn = cpu_to_be32(tsn);
667 hdr->pkt.hsn = cpu_to_be32(hsn);
668
669 hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
670 while (cmd->pos % 4) {
671 if (cmd->pos >= IO_BUFFER_LENGTH) {
672 pr_debug("Error: Buffer overrun\n");
673 return -ERANGE;
674 }
675 cmd->cmd[cmd->pos++] = 0;
676 }
677 hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
678 sizeof(hdr->pkt));
679 hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
680
681 return 0;
682}
683
684static const struct opal_resp_tok *response_get_token(
685 const struct parsed_resp *resp,
686 int n)
687{
688 const struct opal_resp_tok *tok;
689
690 if (n >= resp->num) {
691 pr_debug("Token number doesn't exist: %d, resp: %d\n",
692 n, resp->num);
693 return ERR_PTR(-EINVAL);
694 }
695
696 tok = &resp->toks[n];
697 if (tok->len == 0) {
698 pr_debug("Token length must be non-zero\n");
699 return ERR_PTR(-EINVAL);
700 }
701
702 return tok;
703}
704
705static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
706 const u8 *pos)
707{
708 tok->pos = pos;
709 tok->len = 1;
710 tok->width = OPAL_WIDTH_TINY;
711
712 if (pos[0] & TINY_ATOM_SIGNED) {
713 tok->type = OPAL_DTA_TOKENID_SINT;
714 } else {
715 tok->type = OPAL_DTA_TOKENID_UINT;
716 tok->stored.u = pos[0] & 0x3f;
717 }
718
719 return tok->len;
720}
721
722static ssize_t response_parse_short(struct opal_resp_tok *tok,
723 const u8 *pos)
724{
725 tok->pos = pos;
726 tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
727 tok->width = OPAL_WIDTH_SHORT;
728
729 if (pos[0] & SHORT_ATOM_BYTESTRING) {
730 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
731 } else if (pos[0] & SHORT_ATOM_SIGNED) {
732 tok->type = OPAL_DTA_TOKENID_SINT;
733 } else {
734 u64 u_integer = 0;
735 ssize_t i, b = 0;
736
737 tok->type = OPAL_DTA_TOKENID_UINT;
738 if (tok->len > 9) {
739 pr_debug("uint64 with more than 8 bytes\n");
740 return -EINVAL;
741 }
742 for (i = tok->len - 1; i > 0; i--) {
743 u_integer |= ((u64)pos[i] << (8 * b));
744 b++;
745 }
746 tok->stored.u = u_integer;
747 }
748
749 return tok->len;
750}
751
752static ssize_t response_parse_medium(struct opal_resp_tok *tok,
753 const u8 *pos)
754{
755 tok->pos = pos;
756 tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
757 tok->width = OPAL_WIDTH_MEDIUM;
758
759 if (pos[0] & MEDIUM_ATOM_BYTESTRING)
760 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
761 else if (pos[0] & MEDIUM_ATOM_SIGNED)
762 tok->type = OPAL_DTA_TOKENID_SINT;
763 else
764 tok->type = OPAL_DTA_TOKENID_UINT;
765
766 return tok->len;
767}
768
769static ssize_t response_parse_long(struct opal_resp_tok *tok,
770 const u8 *pos)
771{
772 tok->pos = pos;
773 tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
774 tok->width = OPAL_WIDTH_LONG;
775
776 if (pos[0] & LONG_ATOM_BYTESTRING)
777 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
778 else if (pos[0] & LONG_ATOM_SIGNED)
779 tok->type = OPAL_DTA_TOKENID_SINT;
780 else
781 tok->type = OPAL_DTA_TOKENID_UINT;
782
783 return tok->len;
784}
785
786static ssize_t response_parse_token(struct opal_resp_tok *tok,
787 const u8 *pos)
788{
789 tok->pos = pos;
790 tok->len = 1;
791 tok->type = OPAL_DTA_TOKENID_TOKEN;
792 tok->width = OPAL_WIDTH_TOKEN;
793
794 return tok->len;
795}
796
797static int response_parse(const u8 *buf, size_t length,
798 struct parsed_resp *resp)
799{
800 const struct opal_header *hdr;
801 struct opal_resp_tok *iter;
802 int num_entries = 0;
803 int total;
804 ssize_t token_length;
805 const u8 *pos;
806 u32 clen, plen, slen;
807
808 if (!buf)
809 return -EFAULT;
810
811 if (!resp)
812 return -EFAULT;
813
814 hdr = (struct opal_header *)buf;
815 pos = buf;
816 pos += sizeof(*hdr);
817
818 clen = be32_to_cpu(hdr->cp.length);
819 plen = be32_to_cpu(hdr->pkt.length);
820 slen = be32_to_cpu(hdr->subpkt.length);
821 pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
822 clen, plen, slen);
823
824 if (clen == 0 || plen == 0 || slen == 0 ||
825 slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
826 pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
827 clen, plen, slen);
828 print_buffer(pos, sizeof(*hdr));
829 return -EINVAL;
830 }
831
832 if (pos > buf + length)
833 return -EFAULT;
834
835 iter = resp->toks;
836 total = slen;
837 print_buffer(pos, total);
838 while (total > 0) {
839 if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
840 token_length = response_parse_tiny(iter, pos);
841 else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
842 token_length = response_parse_short(iter, pos);
843 else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
844 token_length = response_parse_medium(iter, pos);
845 else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
846 token_length = response_parse_long(iter, pos);
847 else /* TOKEN */
848 token_length = response_parse_token(iter, pos);
849
850 if (token_length < 0)
851 return token_length;
852
853 pos += token_length;
854 total -= token_length;
855 iter++;
856 num_entries++;
857 }
858
859 if (num_entries == 0) {
860 pr_debug("Couldn't parse response.\n");
861 return -EINVAL;
862 }
863 resp->num = num_entries;
864
865 return 0;
866}
867
868static size_t response_get_string(const struct parsed_resp *resp, int n,
869 const char **store)
870{
871 u8 skip;
872 const struct opal_resp_tok *token;
873
874 *store = NULL;
875 if (!resp) {
876 pr_debug("Response is NULL\n");
877 return 0;
878 }
879
880 if (n > resp->num) {
881 pr_debug("Response has %d tokens. Can't access %d\n",
882 resp->num, n);
883 return 0;
884 }
885
886 token = &resp->toks[n];
887 if (token->type != OPAL_DTA_TOKENID_BYTESTRING) {
888 pr_debug("Token is not a byte string!\n");
889 return 0;
890 }
891
892 switch (token->width) {
893 case OPAL_WIDTH_TINY:
894 case OPAL_WIDTH_SHORT:
895 skip = 1;
896 break;
897 case OPAL_WIDTH_MEDIUM:
898 skip = 2;
899 break;
900 case OPAL_WIDTH_LONG:
901 skip = 4;
902 break;
903 default:
904 pr_debug("Token has invalid width!\n");
905 return 0;
906 }
907
908 *store = token->pos + skip;
909 return token->len - skip;
910}
911
912static u64 response_get_u64(const struct parsed_resp *resp, int n)
913{
914 if (!resp) {
915 pr_debug("Response is NULL\n");
916 return 0;
917 }
918
919 if (n > resp->num) {
920 pr_debug("Response has %d tokens. Can't access %d\n",
921 resp->num, n);
922 return 0;
923 }
924
925 if (resp->toks[n].type != OPAL_DTA_TOKENID_UINT) {
926 pr_debug("Token is not unsigned it: %d\n",
927 resp->toks[n].type);
928 return 0;
929 }
930
931 if (!(resp->toks[n].width == OPAL_WIDTH_TINY ||
932 resp->toks[n].width == OPAL_WIDTH_SHORT)) {
933 pr_debug("Atom is not short or tiny: %d\n",
934 resp->toks[n].width);
935 return 0;
936 }
937
938 return resp->toks[n].stored.u;
939}
940
941static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
942{
943 if (IS_ERR(token) ||
944 token->type != OPAL_DTA_TOKENID_TOKEN ||
945 token->pos[0] != match)
946 return false;
947 return true;
948}
949
950static u8 response_status(const struct parsed_resp *resp)
951{
952 const struct opal_resp_tok *tok;
953
954 tok = response_get_token(resp, 0);
955 if (response_token_matches(tok, OPAL_ENDOFSESSION))
956 return 0;
957
958 if (resp->num < 5)
959 return DTAERROR_NO_METHOD_STATUS;
960
961 tok = response_get_token(resp, resp->num - 5);
962 if (!response_token_matches(tok, OPAL_STARTLIST))
963 return DTAERROR_NO_METHOD_STATUS;
964
965 tok = response_get_token(resp, resp->num - 1);
966 if (!response_token_matches(tok, OPAL_ENDLIST))
967 return DTAERROR_NO_METHOD_STATUS;
968
969 return response_get_u64(resp, resp->num - 4);
970}
971
972/* Parses and checks for errors */
973static int parse_and_check_status(struct opal_dev *dev)
974{
975 int error;
976
977 print_buffer(dev->cmd, dev->pos);
978
979 error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
980 if (error) {
981 pr_debug("Couldn't parse response.\n");
982 return error;
983 }
984
985 return response_status(&dev->parsed);
986}
987
988static void clear_opal_cmd(struct opal_dev *dev)
989{
990 dev->pos = sizeof(struct opal_header);
991 memset(dev->cmd, 0, IO_BUFFER_LENGTH);
992}
993
994static int start_opal_session_cont(struct opal_dev *dev)
995{
996 u32 hsn, tsn;
997 int error = 0;
998
999 error = parse_and_check_status(dev);
1000 if (error)
1001 return error;
1002
1003 hsn = response_get_u64(&dev->parsed, 4);
1004 tsn = response_get_u64(&dev->parsed, 5);
1005
1006 if (hsn == 0 && tsn == 0) {
1007 pr_debug("Couldn't authenticate session\n");
1008 return -EPERM;
1009 }
1010
1011 dev->hsn = hsn;
1012 dev->tsn = tsn;
1013 return 0;
1014}
1015
1016static void add_suspend_info(struct opal_dev *dev,
1017 struct opal_suspend_data *sus)
1018{
1019 struct opal_suspend_data *iter;
1020
1021 list_for_each_entry(iter, &dev->unlk_lst, node) {
1022 if (iter->lr == sus->lr) {
1023 list_del(&iter->node);
1024 kfree(iter);
1025 break;
1026 }
1027 }
1028 list_add_tail(&sus->node, &dev->unlk_lst);
1029}
1030
1031static int end_session_cont(struct opal_dev *dev)
1032{
1033 dev->hsn = 0;
1034 dev->tsn = 0;
1035 return parse_and_check_status(dev);
1036}
1037
1038static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1039{
1040 int ret;
1041
1042 ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1043 if (ret) {
1044 pr_debug("Error finalizing command buffer: %d\n", ret);
1045 return ret;
1046 }
1047
1048 print_buffer(dev->cmd, dev->pos);
1049
1050 return opal_send_recv(dev, cont);
1051}
1052
1053static int gen_key(struct opal_dev *dev, void *data)
1054{
1055 u8 uid[OPAL_UID_LENGTH];
1056 int err = 0;
1057
1058 clear_opal_cmd(dev);
1059 set_comid(dev, dev->comid);
1060
1061 memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1062 kfree(dev->prev_data);
1063 dev->prev_data = NULL;
1064
1065 add_token_u8(&err, dev, OPAL_CALL);
1066 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1067 add_token_bytestring(&err, dev, opalmethod[OPAL_GENKEY],
1068 OPAL_UID_LENGTH);
1069 add_token_u8(&err, dev, OPAL_STARTLIST);
1070 add_token_u8(&err, dev, OPAL_ENDLIST);
1071
1072 if (err) {
1073 pr_debug("Error building gen key command\n");
1074 return err;
1075
1076 }
1077 return finalize_and_send(dev, parse_and_check_status);
1078}
1079
1080static int get_active_key_cont(struct opal_dev *dev)
1081{
1082 const char *activekey;
1083 size_t keylen;
1084 int error = 0;
1085
1086 error = parse_and_check_status(dev);
1087 if (error)
1088 return error;
1089 keylen = response_get_string(&dev->parsed, 4, &activekey);
1090 if (!activekey) {
1091 pr_debug("%s: Couldn't extract the Activekey from the response\n",
1092 __func__);
1093 return OPAL_INVAL_PARAM;
1094 }
1095 dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1096
1097 if (!dev->prev_data)
1098 return -ENOMEM;
1099
1100 dev->prev_d_len = keylen;
1101
1102 return 0;
1103}
1104
1105static int get_active_key(struct opal_dev *dev, void *data)
1106{
1107 u8 uid[OPAL_UID_LENGTH];
1108 int err = 0;
1109 u8 *lr = data;
1110
1111 clear_opal_cmd(dev);
1112 set_comid(dev, dev->comid);
1113
1114 err = build_locking_range(uid, sizeof(uid), *lr);
1115 if (err)
1116 return err;
1117
1118 err = 0;
1119 add_token_u8(&err, dev, OPAL_CALL);
1120 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1121 add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH);
1122 add_token_u8(&err, dev, OPAL_STARTLIST);
1123 add_token_u8(&err, dev, OPAL_STARTLIST);
1124 add_token_u8(&err, dev, OPAL_STARTNAME);
1125 add_token_u8(&err, dev, 3); /* startCloumn */
1126 add_token_u8(&err, dev, 10); /* ActiveKey */
1127 add_token_u8(&err, dev, OPAL_ENDNAME);
1128 add_token_u8(&err, dev, OPAL_STARTNAME);
1129 add_token_u8(&err, dev, 4); /* endColumn */
1130 add_token_u8(&err, dev, 10); /* ActiveKey */
1131 add_token_u8(&err, dev, OPAL_ENDNAME);
1132 add_token_u8(&err, dev, OPAL_ENDLIST);
1133 add_token_u8(&err, dev, OPAL_ENDLIST);
1134 if (err) {
1135 pr_debug("Error building get active key command\n");
1136 return err;
1137 }
1138
1139 return finalize_and_send(dev, get_active_key_cont);
1140}
1141
1142static int generic_lr_enable_disable(struct opal_dev *dev,
1143 u8 *uid, bool rle, bool wle,
1144 bool rl, bool wl)
1145{
1146 int err = 0;
1147
1148 add_token_u8(&err, dev, OPAL_CALL);
1149 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1150 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1151
1152 add_token_u8(&err, dev, OPAL_STARTLIST);
1153 add_token_u8(&err, dev, OPAL_STARTNAME);
1154 add_token_u8(&err, dev, OPAL_VALUES);
1155 add_token_u8(&err, dev, OPAL_STARTLIST);
1156
1157 add_token_u8(&err, dev, OPAL_STARTNAME);
1158 add_token_u8(&err, dev, 5); /* ReadLockEnabled */
1159 add_token_u8(&err, dev, rle);
1160 add_token_u8(&err, dev, OPAL_ENDNAME);
1161
1162 add_token_u8(&err, dev, OPAL_STARTNAME);
1163 add_token_u8(&err, dev, 6); /* WriteLockEnabled */
1164 add_token_u8(&err, dev, wle);
1165 add_token_u8(&err, dev, OPAL_ENDNAME);
1166
1167 add_token_u8(&err, dev, OPAL_STARTNAME);
1168 add_token_u8(&err, dev, OPAL_READLOCKED);
1169 add_token_u8(&err, dev, rl);
1170 add_token_u8(&err, dev, OPAL_ENDNAME);
1171
1172 add_token_u8(&err, dev, OPAL_STARTNAME);
1173 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1174 add_token_u8(&err, dev, wl);
1175 add_token_u8(&err, dev, OPAL_ENDNAME);
1176
1177 add_token_u8(&err, dev, OPAL_ENDLIST);
1178 add_token_u8(&err, dev, OPAL_ENDNAME);
1179 add_token_u8(&err, dev, OPAL_ENDLIST);
1180 return err;
1181}
1182
1183static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1184 struct opal_user_lr_setup *setup)
1185{
1186 int err;
1187
1188 err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1189 0, 0);
1190 if (err)
1191 pr_debug("Failed to create enable global lr command\n");
1192 return err;
1193}
1194
1195static int setup_locking_range(struct opal_dev *dev, void *data)
1196{
1197 u8 uid[OPAL_UID_LENGTH];
1198 struct opal_user_lr_setup *setup = data;
1199 u8 lr;
1200 int err = 0;
1201
1202 clear_opal_cmd(dev);
1203 set_comid(dev, dev->comid);
1204
1205 lr = setup->session.opal_key.lr;
1206 err = build_locking_range(uid, sizeof(uid), lr);
1207 if (err)
1208 return err;
1209
1210 if (lr == 0)
1211 err = enable_global_lr(dev, uid, setup);
1212 else {
1213 add_token_u8(&err, dev, OPAL_CALL);
1214 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1215 add_token_bytestring(&err, dev, opalmethod[OPAL_SET],
1216 OPAL_UID_LENGTH);
1217
1218 add_token_u8(&err, dev, OPAL_STARTLIST);
1219 add_token_u8(&err, dev, OPAL_STARTNAME);
1220 add_token_u8(&err, dev, OPAL_VALUES);
1221 add_token_u8(&err, dev, OPAL_STARTLIST);
1222
1223 add_token_u8(&err, dev, OPAL_STARTNAME);
1224 add_token_u8(&err, dev, 3); /* Ranges Start */
1225 add_token_u64(&err, dev, setup->range_start);
1226 add_token_u8(&err, dev, OPAL_ENDNAME);
1227
1228 add_token_u8(&err, dev, OPAL_STARTNAME);
1229 add_token_u8(&err, dev, 4); /* Ranges length */
1230 add_token_u64(&err, dev, setup->range_length);
1231 add_token_u8(&err, dev, OPAL_ENDNAME);
1232
1233 add_token_u8(&err, dev, OPAL_STARTNAME);
1234 add_token_u8(&err, dev, 5); /*ReadLockEnabled */
1235 add_token_u64(&err, dev, !!setup->RLE);
1236 add_token_u8(&err, dev, OPAL_ENDNAME);
1237
1238 add_token_u8(&err, dev, OPAL_STARTNAME);
1239 add_token_u8(&err, dev, 6); /*WriteLockEnabled*/
1240 add_token_u64(&err, dev, !!setup->WLE);
1241 add_token_u8(&err, dev, OPAL_ENDNAME);
1242
1243 add_token_u8(&err, dev, OPAL_ENDLIST);
1244 add_token_u8(&err, dev, OPAL_ENDNAME);
1245 add_token_u8(&err, dev, OPAL_ENDLIST);
1246
1247 }
1248 if (err) {
1249 pr_debug("Error building Setup Locking range command.\n");
1250 return err;
1251
1252 }
1253
1254 return finalize_and_send(dev, parse_and_check_status);
1255}
1256
1257static int start_generic_opal_session(struct opal_dev *dev,
1258 enum opal_uid auth,
1259 enum opal_uid sp_type,
1260 const char *key,
1261 u8 key_len)
1262{
1263 u32 hsn;
1264 int err = 0;
1265
1266 if (key == NULL && auth != OPAL_ANYBODY_UID)
1267 return OPAL_INVAL_PARAM;
1268
1269 clear_opal_cmd(dev);
1270
1271 set_comid(dev, dev->comid);
1272 hsn = GENERIC_HOST_SESSION_NUM;
1273
1274 add_token_u8(&err, dev, OPAL_CALL);
1275 add_token_bytestring(&err, dev, opaluid[OPAL_SMUID_UID],
1276 OPAL_UID_LENGTH);
1277 add_token_bytestring(&err, dev, opalmethod[OPAL_STARTSESSION],
1278 OPAL_UID_LENGTH);
1279 add_token_u8(&err, dev, OPAL_STARTLIST);
1280 add_token_u64(&err, dev, hsn);
1281 add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1282 add_token_u8(&err, dev, 1);
1283
1284 switch (auth) {
1285 case OPAL_ANYBODY_UID:
1286 add_token_u8(&err, dev, OPAL_ENDLIST);
1287 break;
1288 case OPAL_ADMIN1_UID:
1289 case OPAL_SID_UID:
1290 add_token_u8(&err, dev, OPAL_STARTNAME);
1291 add_token_u8(&err, dev, 0); /* HostChallenge */
1292 add_token_bytestring(&err, dev, key, key_len);
1293 add_token_u8(&err, dev, OPAL_ENDNAME);
1294 add_token_u8(&err, dev, OPAL_STARTNAME);
1295 add_token_u8(&err, dev, 3); /* HostSignAuth */
1296 add_token_bytestring(&err, dev, opaluid[auth],
1297 OPAL_UID_LENGTH);
1298 add_token_u8(&err, dev, OPAL_ENDNAME);
1299 add_token_u8(&err, dev, OPAL_ENDLIST);
1300 break;
1301 default:
1302 pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1303 return OPAL_INVAL_PARAM;
1304 }
1305
1306 if (err) {
1307 pr_debug("Error building start adminsp session command.\n");
1308 return err;
1309 }
1310
1311 return finalize_and_send(dev, start_opal_session_cont);
1312}
1313
1314static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1315{
1316 return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1317 OPAL_ADMINSP_UID, NULL, 0);
1318}
1319
1320static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1321{
1322 int ret;
1323 const u8 *key = dev->prev_data;
1324
1325 if (!key) {
1326 const struct opal_key *okey = data;
1327 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1328 OPAL_ADMINSP_UID,
1329 okey->key,
1330 okey->key_len);
1331 } else {
1332 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1333 OPAL_ADMINSP_UID,
1334 key, dev->prev_d_len);
1335 kfree(key);
1336 dev->prev_data = NULL;
1337 }
1338 return ret;
1339}
1340
1341static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1342{
1343 struct opal_key *key = data;
1344 return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1345 OPAL_LOCKINGSP_UID,
1346 key->key, key->key_len);
1347}
1348
1349static int start_auth_opal_session(struct opal_dev *dev, void *data)
1350{
1351 struct opal_session_info *session = data;
1352 u8 lk_ul_user[OPAL_UID_LENGTH];
1353 size_t keylen = session->opal_key.key_len;
1354 int err = 0;
1355
1356 u8 *key = session->opal_key.key;
1357 u32 hsn = GENERIC_HOST_SESSION_NUM;
1358
1359 clear_opal_cmd(dev);
1360 set_comid(dev, dev->comid);
1361
1362 if (session->sum) {
1363 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1364 session->opal_key.lr);
1365 if (err)
1366 return err;
1367
1368 } else if (session->who != OPAL_ADMIN1 && !session->sum) {
1369 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1370 session->who - 1);
1371 if (err)
1372 return err;
1373 } else
1374 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1375
1376 add_token_u8(&err, dev, OPAL_CALL);
1377 add_token_bytestring(&err, dev, opaluid[OPAL_SMUID_UID],
1378 OPAL_UID_LENGTH);
1379 add_token_bytestring(&err, dev, opalmethod[OPAL_STARTSESSION],
1380 OPAL_UID_LENGTH);
1381
1382 add_token_u8(&err, dev, OPAL_STARTLIST);
1383 add_token_u64(&err, dev, hsn);
1384 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1385 OPAL_UID_LENGTH);
1386 add_token_u8(&err, dev, 1);
1387 add_token_u8(&err, dev, OPAL_STARTNAME);
1388 add_token_u8(&err, dev, 0);
1389 add_token_bytestring(&err, dev, key, keylen);
1390 add_token_u8(&err, dev, OPAL_ENDNAME);
1391 add_token_u8(&err, dev, OPAL_STARTNAME);
1392 add_token_u8(&err, dev, 3);
1393 add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1394 add_token_u8(&err, dev, OPAL_ENDNAME);
1395 add_token_u8(&err, dev, OPAL_ENDLIST);
1396
1397 if (err) {
1398 pr_debug("Error building STARTSESSION command.\n");
1399 return err;
1400 }
1401
1402 return finalize_and_send(dev, start_opal_session_cont);
1403}
1404
1405static int revert_tper(struct opal_dev *dev, void *data)
1406{
1407 int err = 0;
1408
1409 clear_opal_cmd(dev);
1410 set_comid(dev, dev->comid);
1411
1412 add_token_u8(&err, dev, OPAL_CALL);
1413 add_token_bytestring(&err, dev, opaluid[OPAL_ADMINSP_UID],
1414 OPAL_UID_LENGTH);
1415 add_token_bytestring(&err, dev, opalmethod[OPAL_REVERT],
1416 OPAL_UID_LENGTH);
1417 add_token_u8(&err, dev, OPAL_STARTLIST);
1418 add_token_u8(&err, dev, OPAL_ENDLIST);
1419 if (err) {
1420 pr_debug("Error building REVERT TPER command.\n");
1421 return err;
1422 }
1423
1424 return finalize_and_send(dev, parse_and_check_status);
1425}
1426
1427static int internal_activate_user(struct opal_dev *dev, void *data)
1428{
1429 struct opal_session_info *session = data;
1430 u8 uid[OPAL_UID_LENGTH];
1431 int err = 0;
1432
1433 clear_opal_cmd(dev);
1434 set_comid(dev, dev->comid);
1435
1436 memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1437 uid[7] = session->who;
1438
1439 add_token_u8(&err, dev, OPAL_CALL);
1440 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1441 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1442 add_token_u8(&err, dev, OPAL_STARTLIST);
1443 add_token_u8(&err, dev, OPAL_STARTNAME);
1444 add_token_u8(&err, dev, OPAL_VALUES);
1445 add_token_u8(&err, dev, OPAL_STARTLIST);
1446 add_token_u8(&err, dev, OPAL_STARTNAME);
1447 add_token_u8(&err, dev, 5); /* Enabled */
1448 add_token_u8(&err, dev, OPAL_TRUE);
1449 add_token_u8(&err, dev, OPAL_ENDNAME);
1450 add_token_u8(&err, dev, OPAL_ENDLIST);
1451 add_token_u8(&err, dev, OPAL_ENDNAME);
1452 add_token_u8(&err, dev, OPAL_ENDLIST);
1453
1454 if (err) {
1455 pr_debug("Error building Activate UserN command.\n");
1456 return err;
1457 }
1458
1459 return finalize_and_send(dev, parse_and_check_status);
1460}
1461
1462static int erase_locking_range(struct opal_dev *dev, void *data)
1463{
1464 struct opal_session_info *session = data;
1465 u8 uid[OPAL_UID_LENGTH];
1466 int err = 0;
1467
1468 clear_opal_cmd(dev);
1469 set_comid(dev, dev->comid);
1470
1471 if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1472 return -ERANGE;
1473
1474 add_token_u8(&err, dev, OPAL_CALL);
1475 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1476 add_token_bytestring(&err, dev, opalmethod[OPAL_ERASE],
1477 OPAL_UID_LENGTH);
1478 add_token_u8(&err, dev, OPAL_STARTLIST);
1479 add_token_u8(&err, dev, OPAL_ENDLIST);
1480
1481 if (err) {
1482 pr_debug("Error building Erase Locking Range Command.\n");
1483 return err;
1484 }
1485 return finalize_and_send(dev, parse_and_check_status);
1486}
1487
1488static int set_mbr_done(struct opal_dev *dev, void *data)
1489{
1490 u8 *mbr_done_tf = data;
1491 int err = 0;
1492
1493 clear_opal_cmd(dev);
1494 set_comid(dev, dev->comid);
1495
1496 add_token_u8(&err, dev, OPAL_CALL);
1497 add_token_bytestring(&err, dev, opaluid[OPAL_MBRCONTROL],
1498 OPAL_UID_LENGTH);
1499 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1500 add_token_u8(&err, dev, OPAL_STARTLIST);
1501 add_token_u8(&err, dev, OPAL_STARTNAME);
1502 add_token_u8(&err, dev, OPAL_VALUES);
1503 add_token_u8(&err, dev, OPAL_STARTLIST);
1504 add_token_u8(&err, dev, OPAL_STARTNAME);
1505 add_token_u8(&err, dev, 2); /* Done */
1506 add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */
1507 add_token_u8(&err, dev, OPAL_ENDNAME);
1508 add_token_u8(&err, dev, OPAL_ENDLIST);
1509 add_token_u8(&err, dev, OPAL_ENDNAME);
1510 add_token_u8(&err, dev, OPAL_ENDLIST);
1511
1512 if (err) {
1513 pr_debug("Error Building set MBR Done command\n");
1514 return err;
1515 }
1516
1517 return finalize_and_send(dev, parse_and_check_status);
1518}
1519
1520static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1521{
1522 u8 *mbr_en_dis = data;
1523 int err = 0;
1524
1525 clear_opal_cmd(dev);
1526 set_comid(dev, dev->comid);
1527
1528 add_token_u8(&err, dev, OPAL_CALL);
1529 add_token_bytestring(&err, dev, opaluid[OPAL_MBRCONTROL],
1530 OPAL_UID_LENGTH);
1531 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1532 add_token_u8(&err, dev, OPAL_STARTLIST);
1533 add_token_u8(&err, dev, OPAL_STARTNAME);
1534 add_token_u8(&err, dev, OPAL_VALUES);
1535 add_token_u8(&err, dev, OPAL_STARTLIST);
1536 add_token_u8(&err, dev, OPAL_STARTNAME);
1537 add_token_u8(&err, dev, 1);
1538 add_token_u8(&err, dev, *mbr_en_dis);
1539 add_token_u8(&err, dev, OPAL_ENDNAME);
1540 add_token_u8(&err, dev, OPAL_ENDLIST);
1541 add_token_u8(&err, dev, OPAL_ENDNAME);
1542 add_token_u8(&err, dev, OPAL_ENDLIST);
1543
1544 if (err) {
1545 pr_debug("Error Building set MBR done command\n");
1546 return err;
1547 }
1548
1549 return finalize_and_send(dev, parse_and_check_status);
1550}
1551
1552static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1553 struct opal_dev *dev)
1554{
1555 int err = 0;
1556
1557 clear_opal_cmd(dev);
1558 set_comid(dev, dev->comid);
1559
1560 add_token_u8(&err, dev, OPAL_CALL);
1561 add_token_bytestring(&err, dev, cpin_uid, OPAL_UID_LENGTH);
1562 add_token_bytestring(&err, dev, opalmethod[OPAL_SET],
1563 OPAL_UID_LENGTH);
1564 add_token_u8(&err, dev, OPAL_STARTLIST);
1565 add_token_u8(&err, dev, OPAL_STARTNAME);
1566 add_token_u8(&err, dev, OPAL_VALUES);
1567 add_token_u8(&err, dev, OPAL_STARTLIST);
1568 add_token_u8(&err, dev, OPAL_STARTNAME);
1569 add_token_u8(&err, dev, 3); /* PIN */
1570 add_token_bytestring(&err, dev, key, key_len);
1571 add_token_u8(&err, dev, OPAL_ENDNAME);
1572 add_token_u8(&err, dev, OPAL_ENDLIST);
1573 add_token_u8(&err, dev, OPAL_ENDNAME);
1574 add_token_u8(&err, dev, OPAL_ENDLIST);
1575
1576 return err;
1577}
1578
1579static int set_new_pw(struct opal_dev *dev, void *data)
1580{
1581 u8 cpin_uid[OPAL_UID_LENGTH];
1582 struct opal_session_info *usr = data;
1583
1584 memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1585
1586 if (usr->who != OPAL_ADMIN1) {
1587 cpin_uid[5] = 0x03;
1588 if (usr->sum)
1589 cpin_uid[7] = usr->opal_key.lr + 1;
1590 else
1591 cpin_uid[7] = usr->who;
1592 }
1593
1594 if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
1595 cpin_uid, dev)) {
1596 pr_debug("Error building set password command.\n");
1597 return -ERANGE;
1598 }
1599
1600 return finalize_and_send(dev, parse_and_check_status);
1601}
1602
1603static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
1604{
1605 u8 cpin_uid[OPAL_UID_LENGTH];
1606 struct opal_key *key = data;
1607
1608 memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
1609
1610 if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
1611 pr_debug("Error building Set SID cpin\n");
1612 return -ERANGE;
1613 }
1614 return finalize_and_send(dev, parse_and_check_status);
1615}
1616
1617static int add_user_to_lr(struct opal_dev *dev, void *data)
1618{
1619 u8 lr_buffer[OPAL_UID_LENGTH];
1620 u8 user_uid[OPAL_UID_LENGTH];
1621 struct opal_lock_unlock *lkul = data;
1622 int err = 0;
1623
1624 clear_opal_cmd(dev);
1625 set_comid(dev, dev->comid);
1626
1627 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_RDLOCKED],
1628 OPAL_UID_LENGTH);
1629
1630 if (lkul->l_state == OPAL_RW)
1631 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_WRLOCKED],
1632 OPAL_UID_LENGTH);
1633
1634 lr_buffer[7] = lkul->session.opal_key.lr;
1635
1636 memcpy(user_uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1637
1638 user_uid[7] = lkul->session.who;
1639
1640 add_token_u8(&err, dev, OPAL_CALL);
1641 add_token_bytestring(&err, dev, lr_buffer, OPAL_UID_LENGTH);
1642 add_token_bytestring(&err, dev, opalmethod[OPAL_SET],
1643 OPAL_UID_LENGTH);
1644
1645 add_token_u8(&err, dev, OPAL_STARTLIST);
1646 add_token_u8(&err, dev, OPAL_STARTNAME);
1647 add_token_u8(&err, dev, OPAL_VALUES);
1648
1649 add_token_u8(&err, dev, OPAL_STARTLIST);
1650 add_token_u8(&err, dev, OPAL_STARTNAME);
1651 add_token_u8(&err, dev, 3);
1652
1653 add_token_u8(&err, dev, OPAL_STARTLIST);
1654
1655
1656 add_token_u8(&err, dev, OPAL_STARTNAME);
1657 add_token_bytestring(&err, dev,
1658 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1659 OPAL_UID_LENGTH/2);
1660 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1661 add_token_u8(&err, dev, OPAL_ENDNAME);
1662
1663
1664 add_token_u8(&err, dev, OPAL_STARTNAME);
1665 add_token_bytestring(&err, dev,
1666 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1667 OPAL_UID_LENGTH/2);
1668 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1669 add_token_u8(&err, dev, OPAL_ENDNAME);
1670
1671
1672 add_token_u8(&err, dev, OPAL_STARTNAME);
1673 add_token_bytestring(&err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
1674 OPAL_UID_LENGTH/2);
1675 add_token_u8(&err, dev, 1);
1676 add_token_u8(&err, dev, OPAL_ENDNAME);
1677
1678
1679 add_token_u8(&err, dev, OPAL_ENDLIST);
1680 add_token_u8(&err, dev, OPAL_ENDNAME);
1681 add_token_u8(&err, dev, OPAL_ENDLIST);
1682 add_token_u8(&err, dev, OPAL_ENDNAME);
1683 add_token_u8(&err, dev, OPAL_ENDLIST);
1684
1685 if (err) {
1686 pr_debug("Error building add user to locking range command.\n");
1687 return err;
1688 }
1689
1690 return finalize_and_send(dev, parse_and_check_status);
1691}
1692
1693static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
1694{
1695 u8 lr_buffer[OPAL_UID_LENGTH];
1696 struct opal_lock_unlock *lkul = data;
1697 u8 read_locked = 1, write_locked = 1;
1698 int err = 0;
1699
1700 clear_opal_cmd(dev);
1701 set_comid(dev, dev->comid);
1702
1703 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1704 lkul->session.opal_key.lr) < 0)
1705 return -ERANGE;
1706
1707 switch (lkul->l_state) {
1708 case OPAL_RO:
1709 read_locked = 0;
1710 write_locked = 1;
1711 break;
1712 case OPAL_RW:
1713 read_locked = 0;
1714 write_locked = 0;
1715 break;
1716 case OPAL_LK:
1717 /* vars are initalized to locked */
1718 break;
1719 default:
1720 pr_debug("Tried to set an invalid locking state... returning to uland\n");
1721 return OPAL_INVAL_PARAM;
1722 }
1723
1724 add_token_u8(&err, dev, OPAL_CALL);
1725 add_token_bytestring(&err, dev, lr_buffer, OPAL_UID_LENGTH);
1726 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1727 add_token_u8(&err, dev, OPAL_STARTLIST);
1728 add_token_u8(&err, dev, OPAL_STARTNAME);
1729 add_token_u8(&err, dev, OPAL_VALUES);
1730 add_token_u8(&err, dev, OPAL_STARTLIST);
1731
1732 add_token_u8(&err, dev, OPAL_STARTNAME);
1733 add_token_u8(&err, dev, OPAL_READLOCKED);
1734 add_token_u8(&err, dev, read_locked);
1735 add_token_u8(&err, dev, OPAL_ENDNAME);
1736
1737 add_token_u8(&err, dev, OPAL_STARTNAME);
1738 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1739 add_token_u8(&err, dev, write_locked);
1740 add_token_u8(&err, dev, OPAL_ENDNAME);
1741
1742 add_token_u8(&err, dev, OPAL_ENDLIST);
1743 add_token_u8(&err, dev, OPAL_ENDNAME);
1744 add_token_u8(&err, dev, OPAL_ENDLIST);
1745
1746 if (err) {
1747 pr_debug("Error building SET command.\n");
1748 return err;
1749 }
1750 return finalize_and_send(dev, parse_and_check_status);
1751}
1752
1753
1754static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
1755{
1756 u8 lr_buffer[OPAL_UID_LENGTH];
1757 u8 read_locked = 1, write_locked = 1;
1758 struct opal_lock_unlock *lkul = data;
1759 int ret;
1760
1761 clear_opal_cmd(dev);
1762 set_comid(dev, dev->comid);
1763
1764 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1765 lkul->session.opal_key.lr) < 0)
1766 return -ERANGE;
1767
1768 switch (lkul->l_state) {
1769 case OPAL_RO:
1770 read_locked = 0;
1771 write_locked = 1;
1772 break;
1773 case OPAL_RW:
1774 read_locked = 0;
1775 write_locked = 0;
1776 break;
1777 case OPAL_LK:
1778 /* vars are initalized to locked */
1779 break;
1780 default:
1781 pr_debug("Tried to set an invalid locking state.\n");
1782 return OPAL_INVAL_PARAM;
1783 }
1784 ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
1785 read_locked, write_locked);
1786
1787 if (ret < 0) {
1788 pr_debug("Error building SET command.\n");
1789 return ret;
1790 }
1791 return finalize_and_send(dev, parse_and_check_status);
1792}
1793
1794static int activate_lsp(struct opal_dev *dev, void *data)
1795{
1796 struct opal_lr_act *opal_act = data;
1797 u8 user_lr[OPAL_UID_LENGTH];
1798 u8 uint_3 = 0x83;
1799 int err = 0, i;
1800
1801 clear_opal_cmd(dev);
1802 set_comid(dev, dev->comid);
1803
1804 add_token_u8(&err, dev, OPAL_CALL);
1805 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1806 OPAL_UID_LENGTH);
1807 add_token_bytestring(&err, dev, opalmethod[OPAL_ACTIVATE],
1808 OPAL_UID_LENGTH);
1809
1810
1811 if (opal_act->sum) {
1812 err = build_locking_range(user_lr, sizeof(user_lr),
1813 opal_act->lr[0]);
1814 if (err)
1815 return err;
1816
1817 add_token_u8(&err, dev, OPAL_STARTLIST);
1818 add_token_u8(&err, dev, OPAL_STARTNAME);
1819 add_token_u8(&err, dev, uint_3);
1820 add_token_u8(&err, dev, 6);
1821 add_token_u8(&err, dev, 0);
1822 add_token_u8(&err, dev, 0);
1823
1824 add_token_u8(&err, dev, OPAL_STARTLIST);
1825 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1826 for (i = 1; i < opal_act->num_lrs; i++) {
1827 user_lr[7] = opal_act->lr[i];
1828 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1829 }
1830 add_token_u8(&err, dev, OPAL_ENDLIST);
1831 add_token_u8(&err, dev, OPAL_ENDNAME);
1832 add_token_u8(&err, dev, OPAL_ENDLIST);
1833
1834 } else {
1835 add_token_u8(&err, dev, OPAL_STARTLIST);
1836 add_token_u8(&err, dev, OPAL_ENDLIST);
1837 }
1838
1839 if (err) {
1840 pr_debug("Error building Activate LockingSP command.\n");
1841 return err;
1842 }
1843
1844 return finalize_and_send(dev, parse_and_check_status);
1845}
1846
1847static int get_lsp_lifecycle_cont(struct opal_dev *dev)
1848{
1849 u8 lc_status;
1850 int error = 0;
1851
1852 error = parse_and_check_status(dev);
1853 if (error)
1854 return error;
1855
1856 lc_status = response_get_u64(&dev->parsed, 4);
1857 /* 0x08 is Manufacured Inactive */
1858 /* 0x09 is Manufactured */
1859 if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
1860 pr_debug("Couldn't determine the status of the Lifecycle state\n");
1861 return -ENODEV;
1862 }
1863
1864 return 0;
1865}
1866
1867/* Determine if we're in the Manufactured Inactive or Active state */
1868static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
1869{
1870 int err = 0;
1871
1872 clear_opal_cmd(dev);
1873 set_comid(dev, dev->comid);
1874
1875 add_token_u8(&err, dev, OPAL_CALL);
1876 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1877 OPAL_UID_LENGTH);
1878 add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH);
1879
1880 add_token_u8(&err, dev, OPAL_STARTLIST);
1881 add_token_u8(&err, dev, OPAL_STARTLIST);
1882
1883 add_token_u8(&err, dev, OPAL_STARTNAME);
1884 add_token_u8(&err, dev, 3); /* Start Column */
1885 add_token_u8(&err, dev, 6); /* Lifecycle Column */
1886 add_token_u8(&err, dev, OPAL_ENDNAME);
1887
1888 add_token_u8(&err, dev, OPAL_STARTNAME);
1889 add_token_u8(&err, dev, 4); /* End Column */
1890 add_token_u8(&err, dev, 6); /* Lifecycle Column */
1891 add_token_u8(&err, dev, OPAL_ENDNAME);
1892
1893 add_token_u8(&err, dev, OPAL_ENDLIST);
1894 add_token_u8(&err, dev, OPAL_ENDLIST);
1895
1896 if (err) {
1897 pr_debug("Error Building GET Lifecycle Status command\n");
1898 return err;
1899 }
1900
1901 return finalize_and_send(dev, get_lsp_lifecycle_cont);
1902}
1903
1904static int get_msid_cpin_pin_cont(struct opal_dev *dev)
1905{
1906 const char *msid_pin;
1907 size_t strlen;
1908 int error = 0;
1909
1910 error = parse_and_check_status(dev);
1911 if (error)
1912 return error;
1913
1914 strlen = response_get_string(&dev->parsed, 4, &msid_pin);
1915 if (!msid_pin) {
1916 pr_debug("%s: Couldn't extract PIN from response\n", __func__);
1917 return OPAL_INVAL_PARAM;
1918 }
1919
1920 dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
1921 if (!dev->prev_data)
1922 return -ENOMEM;
1923
1924 dev->prev_d_len = strlen;
1925
1926 return 0;
1927}
1928
1929static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
1930{
1931 int err = 0;
1932
1933 clear_opal_cmd(dev);
1934 set_comid(dev, dev->comid);
1935
1936 add_token_u8(&err, dev, OPAL_CALL);
1937 add_token_bytestring(&err, dev, opaluid[OPAL_C_PIN_MSID],
1938 OPAL_UID_LENGTH);
1939 add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH);
1940
1941 add_token_u8(&err, dev, OPAL_STARTLIST);
1942 add_token_u8(&err, dev, OPAL_STARTLIST);
1943
1944 add_token_u8(&err, dev, OPAL_STARTNAME);
1945 add_token_u8(&err, dev, 3); /* Start Column */
1946 add_token_u8(&err, dev, 3); /* PIN */
1947 add_token_u8(&err, dev, OPAL_ENDNAME);
1948
1949 add_token_u8(&err, dev, OPAL_STARTNAME);
1950 add_token_u8(&err, dev, 4); /* End Column */
1951 add_token_u8(&err, dev, 3); /* Lifecycle Column */
1952 add_token_u8(&err, dev, OPAL_ENDNAME);
1953
1954 add_token_u8(&err, dev, OPAL_ENDLIST);
1955 add_token_u8(&err, dev, OPAL_ENDLIST);
1956
1957 if (err) {
1958 pr_debug("Error building Get MSID CPIN PIN command.\n");
1959 return err;
1960 }
1961
1962 return finalize_and_send(dev, get_msid_cpin_pin_cont);
1963}
1964
1965static int end_opal_session(struct opal_dev *dev, void *data)
1966{
1967 int err = 0;
1968
1969 clear_opal_cmd(dev);
1970 set_comid(dev, dev->comid);
1971 add_token_u8(&err, dev, OPAL_ENDOFSESSION);
1972
1973 if (err < 0)
1974 return err;
1975 return finalize_and_send(dev, end_session_cont);
1976}
1977
1978static int end_opal_session_error(struct opal_dev *dev)
1979{
1980 const struct opal_step error_end_session[] = {
1981 { end_opal_session, },
1982 { NULL, }
1983 };
1984 dev->steps = error_end_session;
1985 return next(dev);
1986}
1987
1988static inline void setup_opal_dev(struct opal_dev *dev,
1989 const struct opal_step *steps)
1990{
1991 dev->steps = steps;
1992 dev->tsn = 0;
1993 dev->hsn = 0;
1994 dev->prev_data = NULL;
1995}
1996
1997static int check_opal_support(struct opal_dev *dev)
1998{
1999 const struct opal_step steps[] = {
2000 { opal_discovery0, },
2001 { NULL, }
2002 };
2003 int ret;
2004
2005 mutex_lock(&dev->dev_lock);
2006 setup_opal_dev(dev, steps);
2007 ret = next(dev);
2008 dev->supported = !ret;
2009 mutex_unlock(&dev->dev_lock);
2010 return ret;
2011}
2012
2013static void clean_opal_dev(struct opal_dev *dev)
2014{
2015
2016 struct opal_suspend_data *suspend, *next;
2017
2018 mutex_lock(&dev->dev_lock);
2019 list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
2020 list_del(&suspend->node);
2021 kfree(suspend);
2022 }
2023 mutex_unlock(&dev->dev_lock);
2024}
2025
2026void free_opal_dev(struct opal_dev *dev)
2027{
2028 if (!dev)
2029 return;
2030 clean_opal_dev(dev);
2031 kfree(dev);
2032}
2033EXPORT_SYMBOL(free_opal_dev);
2034
2035struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2036{
2037 struct opal_dev *dev;
2038
2039 dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2040 if (!dev)
2041 return NULL;
2042
2043 INIT_LIST_HEAD(&dev->unlk_lst);
2044 mutex_init(&dev->dev_lock);
2045 dev->data = data;
2046 dev->send_recv = send_recv;
2047 if (check_opal_support(dev) != 0) {
2048 pr_debug("Opal is not supported on this device\n");
2049 kfree(dev);
2050 return NULL;
2051 }
2052 return dev;
2053}
2054EXPORT_SYMBOL(init_opal_dev);
2055
2056static int opal_secure_erase_locking_range(struct opal_dev *dev,
2057 struct opal_session_info *opal_session)
2058{
2059 const struct opal_step erase_steps[] = {
2060 { opal_discovery0, },
2061 { start_auth_opal_session, opal_session },
2062 { get_active_key, &opal_session->opal_key.lr },
2063 { gen_key, },
2064 { end_opal_session, },
2065 { NULL, }
2066 };
2067 int ret;
2068
2069 mutex_lock(&dev->dev_lock);
2070 setup_opal_dev(dev, erase_steps);
2071 ret = next(dev);
2072 mutex_unlock(&dev->dev_lock);
2073 return ret;
2074}
2075
2076static int opal_erase_locking_range(struct opal_dev *dev,
2077 struct opal_session_info *opal_session)
2078{
2079 const struct opal_step erase_steps[] = {
2080 { opal_discovery0, },
2081 { start_auth_opal_session, opal_session },
2082 { erase_locking_range, opal_session },
2083 { end_opal_session, },
2084 { NULL, }
2085 };
2086 int ret;
2087
2088 mutex_lock(&dev->dev_lock);
2089 setup_opal_dev(dev, erase_steps);
2090 ret = next(dev);
2091 mutex_unlock(&dev->dev_lock);
2092 return ret;
2093}
2094
2095static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2096 struct opal_mbr_data *opal_mbr)
2097{
2098 const struct opal_step mbr_steps[] = {
2099 { opal_discovery0, },
2100 { start_admin1LSP_opal_session, &opal_mbr->key },
2101 { set_mbr_done, &opal_mbr->enable_disable },
2102 { end_opal_session, },
2103 { start_admin1LSP_opal_session, &opal_mbr->key },
2104 { set_mbr_enable_disable, &opal_mbr->enable_disable },
2105 { end_opal_session, },
2106 { NULL, }
2107 };
2108 int ret;
2109
2110 if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2111 opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2112 return -EINVAL;
2113
2114 mutex_lock(&dev->dev_lock);
2115 setup_opal_dev(dev, mbr_steps);
2116 ret = next(dev);
2117 mutex_unlock(&dev->dev_lock);
2118 return ret;
2119}
2120
2121static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2122{
2123 struct opal_suspend_data *suspend;
2124
2125 suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2126 if (!suspend)
2127 return -ENOMEM;
2128
2129 suspend->unlk = *lk_unlk;
2130 suspend->lr = lk_unlk->session.opal_key.lr;
2131
2132 mutex_lock(&dev->dev_lock);
2133 setup_opal_dev(dev, NULL);
2134 add_suspend_info(dev, suspend);
2135 mutex_unlock(&dev->dev_lock);
2136 return 0;
2137}
2138
2139static int opal_add_user_to_lr(struct opal_dev *dev,
2140 struct opal_lock_unlock *lk_unlk)
2141{
2142 const struct opal_step steps[] = {
2143 { opal_discovery0, },
2144 { start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2145 { add_user_to_lr, lk_unlk },
2146 { end_opal_session, },
2147 { NULL, }
2148 };
2149 int ret;
2150
2151 if (lk_unlk->l_state != OPAL_RO &&
2152 lk_unlk->l_state != OPAL_RW) {
2153 pr_debug("Locking state was not RO or RW\n");
2154 return -EINVAL;
2155 }
2156 if (lk_unlk->session.who < OPAL_USER1 ||
2157 lk_unlk->session.who > OPAL_USER9) {
2158 pr_debug("Authority was not within the range of users: %d\n",
2159 lk_unlk->session.who);
2160 return -EINVAL;
2161 }
2162 if (lk_unlk->session.sum) {
2163 pr_debug("%s not supported in sum. Use setup locking range\n",
2164 __func__);
2165 return -EINVAL;
2166 }
2167
2168 mutex_lock(&dev->dev_lock);
2169 setup_opal_dev(dev, steps);
2170 ret = next(dev);
2171 mutex_unlock(&dev->dev_lock);
2172 return ret;
2173}
2174
2175static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal)
2176{
2177 const struct opal_step revert_steps[] = {
2178 { opal_discovery0, },
2179 { start_SIDASP_opal_session, opal },
2180 { revert_tper, }, /* controller will terminate session */
2181 { NULL, }
2182 };
2183 int ret;
2184
2185 mutex_lock(&dev->dev_lock);
2186 setup_opal_dev(dev, revert_steps);
2187 ret = next(dev);
2188 mutex_unlock(&dev->dev_lock);
2189
2190 /*
2191 * If we successfully reverted lets clean
2192 * any saved locking ranges.
2193 */
2194 if (!ret)
2195 clean_opal_dev(dev);
2196
2197 return ret;
2198}
2199
2200static int __opal_lock_unlock(struct opal_dev *dev,
2201 struct opal_lock_unlock *lk_unlk)
2202{
2203 const struct opal_step unlock_steps[] = {
2204 { opal_discovery0, },
2205 { start_auth_opal_session, &lk_unlk->session },
2206 { lock_unlock_locking_range, lk_unlk },
2207 { end_opal_session, },
2208 { NULL, }
2209 };
2210 const struct opal_step unlock_sum_steps[] = {
2211 { opal_discovery0, },
2212 { start_auth_opal_session, &lk_unlk->session },
2213 { lock_unlock_locking_range_sum, lk_unlk },
2214 { end_opal_session, },
2215 { NULL, }
2216 };
2217
2218 dev->steps = lk_unlk->session.sum ? unlock_sum_steps : unlock_steps;
2219 return next(dev);
2220}
2221
2222static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2223{
2224 u8 mbr_done_tf = 1;
2225 const struct opal_step mbrdone_step [] = {
2226 { opal_discovery0, },
2227 { start_admin1LSP_opal_session, key },
2228 { set_mbr_done, &mbr_done_tf },
2229 { end_opal_session, },
2230 { NULL, }
2231 };
2232
2233 dev->steps = mbrdone_step;
2234 return next(dev);
2235}
2236
2237static int opal_lock_unlock(struct opal_dev *dev,
2238 struct opal_lock_unlock *lk_unlk)
2239{
2240 int ret;
2241
2242 if (lk_unlk->session.who < OPAL_ADMIN1 ||
2243 lk_unlk->session.who > OPAL_USER9)
2244 return -EINVAL;
2245
2246 mutex_lock(&dev->dev_lock);
2247 ret = __opal_lock_unlock(dev, lk_unlk);
2248 mutex_unlock(&dev->dev_lock);
2249 return ret;
2250}
2251
2252static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2253{
2254 const struct opal_step owner_steps[] = {
2255 { opal_discovery0, },
2256 { start_anybodyASP_opal_session, },
2257 { get_msid_cpin_pin, },
2258 { end_opal_session, },
2259 { start_SIDASP_opal_session, opal },
2260 { set_sid_cpin_pin, opal },
2261 { end_opal_session, },
2262 { NULL, }
2263 };
2264 int ret;
2265
2266 if (!dev)
2267 return -ENODEV;
2268
2269 mutex_lock(&dev->dev_lock);
2270 setup_opal_dev(dev, owner_steps);
2271 ret = next(dev);
2272 mutex_unlock(&dev->dev_lock);
2273 return ret;
2274}
2275
2276static int opal_activate_lsp(struct opal_dev *dev, struct opal_lr_act *opal_lr_act)
2277{
2278 const struct opal_step active_steps[] = {
2279 { opal_discovery0, },
2280 { start_SIDASP_opal_session, &opal_lr_act->key },
2281 { get_lsp_lifecycle, },
2282 { activate_lsp, opal_lr_act },
2283 { end_opal_session, },
2284 { NULL, }
2285 };
2286 int ret;
2287
2288 if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2289 return -EINVAL;
2290
2291 mutex_lock(&dev->dev_lock);
2292 setup_opal_dev(dev, active_steps);
2293 ret = next(dev);
2294 mutex_unlock(&dev->dev_lock);
2295 return ret;
2296}
2297
2298static int opal_setup_locking_range(struct opal_dev *dev,
2299 struct opal_user_lr_setup *opal_lrs)
2300{
2301 const struct opal_step lr_steps[] = {
2302 { opal_discovery0, },
2303 { start_auth_opal_session, &opal_lrs->session },
2304 { setup_locking_range, opal_lrs },
2305 { end_opal_session, },
2306 { NULL, }
2307 };
2308 int ret;
2309
2310 mutex_lock(&dev->dev_lock);
2311 setup_opal_dev(dev, lr_steps);
2312 ret = next(dev);
2313 mutex_unlock(&dev->dev_lock);
2314 return ret;
2315}
2316
2317static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
2318{
2319 const struct opal_step pw_steps[] = {
2320 { opal_discovery0, },
2321 { start_auth_opal_session, &opal_pw->session },
2322 { set_new_pw, &opal_pw->new_user_pw },
2323 { end_opal_session, },
2324 { NULL }
2325 };
2326 int ret;
2327
2328 if (opal_pw->session.who < OPAL_ADMIN1 ||
2329 opal_pw->session.who > OPAL_USER9 ||
2330 opal_pw->new_user_pw.who < OPAL_ADMIN1 ||
2331 opal_pw->new_user_pw.who > OPAL_USER9)
2332 return -EINVAL;
2333
2334 mutex_lock(&dev->dev_lock);
2335 setup_opal_dev(dev, pw_steps);
2336 ret = next(dev);
2337 mutex_unlock(&dev->dev_lock);
2338 return ret;
2339}
2340
2341static int opal_activate_user(struct opal_dev *dev,
2342 struct opal_session_info *opal_session)
2343{
2344 const struct opal_step act_steps[] = {
2345 { opal_discovery0, },
2346 { start_admin1LSP_opal_session, &opal_session->opal_key },
2347 { internal_activate_user, opal_session },
2348 { end_opal_session, },
2349 { NULL, }
2350 };
2351 int ret;
2352
2353 /* We can't activate Admin1 it's active as manufactured */
2354 if (opal_session->who < OPAL_USER1 ||
2355 opal_session->who > OPAL_USER9) {
2356 pr_debug("Who was not a valid user: %d\n", opal_session->who);
2357 return -EINVAL;
2358 }
2359
2360 mutex_lock(&dev->dev_lock);
2361 setup_opal_dev(dev, act_steps);
2362 ret = next(dev);
2363 mutex_unlock(&dev->dev_lock);
2364 return ret;
2365}
2366
2367bool opal_unlock_from_suspend(struct opal_dev *dev)
2368{
2369 struct opal_suspend_data *suspend;
2370 bool was_failure = false;
2371 int ret = 0;
2372
2373 if (!dev)
2374 return false;
2375 if (!dev->supported)
2376 return false;
2377
2378 mutex_lock(&dev->dev_lock);
2379 setup_opal_dev(dev, NULL);
2380
2381 list_for_each_entry(suspend, &dev->unlk_lst, node) {
2382 dev->tsn = 0;
2383 dev->hsn = 0;
2384
2385 ret = __opal_lock_unlock(dev, &suspend->unlk);
2386 if (ret) {
2387 pr_debug("Failed to unlock LR %hhu with sum %d\n",
2388 suspend->unlk.session.opal_key.lr,
2389 suspend->unlk.session.sum);
2390 was_failure = true;
2391 }
2392 if (dev->mbr_enabled) {
2393 ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
2394 if (ret)
2395 pr_debug("Failed to set MBR Done in S3 resume\n");
2396 }
2397 }
2398 mutex_unlock(&dev->dev_lock);
2399 return was_failure;
2400}
2401EXPORT_SYMBOL(opal_unlock_from_suspend);
2402
2403int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
2404{
2405 void *p;
2406 int ret = -ENOTTY;
2407
2408 if (!capable(CAP_SYS_ADMIN))
2409 return -EACCES;
2410 if (!dev)
2411 return -ENOTSUPP;
2412 if (!dev->supported)
2413 return -ENOTSUPP;
2414
2415 p = memdup_user(arg, _IOC_SIZE(cmd));
2416 if (IS_ERR(p))
2417 return PTR_ERR(p);
2418
2419 switch (cmd) {
2420 case IOC_OPAL_SAVE:
2421 ret = opal_save(dev, p);
2422 break;
2423 case IOC_OPAL_LOCK_UNLOCK:
2424 ret = opal_lock_unlock(dev, p);
2425 break;
2426 case IOC_OPAL_TAKE_OWNERSHIP:
2427 ret = opal_take_ownership(dev, p);
2428 break;
2429 case IOC_OPAL_ACTIVATE_LSP:
2430 ret = opal_activate_lsp(dev, p);
2431 break;
2432 case IOC_OPAL_SET_PW:
2433 ret = opal_set_new_pw(dev, p);
2434 break;
2435 case IOC_OPAL_ACTIVATE_USR:
2436 ret = opal_activate_user(dev, p);
2437 break;
2438 case IOC_OPAL_REVERT_TPR:
2439 ret = opal_reverttper(dev, p);
2440 break;
2441 case IOC_OPAL_LR_SETUP:
2442 ret = opal_setup_locking_range(dev, p);
2443 break;
2444 case IOC_OPAL_ADD_USR_TO_LR:
2445 ret = opal_add_user_to_lr(dev, p);
2446 break;
2447 case IOC_OPAL_ENABLE_DISABLE_MBR:
2448 ret = opal_enable_disable_shadow_mbr(dev, p);
2449 break;
2450 case IOC_OPAL_ERASE_LR:
2451 ret = opal_erase_locking_range(dev, p);
2452 break;
2453 case IOC_OPAL_SECURE_ERASE_LR:
2454 ret = opal_secure_erase_locking_range(dev, p);
2455 break;
2456 default:
2457 break;
2458 }
2459
2460 kfree(p);
2461 return ret;
2462}
2463EXPORT_SYMBOL_GPL(sed_ioctl);
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright © 2016 Intel Corporation
4 *
5 * Authors:
6 * Scott Bauer <scott.bauer@intel.com>
7 * Rafael Antognolli <rafael.antognolli@intel.com>
8 */
9
10#define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
11
12#include <linux/delay.h>
13#include <linux/device.h>
14#include <linux/kernel.h>
15#include <linux/list.h>
16#include <linux/genhd.h>
17#include <linux/slab.h>
18#include <linux/uaccess.h>
19#include <uapi/linux/sed-opal.h>
20#include <linux/sed-opal.h>
21#include <linux/string.h>
22#include <linux/kdev_t.h>
23
24#include "opal_proto.h"
25
26#define IO_BUFFER_LENGTH 2048
27#define MAX_TOKS 64
28
29/* Number of bytes needed by cmd_finalize. */
30#define CMD_FINALIZE_BYTES_NEEDED 7
31
32struct opal_step {
33 int (*fn)(struct opal_dev *dev, void *data);
34 void *data;
35};
36typedef int (cont_fn)(struct opal_dev *dev);
37
38enum opal_atom_width {
39 OPAL_WIDTH_TINY,
40 OPAL_WIDTH_SHORT,
41 OPAL_WIDTH_MEDIUM,
42 OPAL_WIDTH_LONG,
43 OPAL_WIDTH_TOKEN
44};
45
46/*
47 * On the parsed response, we don't store again the toks that are already
48 * stored in the response buffer. Instead, for each token, we just store a
49 * pointer to the position in the buffer where the token starts, and the size
50 * of the token in bytes.
51 */
52struct opal_resp_tok {
53 const u8 *pos;
54 size_t len;
55 enum opal_response_token type;
56 enum opal_atom_width width;
57 union {
58 u64 u;
59 s64 s;
60 } stored;
61};
62
63/*
64 * From the response header it's not possible to know how many tokens there are
65 * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
66 * if we start dealing with messages that have more than that, we can increase
67 * this number. This is done to avoid having to make two passes through the
68 * response, the first one counting how many tokens we have and the second one
69 * actually storing the positions.
70 */
71struct parsed_resp {
72 int num;
73 struct opal_resp_tok toks[MAX_TOKS];
74};
75
76struct opal_dev {
77 bool supported;
78 bool mbr_enabled;
79
80 void *data;
81 sec_send_recv *send_recv;
82
83 struct mutex dev_lock;
84 u16 comid;
85 u32 hsn;
86 u32 tsn;
87 u64 align;
88 u64 lowest_lba;
89
90 size_t pos;
91 u8 cmd[IO_BUFFER_LENGTH];
92 u8 resp[IO_BUFFER_LENGTH];
93
94 struct parsed_resp parsed;
95 size_t prev_d_len;
96 void *prev_data;
97
98 struct list_head unlk_lst;
99};
100
101
102static const u8 opaluid[][OPAL_UID_LENGTH] = {
103 /* users */
104 [OPAL_SMUID_UID] =
105 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
106 [OPAL_THISSP_UID] =
107 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
108 [OPAL_ADMINSP_UID] =
109 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
110 [OPAL_LOCKINGSP_UID] =
111 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
112 [OPAL_ENTERPRISE_LOCKINGSP_UID] =
113 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
114 [OPAL_ANYBODY_UID] =
115 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
116 [OPAL_SID_UID] =
117 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
118 [OPAL_ADMIN1_UID] =
119 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
120 [OPAL_USER1_UID] =
121 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
122 [OPAL_USER2_UID] =
123 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
124 [OPAL_PSID_UID] =
125 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
126 [OPAL_ENTERPRISE_BANDMASTER0_UID] =
127 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
128 [OPAL_ENTERPRISE_ERASEMASTER_UID] =
129 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
130
131 /* tables */
132 [OPAL_TABLE_TABLE] =
133 { 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01 },
134 [OPAL_LOCKINGRANGE_GLOBAL] =
135 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
136 [OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
137 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
138 [OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
139 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
140 [OPAL_MBRCONTROL] =
141 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
142 [OPAL_MBR] =
143 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
144 [OPAL_AUTHORITY_TABLE] =
145 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
146 [OPAL_C_PIN_TABLE] =
147 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
148 [OPAL_LOCKING_INFO_TABLE] =
149 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
150 [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
151 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
152
153 /* C_PIN_TABLE object ID's */
154 [OPAL_C_PIN_MSID] =
155 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
156 [OPAL_C_PIN_SID] =
157 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
158 [OPAL_C_PIN_ADMIN1] =
159 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
160
161 /* half UID's (only first 4 bytes used) */
162 [OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
163 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
164 [OPAL_HALF_UID_BOOLEAN_ACE] =
165 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
166
167 /* special value for omitted optional parameter */
168 [OPAL_UID_HEXFF] =
169 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
170};
171
172/*
173 * TCG Storage SSC Methods.
174 * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
175 * Section: 6.3 Assigned UIDs
176 */
177static const u8 opalmethod[][OPAL_METHOD_LENGTH] = {
178 [OPAL_PROPERTIES] =
179 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
180 [OPAL_STARTSESSION] =
181 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
182 [OPAL_REVERT] =
183 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
184 [OPAL_ACTIVATE] =
185 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
186 [OPAL_EGET] =
187 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
188 [OPAL_ESET] =
189 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
190 [OPAL_NEXT] =
191 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
192 [OPAL_EAUTHENTICATE] =
193 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
194 [OPAL_GETACL] =
195 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
196 [OPAL_GENKEY] =
197 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
198 [OPAL_REVERTSP] =
199 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
200 [OPAL_GET] =
201 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
202 [OPAL_SET] =
203 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
204 [OPAL_AUTHENTICATE] =
205 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
206 [OPAL_RANDOM] =
207 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
208 [OPAL_ERASE] =
209 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
210};
211
212static int end_opal_session_error(struct opal_dev *dev);
213static int opal_discovery0_step(struct opal_dev *dev);
214
215struct opal_suspend_data {
216 struct opal_lock_unlock unlk;
217 u8 lr;
218 struct list_head node;
219};
220
221/*
222 * Derived from:
223 * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
224 * Section: 5.1.5 Method Status Codes
225 */
226static const char * const opal_errors[] = {
227 "Success",
228 "Not Authorized",
229 "Unknown Error",
230 "SP Busy",
231 "SP Failed",
232 "SP Disabled",
233 "SP Frozen",
234 "No Sessions Available",
235 "Uniqueness Conflict",
236 "Insufficient Space",
237 "Insufficient Rows",
238 "Invalid Function",
239 "Invalid Parameter",
240 "Invalid Reference",
241 "Unknown Error",
242 "TPER Malfunction",
243 "Transaction Failure",
244 "Response Overflow",
245 "Authority Locked Out",
246};
247
248static const char *opal_error_to_human(int error)
249{
250 if (error == 0x3f)
251 return "Failed";
252
253 if (error >= ARRAY_SIZE(opal_errors) || error < 0)
254 return "Unknown Error";
255
256 return opal_errors[error];
257}
258
259static void print_buffer(const u8 *ptr, u32 length)
260{
261#ifdef DEBUG
262 print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
263 pr_debug("\n");
264#endif
265}
266
267static bool check_tper(const void *data)
268{
269 const struct d0_tper_features *tper = data;
270 u8 flags = tper->supported_features;
271
272 if (!(flags & TPER_SYNC_SUPPORTED)) {
273 pr_debug("TPer sync not supported. flags = %d\n",
274 tper->supported_features);
275 return false;
276 }
277
278 return true;
279}
280
281static bool check_mbrenabled(const void *data)
282{
283 const struct d0_locking_features *lfeat = data;
284 u8 sup_feat = lfeat->supported_features;
285
286 return !!(sup_feat & MBR_ENABLED_MASK);
287}
288
289static bool check_sum(const void *data)
290{
291 const struct d0_single_user_mode *sum = data;
292 u32 nlo = be32_to_cpu(sum->num_locking_objects);
293
294 if (nlo == 0) {
295 pr_debug("Need at least one locking object.\n");
296 return false;
297 }
298
299 pr_debug("Number of locking objects: %d\n", nlo);
300
301 return true;
302}
303
304static u16 get_comid_v100(const void *data)
305{
306 const struct d0_opal_v100 *v100 = data;
307
308 return be16_to_cpu(v100->baseComID);
309}
310
311static u16 get_comid_v200(const void *data)
312{
313 const struct d0_opal_v200 *v200 = data;
314
315 return be16_to_cpu(v200->baseComID);
316}
317
318static int opal_send_cmd(struct opal_dev *dev)
319{
320 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
321 dev->cmd, IO_BUFFER_LENGTH,
322 true);
323}
324
325static int opal_recv_cmd(struct opal_dev *dev)
326{
327 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
328 dev->resp, IO_BUFFER_LENGTH,
329 false);
330}
331
332static int opal_recv_check(struct opal_dev *dev)
333{
334 size_t buflen = IO_BUFFER_LENGTH;
335 void *buffer = dev->resp;
336 struct opal_header *hdr = buffer;
337 int ret;
338
339 do {
340 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
341 hdr->cp.outstandingData,
342 hdr->cp.minTransfer);
343
344 if (hdr->cp.outstandingData == 0 ||
345 hdr->cp.minTransfer != 0)
346 return 0;
347
348 memset(buffer, 0, buflen);
349 ret = opal_recv_cmd(dev);
350 } while (!ret);
351
352 return ret;
353}
354
355static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
356{
357 int ret;
358
359 ret = opal_send_cmd(dev);
360 if (ret)
361 return ret;
362 ret = opal_recv_cmd(dev);
363 if (ret)
364 return ret;
365 ret = opal_recv_check(dev);
366 if (ret)
367 return ret;
368 return cont(dev);
369}
370
371static void check_geometry(struct opal_dev *dev, const void *data)
372{
373 const struct d0_geometry_features *geo = data;
374
375 dev->align = be64_to_cpu(geo->alignment_granularity);
376 dev->lowest_lba = be64_to_cpu(geo->lowest_aligned_lba);
377}
378
379static int execute_step(struct opal_dev *dev,
380 const struct opal_step *step, size_t stepIndex)
381{
382 int error = step->fn(dev, step->data);
383
384 if (error) {
385 pr_debug("Step %zu (%pS) failed with error %d: %s\n",
386 stepIndex, step->fn, error,
387 opal_error_to_human(error));
388 }
389
390 return error;
391}
392
393static int execute_steps(struct opal_dev *dev,
394 const struct opal_step *steps, size_t n_steps)
395{
396 size_t state = 0;
397 int error;
398
399 /* first do a discovery0 */
400 error = opal_discovery0_step(dev);
401 if (error)
402 return error;
403
404 for (state = 0; state < n_steps; state++) {
405 error = execute_step(dev, &steps[state], state);
406 if (error)
407 goto out_error;
408 }
409
410 return 0;
411
412out_error:
413 /*
414 * For each OPAL command the first step in steps starts some sort of
415 * session. If an error occurred in the initial discovery0 or if an
416 * error occurred in the first step (and thus stopping the loop with
417 * state == 0) then there was an error before or during the attempt to
418 * start a session. Therefore we shouldn't attempt to terminate a
419 * session, as one has not yet been created.
420 */
421 if (state > 0)
422 end_opal_session_error(dev);
423
424 return error;
425}
426
427static int opal_discovery0_end(struct opal_dev *dev)
428{
429 bool found_com_id = false, supported = true, single_user = false;
430 const struct d0_header *hdr = (struct d0_header *)dev->resp;
431 const u8 *epos = dev->resp, *cpos = dev->resp;
432 u16 comid = 0;
433 u32 hlen = be32_to_cpu(hdr->length);
434
435 print_buffer(dev->resp, hlen);
436 dev->mbr_enabled = false;
437
438 if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
439 pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
440 sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
441 return -EFAULT;
442 }
443
444 epos += hlen; /* end of buffer */
445 cpos += sizeof(*hdr); /* current position on buffer */
446
447 while (cpos < epos && supported) {
448 const struct d0_features *body =
449 (const struct d0_features *)cpos;
450
451 switch (be16_to_cpu(body->code)) {
452 case FC_TPER:
453 supported = check_tper(body->features);
454 break;
455 case FC_SINGLEUSER:
456 single_user = check_sum(body->features);
457 break;
458 case FC_GEOMETRY:
459 check_geometry(dev, body);
460 break;
461 case FC_LOCKING:
462 dev->mbr_enabled = check_mbrenabled(body->features);
463 break;
464 case FC_ENTERPRISE:
465 case FC_DATASTORE:
466 /* some ignored properties */
467 pr_debug("Found OPAL feature description: %d\n",
468 be16_to_cpu(body->code));
469 break;
470 case FC_OPALV100:
471 comid = get_comid_v100(body->features);
472 found_com_id = true;
473 break;
474 case FC_OPALV200:
475 comid = get_comid_v200(body->features);
476 found_com_id = true;
477 break;
478 case 0xbfff ... 0xffff:
479 /* vendor specific, just ignore */
480 break;
481 default:
482 pr_debug("OPAL Unknown feature: %d\n",
483 be16_to_cpu(body->code));
484
485 }
486 cpos += body->length + 4;
487 }
488
489 if (!supported) {
490 pr_debug("This device is not Opal enabled. Not Supported!\n");
491 return -EOPNOTSUPP;
492 }
493
494 if (!single_user)
495 pr_debug("Device doesn't support single user mode\n");
496
497
498 if (!found_com_id) {
499 pr_debug("Could not find OPAL comid for device. Returning early\n");
500 return -EOPNOTSUPP;
501 }
502
503 dev->comid = comid;
504
505 return 0;
506}
507
508static int opal_discovery0(struct opal_dev *dev, void *data)
509{
510 int ret;
511
512 memset(dev->resp, 0, IO_BUFFER_LENGTH);
513 dev->comid = OPAL_DISCOVERY_COMID;
514 ret = opal_recv_cmd(dev);
515 if (ret)
516 return ret;
517
518 return opal_discovery0_end(dev);
519}
520
521static int opal_discovery0_step(struct opal_dev *dev)
522{
523 const struct opal_step discovery0_step = {
524 opal_discovery0,
525 };
526
527 return execute_step(dev, &discovery0_step, 0);
528}
529
530static size_t remaining_size(struct opal_dev *cmd)
531{
532 return IO_BUFFER_LENGTH - cmd->pos;
533}
534
535static bool can_add(int *err, struct opal_dev *cmd, size_t len)
536{
537 if (*err)
538 return false;
539
540 if (remaining_size(cmd) < len) {
541 pr_debug("Error adding %zu bytes: end of buffer.\n", len);
542 *err = -ERANGE;
543 return false;
544 }
545
546 return true;
547}
548
549static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
550{
551 if (!can_add(err, cmd, 1))
552 return;
553
554 cmd->cmd[cmd->pos++] = tok;
555}
556
557static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
558 bool has_sign, int len)
559{
560 u8 atom;
561 int err = 0;
562
563 atom = SHORT_ATOM_ID;
564 atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
565 atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
566 atom |= len & SHORT_ATOM_LEN_MASK;
567
568 add_token_u8(&err, cmd, atom);
569}
570
571static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
572 bool has_sign, int len)
573{
574 u8 header0;
575
576 header0 = MEDIUM_ATOM_ID;
577 header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
578 header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
579 header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
580
581 cmd->cmd[cmd->pos++] = header0;
582 cmd->cmd[cmd->pos++] = len;
583}
584
585static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
586{
587 size_t len;
588 int msb;
589
590 if (!(number & ~TINY_ATOM_DATA_MASK)) {
591 add_token_u8(err, cmd, number);
592 return;
593 }
594
595 msb = fls64(number);
596 len = DIV_ROUND_UP(msb, 8);
597
598 if (!can_add(err, cmd, len + 1)) {
599 pr_debug("Error adding u64: end of buffer.\n");
600 return;
601 }
602 add_short_atom_header(cmd, false, false, len);
603 while (len--)
604 add_token_u8(err, cmd, number >> (len * 8));
605}
606
607static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len)
608{
609 size_t header_len = 1;
610 bool is_short_atom = true;
611
612 if (len & ~SHORT_ATOM_LEN_MASK) {
613 header_len = 2;
614 is_short_atom = false;
615 }
616
617 if (!can_add(err, cmd, header_len + len)) {
618 pr_debug("Error adding bytestring: end of buffer.\n");
619 return NULL;
620 }
621
622 if (is_short_atom)
623 add_short_atom_header(cmd, true, false, len);
624 else
625 add_medium_atom_header(cmd, true, false, len);
626
627 return &cmd->cmd[cmd->pos];
628}
629
630static void add_token_bytestring(int *err, struct opal_dev *cmd,
631 const u8 *bytestring, size_t len)
632{
633 u8 *start;
634
635 start = add_bytestring_header(err, cmd, len);
636 if (!start)
637 return;
638 memcpy(start, bytestring, len);
639 cmd->pos += len;
640}
641
642static int build_locking_range(u8 *buffer, size_t length, u8 lr)
643{
644 if (length > OPAL_UID_LENGTH) {
645 pr_debug("Can't build locking range. Length OOB\n");
646 return -ERANGE;
647 }
648
649 memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
650
651 if (lr == 0)
652 return 0;
653
654 buffer[5] = LOCKING_RANGE_NON_GLOBAL;
655 buffer[7] = lr;
656
657 return 0;
658}
659
660static int build_locking_user(u8 *buffer, size_t length, u8 lr)
661{
662 if (length > OPAL_UID_LENGTH) {
663 pr_debug("Can't build locking range user. Length OOB\n");
664 return -ERANGE;
665 }
666
667 memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
668
669 buffer[7] = lr + 1;
670
671 return 0;
672}
673
674static void set_comid(struct opal_dev *cmd, u16 comid)
675{
676 struct opal_header *hdr = (struct opal_header *)cmd->cmd;
677
678 hdr->cp.extendedComID[0] = comid >> 8;
679 hdr->cp.extendedComID[1] = comid;
680 hdr->cp.extendedComID[2] = 0;
681 hdr->cp.extendedComID[3] = 0;
682}
683
684static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
685{
686 struct opal_header *hdr;
687 int err = 0;
688
689 /*
690 * Close the parameter list opened from cmd_start.
691 * The number of bytes added must be equal to
692 * CMD_FINALIZE_BYTES_NEEDED.
693 */
694 add_token_u8(&err, cmd, OPAL_ENDLIST);
695
696 add_token_u8(&err, cmd, OPAL_ENDOFDATA);
697 add_token_u8(&err, cmd, OPAL_STARTLIST);
698 add_token_u8(&err, cmd, 0);
699 add_token_u8(&err, cmd, 0);
700 add_token_u8(&err, cmd, 0);
701 add_token_u8(&err, cmd, OPAL_ENDLIST);
702
703 if (err) {
704 pr_debug("Error finalizing command.\n");
705 return -EFAULT;
706 }
707
708 hdr = (struct opal_header *) cmd->cmd;
709
710 hdr->pkt.tsn = cpu_to_be32(tsn);
711 hdr->pkt.hsn = cpu_to_be32(hsn);
712
713 hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
714 while (cmd->pos % 4) {
715 if (cmd->pos >= IO_BUFFER_LENGTH) {
716 pr_debug("Error: Buffer overrun\n");
717 return -ERANGE;
718 }
719 cmd->cmd[cmd->pos++] = 0;
720 }
721 hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
722 sizeof(hdr->pkt));
723 hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
724
725 return 0;
726}
727
728static const struct opal_resp_tok *response_get_token(
729 const struct parsed_resp *resp,
730 int n)
731{
732 const struct opal_resp_tok *tok;
733
734 if (!resp) {
735 pr_debug("Response is NULL\n");
736 return ERR_PTR(-EINVAL);
737 }
738
739 if (n >= resp->num) {
740 pr_debug("Token number doesn't exist: %d, resp: %d\n",
741 n, resp->num);
742 return ERR_PTR(-EINVAL);
743 }
744
745 tok = &resp->toks[n];
746 if (tok->len == 0) {
747 pr_debug("Token length must be non-zero\n");
748 return ERR_PTR(-EINVAL);
749 }
750
751 return tok;
752}
753
754static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
755 const u8 *pos)
756{
757 tok->pos = pos;
758 tok->len = 1;
759 tok->width = OPAL_WIDTH_TINY;
760
761 if (pos[0] & TINY_ATOM_SIGNED) {
762 tok->type = OPAL_DTA_TOKENID_SINT;
763 } else {
764 tok->type = OPAL_DTA_TOKENID_UINT;
765 tok->stored.u = pos[0] & 0x3f;
766 }
767
768 return tok->len;
769}
770
771static ssize_t response_parse_short(struct opal_resp_tok *tok,
772 const u8 *pos)
773{
774 tok->pos = pos;
775 tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
776 tok->width = OPAL_WIDTH_SHORT;
777
778 if (pos[0] & SHORT_ATOM_BYTESTRING) {
779 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
780 } else if (pos[0] & SHORT_ATOM_SIGNED) {
781 tok->type = OPAL_DTA_TOKENID_SINT;
782 } else {
783 u64 u_integer = 0;
784 ssize_t i, b = 0;
785
786 tok->type = OPAL_DTA_TOKENID_UINT;
787 if (tok->len > 9) {
788 pr_debug("uint64 with more than 8 bytes\n");
789 return -EINVAL;
790 }
791 for (i = tok->len - 1; i > 0; i--) {
792 u_integer |= ((u64)pos[i] << (8 * b));
793 b++;
794 }
795 tok->stored.u = u_integer;
796 }
797
798 return tok->len;
799}
800
801static ssize_t response_parse_medium(struct opal_resp_tok *tok,
802 const u8 *pos)
803{
804 tok->pos = pos;
805 tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
806 tok->width = OPAL_WIDTH_MEDIUM;
807
808 if (pos[0] & MEDIUM_ATOM_BYTESTRING)
809 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
810 else if (pos[0] & MEDIUM_ATOM_SIGNED)
811 tok->type = OPAL_DTA_TOKENID_SINT;
812 else
813 tok->type = OPAL_DTA_TOKENID_UINT;
814
815 return tok->len;
816}
817
818static ssize_t response_parse_long(struct opal_resp_tok *tok,
819 const u8 *pos)
820{
821 tok->pos = pos;
822 tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
823 tok->width = OPAL_WIDTH_LONG;
824
825 if (pos[0] & LONG_ATOM_BYTESTRING)
826 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
827 else if (pos[0] & LONG_ATOM_SIGNED)
828 tok->type = OPAL_DTA_TOKENID_SINT;
829 else
830 tok->type = OPAL_DTA_TOKENID_UINT;
831
832 return tok->len;
833}
834
835static ssize_t response_parse_token(struct opal_resp_tok *tok,
836 const u8 *pos)
837{
838 tok->pos = pos;
839 tok->len = 1;
840 tok->type = OPAL_DTA_TOKENID_TOKEN;
841 tok->width = OPAL_WIDTH_TOKEN;
842
843 return tok->len;
844}
845
846static int response_parse(const u8 *buf, size_t length,
847 struct parsed_resp *resp)
848{
849 const struct opal_header *hdr;
850 struct opal_resp_tok *iter;
851 int num_entries = 0;
852 int total;
853 ssize_t token_length;
854 const u8 *pos;
855 u32 clen, plen, slen;
856
857 if (!buf)
858 return -EFAULT;
859
860 if (!resp)
861 return -EFAULT;
862
863 hdr = (struct opal_header *)buf;
864 pos = buf;
865 pos += sizeof(*hdr);
866
867 clen = be32_to_cpu(hdr->cp.length);
868 plen = be32_to_cpu(hdr->pkt.length);
869 slen = be32_to_cpu(hdr->subpkt.length);
870 pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
871 clen, plen, slen);
872
873 if (clen == 0 || plen == 0 || slen == 0 ||
874 slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
875 pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
876 clen, plen, slen);
877 print_buffer(pos, sizeof(*hdr));
878 return -EINVAL;
879 }
880
881 if (pos > buf + length)
882 return -EFAULT;
883
884 iter = resp->toks;
885 total = slen;
886 print_buffer(pos, total);
887 while (total > 0) {
888 if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
889 token_length = response_parse_tiny(iter, pos);
890 else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
891 token_length = response_parse_short(iter, pos);
892 else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
893 token_length = response_parse_medium(iter, pos);
894 else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
895 token_length = response_parse_long(iter, pos);
896 else /* TOKEN */
897 token_length = response_parse_token(iter, pos);
898
899 if (token_length < 0)
900 return token_length;
901
902 pos += token_length;
903 total -= token_length;
904 iter++;
905 num_entries++;
906 }
907
908 resp->num = num_entries;
909
910 return 0;
911}
912
913static size_t response_get_string(const struct parsed_resp *resp, int n,
914 const char **store)
915{
916 u8 skip;
917 const struct opal_resp_tok *tok;
918
919 *store = NULL;
920 tok = response_get_token(resp, n);
921 if (IS_ERR(tok))
922 return 0;
923
924 if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) {
925 pr_debug("Token is not a byte string!\n");
926 return 0;
927 }
928
929 switch (tok->width) {
930 case OPAL_WIDTH_TINY:
931 case OPAL_WIDTH_SHORT:
932 skip = 1;
933 break;
934 case OPAL_WIDTH_MEDIUM:
935 skip = 2;
936 break;
937 case OPAL_WIDTH_LONG:
938 skip = 4;
939 break;
940 default:
941 pr_debug("Token has invalid width!\n");
942 return 0;
943 }
944
945 *store = tok->pos + skip;
946
947 return tok->len - skip;
948}
949
950static u64 response_get_u64(const struct parsed_resp *resp, int n)
951{
952 const struct opal_resp_tok *tok;
953
954 tok = response_get_token(resp, n);
955 if (IS_ERR(tok))
956 return 0;
957
958 if (tok->type != OPAL_DTA_TOKENID_UINT) {
959 pr_debug("Token is not unsigned int: %d\n", tok->type);
960 return 0;
961 }
962
963 if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) {
964 pr_debug("Atom is not short or tiny: %d\n", tok->width);
965 return 0;
966 }
967
968 return tok->stored.u;
969}
970
971static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
972{
973 if (IS_ERR(token) ||
974 token->type != OPAL_DTA_TOKENID_TOKEN ||
975 token->pos[0] != match)
976 return false;
977 return true;
978}
979
980static u8 response_status(const struct parsed_resp *resp)
981{
982 const struct opal_resp_tok *tok;
983
984 tok = response_get_token(resp, 0);
985 if (response_token_matches(tok, OPAL_ENDOFSESSION))
986 return 0;
987
988 if (resp->num < 5)
989 return DTAERROR_NO_METHOD_STATUS;
990
991 tok = response_get_token(resp, resp->num - 5);
992 if (!response_token_matches(tok, OPAL_STARTLIST))
993 return DTAERROR_NO_METHOD_STATUS;
994
995 tok = response_get_token(resp, resp->num - 1);
996 if (!response_token_matches(tok, OPAL_ENDLIST))
997 return DTAERROR_NO_METHOD_STATUS;
998
999 return response_get_u64(resp, resp->num - 4);
1000}
1001
1002/* Parses and checks for errors */
1003static int parse_and_check_status(struct opal_dev *dev)
1004{
1005 int error;
1006
1007 print_buffer(dev->cmd, dev->pos);
1008
1009 error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
1010 if (error) {
1011 pr_debug("Couldn't parse response.\n");
1012 return error;
1013 }
1014
1015 return response_status(&dev->parsed);
1016}
1017
1018static void clear_opal_cmd(struct opal_dev *dev)
1019{
1020 dev->pos = sizeof(struct opal_header);
1021 memset(dev->cmd, 0, IO_BUFFER_LENGTH);
1022}
1023
1024static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method)
1025{
1026 int err = 0;
1027
1028 clear_opal_cmd(dev);
1029 set_comid(dev, dev->comid);
1030
1031 add_token_u8(&err, dev, OPAL_CALL);
1032 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1033 add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH);
1034
1035 /*
1036 * Every method call is followed by its parameters enclosed within
1037 * OPAL_STARTLIST and OPAL_ENDLIST tokens. We automatically open the
1038 * parameter list here and close it later in cmd_finalize.
1039 */
1040 add_token_u8(&err, dev, OPAL_STARTLIST);
1041
1042 return err;
1043}
1044
1045static int start_opal_session_cont(struct opal_dev *dev)
1046{
1047 u32 hsn, tsn;
1048 int error = 0;
1049
1050 error = parse_and_check_status(dev);
1051 if (error)
1052 return error;
1053
1054 hsn = response_get_u64(&dev->parsed, 4);
1055 tsn = response_get_u64(&dev->parsed, 5);
1056
1057 if (hsn == 0 && tsn == 0) {
1058 pr_debug("Couldn't authenticate session\n");
1059 return -EPERM;
1060 }
1061
1062 dev->hsn = hsn;
1063 dev->tsn = tsn;
1064
1065 return 0;
1066}
1067
1068static void add_suspend_info(struct opal_dev *dev,
1069 struct opal_suspend_data *sus)
1070{
1071 struct opal_suspend_data *iter;
1072
1073 list_for_each_entry(iter, &dev->unlk_lst, node) {
1074 if (iter->lr == sus->lr) {
1075 list_del(&iter->node);
1076 kfree(iter);
1077 break;
1078 }
1079 }
1080 list_add_tail(&sus->node, &dev->unlk_lst);
1081}
1082
1083static int end_session_cont(struct opal_dev *dev)
1084{
1085 dev->hsn = 0;
1086 dev->tsn = 0;
1087
1088 return parse_and_check_status(dev);
1089}
1090
1091static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1092{
1093 int ret;
1094
1095 ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1096 if (ret) {
1097 pr_debug("Error finalizing command buffer: %d\n", ret);
1098 return ret;
1099 }
1100
1101 print_buffer(dev->cmd, dev->pos);
1102
1103 return opal_send_recv(dev, cont);
1104}
1105
1106/*
1107 * request @column from table @table on device @dev. On success, the column
1108 * data will be available in dev->resp->tok[4]
1109 */
1110static int generic_get_column(struct opal_dev *dev, const u8 *table,
1111 u64 column)
1112{
1113 int err;
1114
1115 err = cmd_start(dev, table, opalmethod[OPAL_GET]);
1116
1117 add_token_u8(&err, dev, OPAL_STARTLIST);
1118
1119 add_token_u8(&err, dev, OPAL_STARTNAME);
1120 add_token_u8(&err, dev, OPAL_STARTCOLUMN);
1121 add_token_u64(&err, dev, column);
1122 add_token_u8(&err, dev, OPAL_ENDNAME);
1123
1124 add_token_u8(&err, dev, OPAL_STARTNAME);
1125 add_token_u8(&err, dev, OPAL_ENDCOLUMN);
1126 add_token_u64(&err, dev, column);
1127 add_token_u8(&err, dev, OPAL_ENDNAME);
1128
1129 add_token_u8(&err, dev, OPAL_ENDLIST);
1130
1131 if (err)
1132 return err;
1133
1134 return finalize_and_send(dev, parse_and_check_status);
1135}
1136
1137/*
1138 * see TCG SAS 5.3.2.3 for a description of the available columns
1139 *
1140 * the result is provided in dev->resp->tok[4]
1141 */
1142static int generic_get_table_info(struct opal_dev *dev, enum opal_uid table,
1143 u64 column)
1144{
1145 u8 uid[OPAL_UID_LENGTH];
1146 const unsigned int half = OPAL_UID_LENGTH/2;
1147
1148 /* sed-opal UIDs can be split in two halves:
1149 * first: actual table index
1150 * second: relative index in the table
1151 * so we have to get the first half of the OPAL_TABLE_TABLE and use the
1152 * first part of the target table as relative index into that table
1153 */
1154 memcpy(uid, opaluid[OPAL_TABLE_TABLE], half);
1155 memcpy(uid+half, opaluid[table], half);
1156
1157 return generic_get_column(dev, uid, column);
1158}
1159
1160static int gen_key(struct opal_dev *dev, void *data)
1161{
1162 u8 uid[OPAL_UID_LENGTH];
1163 int err;
1164
1165 memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1166 kfree(dev->prev_data);
1167 dev->prev_data = NULL;
1168
1169 err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]);
1170
1171 if (err) {
1172 pr_debug("Error building gen key command\n");
1173 return err;
1174
1175 }
1176
1177 return finalize_and_send(dev, parse_and_check_status);
1178}
1179
1180static int get_active_key_cont(struct opal_dev *dev)
1181{
1182 const char *activekey;
1183 size_t keylen;
1184 int error = 0;
1185
1186 error = parse_and_check_status(dev);
1187 if (error)
1188 return error;
1189
1190 keylen = response_get_string(&dev->parsed, 4, &activekey);
1191 if (!activekey) {
1192 pr_debug("%s: Couldn't extract the Activekey from the response\n",
1193 __func__);
1194 return OPAL_INVAL_PARAM;
1195 }
1196
1197 dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1198
1199 if (!dev->prev_data)
1200 return -ENOMEM;
1201
1202 dev->prev_d_len = keylen;
1203
1204 return 0;
1205}
1206
1207static int get_active_key(struct opal_dev *dev, void *data)
1208{
1209 u8 uid[OPAL_UID_LENGTH];
1210 int err;
1211 u8 *lr = data;
1212
1213 err = build_locking_range(uid, sizeof(uid), *lr);
1214 if (err)
1215 return err;
1216
1217 err = generic_get_column(dev, uid, OPAL_ACTIVEKEY);
1218 if (err)
1219 return err;
1220
1221 return get_active_key_cont(dev);
1222}
1223
1224static int generic_lr_enable_disable(struct opal_dev *dev,
1225 u8 *uid, bool rle, bool wle,
1226 bool rl, bool wl)
1227{
1228 int err;
1229
1230 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1231
1232 add_token_u8(&err, dev, OPAL_STARTNAME);
1233 add_token_u8(&err, dev, OPAL_VALUES);
1234 add_token_u8(&err, dev, OPAL_STARTLIST);
1235
1236 add_token_u8(&err, dev, OPAL_STARTNAME);
1237 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1238 add_token_u8(&err, dev, rle);
1239 add_token_u8(&err, dev, OPAL_ENDNAME);
1240
1241 add_token_u8(&err, dev, OPAL_STARTNAME);
1242 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1243 add_token_u8(&err, dev, wle);
1244 add_token_u8(&err, dev, OPAL_ENDNAME);
1245
1246 add_token_u8(&err, dev, OPAL_STARTNAME);
1247 add_token_u8(&err, dev, OPAL_READLOCKED);
1248 add_token_u8(&err, dev, rl);
1249 add_token_u8(&err, dev, OPAL_ENDNAME);
1250
1251 add_token_u8(&err, dev, OPAL_STARTNAME);
1252 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1253 add_token_u8(&err, dev, wl);
1254 add_token_u8(&err, dev, OPAL_ENDNAME);
1255
1256 add_token_u8(&err, dev, OPAL_ENDLIST);
1257 add_token_u8(&err, dev, OPAL_ENDNAME);
1258
1259 return err;
1260}
1261
1262static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1263 struct opal_user_lr_setup *setup)
1264{
1265 int err;
1266
1267 err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1268 0, 0);
1269 if (err)
1270 pr_debug("Failed to create enable global lr command\n");
1271
1272 return err;
1273}
1274
1275static int setup_locking_range(struct opal_dev *dev, void *data)
1276{
1277 u8 uid[OPAL_UID_LENGTH];
1278 struct opal_user_lr_setup *setup = data;
1279 u8 lr;
1280 int err;
1281
1282 lr = setup->session.opal_key.lr;
1283 err = build_locking_range(uid, sizeof(uid), lr);
1284 if (err)
1285 return err;
1286
1287 if (lr == 0)
1288 err = enable_global_lr(dev, uid, setup);
1289 else {
1290 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1291
1292 add_token_u8(&err, dev, OPAL_STARTNAME);
1293 add_token_u8(&err, dev, OPAL_VALUES);
1294 add_token_u8(&err, dev, OPAL_STARTLIST);
1295
1296 add_token_u8(&err, dev, OPAL_STARTNAME);
1297 add_token_u8(&err, dev, OPAL_RANGESTART);
1298 add_token_u64(&err, dev, setup->range_start);
1299 add_token_u8(&err, dev, OPAL_ENDNAME);
1300
1301 add_token_u8(&err, dev, OPAL_STARTNAME);
1302 add_token_u8(&err, dev, OPAL_RANGELENGTH);
1303 add_token_u64(&err, dev, setup->range_length);
1304 add_token_u8(&err, dev, OPAL_ENDNAME);
1305
1306 add_token_u8(&err, dev, OPAL_STARTNAME);
1307 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1308 add_token_u64(&err, dev, !!setup->RLE);
1309 add_token_u8(&err, dev, OPAL_ENDNAME);
1310
1311 add_token_u8(&err, dev, OPAL_STARTNAME);
1312 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1313 add_token_u64(&err, dev, !!setup->WLE);
1314 add_token_u8(&err, dev, OPAL_ENDNAME);
1315
1316 add_token_u8(&err, dev, OPAL_ENDLIST);
1317 add_token_u8(&err, dev, OPAL_ENDNAME);
1318 }
1319 if (err) {
1320 pr_debug("Error building Setup Locking range command.\n");
1321 return err;
1322 }
1323
1324 return finalize_and_send(dev, parse_and_check_status);
1325}
1326
1327static int start_generic_opal_session(struct opal_dev *dev,
1328 enum opal_uid auth,
1329 enum opal_uid sp_type,
1330 const char *key,
1331 u8 key_len)
1332{
1333 u32 hsn;
1334 int err;
1335
1336 if (key == NULL && auth != OPAL_ANYBODY_UID)
1337 return OPAL_INVAL_PARAM;
1338
1339 hsn = GENERIC_HOST_SESSION_NUM;
1340 err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1341 opalmethod[OPAL_STARTSESSION]);
1342
1343 add_token_u64(&err, dev, hsn);
1344 add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1345 add_token_u8(&err, dev, 1);
1346
1347 switch (auth) {
1348 case OPAL_ANYBODY_UID:
1349 break;
1350 case OPAL_ADMIN1_UID:
1351 case OPAL_SID_UID:
1352 case OPAL_PSID_UID:
1353 add_token_u8(&err, dev, OPAL_STARTNAME);
1354 add_token_u8(&err, dev, 0); /* HostChallenge */
1355 add_token_bytestring(&err, dev, key, key_len);
1356 add_token_u8(&err, dev, OPAL_ENDNAME);
1357 add_token_u8(&err, dev, OPAL_STARTNAME);
1358 add_token_u8(&err, dev, 3); /* HostSignAuth */
1359 add_token_bytestring(&err, dev, opaluid[auth],
1360 OPAL_UID_LENGTH);
1361 add_token_u8(&err, dev, OPAL_ENDNAME);
1362 break;
1363 default:
1364 pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1365 return OPAL_INVAL_PARAM;
1366 }
1367
1368 if (err) {
1369 pr_debug("Error building start adminsp session command.\n");
1370 return err;
1371 }
1372
1373 return finalize_and_send(dev, start_opal_session_cont);
1374}
1375
1376static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1377{
1378 return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1379 OPAL_ADMINSP_UID, NULL, 0);
1380}
1381
1382static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1383{
1384 int ret;
1385 const u8 *key = dev->prev_data;
1386
1387 if (!key) {
1388 const struct opal_key *okey = data;
1389
1390 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1391 OPAL_ADMINSP_UID,
1392 okey->key,
1393 okey->key_len);
1394 } else {
1395 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1396 OPAL_ADMINSP_UID,
1397 key, dev->prev_d_len);
1398 kfree(key);
1399 dev->prev_data = NULL;
1400 }
1401
1402 return ret;
1403}
1404
1405static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1406{
1407 struct opal_key *key = data;
1408
1409 return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1410 OPAL_LOCKINGSP_UID,
1411 key->key, key->key_len);
1412}
1413
1414static int start_PSID_opal_session(struct opal_dev *dev, void *data)
1415{
1416 const struct opal_key *okey = data;
1417
1418 return start_generic_opal_session(dev, OPAL_PSID_UID,
1419 OPAL_ADMINSP_UID,
1420 okey->key,
1421 okey->key_len);
1422}
1423
1424static int start_auth_opal_session(struct opal_dev *dev, void *data)
1425{
1426 struct opal_session_info *session = data;
1427 u8 lk_ul_user[OPAL_UID_LENGTH];
1428 size_t keylen = session->opal_key.key_len;
1429 int err = 0;
1430
1431 u8 *key = session->opal_key.key;
1432 u32 hsn = GENERIC_HOST_SESSION_NUM;
1433
1434 if (session->sum)
1435 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1436 session->opal_key.lr);
1437 else if (session->who != OPAL_ADMIN1 && !session->sum)
1438 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1439 session->who - 1);
1440 else
1441 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1442
1443 if (err)
1444 return err;
1445
1446 err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1447 opalmethod[OPAL_STARTSESSION]);
1448
1449 add_token_u64(&err, dev, hsn);
1450 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1451 OPAL_UID_LENGTH);
1452 add_token_u8(&err, dev, 1);
1453 add_token_u8(&err, dev, OPAL_STARTNAME);
1454 add_token_u8(&err, dev, 0);
1455 add_token_bytestring(&err, dev, key, keylen);
1456 add_token_u8(&err, dev, OPAL_ENDNAME);
1457 add_token_u8(&err, dev, OPAL_STARTNAME);
1458 add_token_u8(&err, dev, 3);
1459 add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1460 add_token_u8(&err, dev, OPAL_ENDNAME);
1461
1462 if (err) {
1463 pr_debug("Error building STARTSESSION command.\n");
1464 return err;
1465 }
1466
1467 return finalize_and_send(dev, start_opal_session_cont);
1468}
1469
1470static int revert_tper(struct opal_dev *dev, void *data)
1471{
1472 int err;
1473
1474 err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID],
1475 opalmethod[OPAL_REVERT]);
1476 if (err) {
1477 pr_debug("Error building REVERT TPER command.\n");
1478 return err;
1479 }
1480
1481 return finalize_and_send(dev, parse_and_check_status);
1482}
1483
1484static int internal_activate_user(struct opal_dev *dev, void *data)
1485{
1486 struct opal_session_info *session = data;
1487 u8 uid[OPAL_UID_LENGTH];
1488 int err;
1489
1490 memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1491 uid[7] = session->who;
1492
1493 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1494 add_token_u8(&err, dev, OPAL_STARTNAME);
1495 add_token_u8(&err, dev, OPAL_VALUES);
1496 add_token_u8(&err, dev, OPAL_STARTLIST);
1497 add_token_u8(&err, dev, OPAL_STARTNAME);
1498 add_token_u8(&err, dev, 5); /* Enabled */
1499 add_token_u8(&err, dev, OPAL_TRUE);
1500 add_token_u8(&err, dev, OPAL_ENDNAME);
1501 add_token_u8(&err, dev, OPAL_ENDLIST);
1502 add_token_u8(&err, dev, OPAL_ENDNAME);
1503
1504 if (err) {
1505 pr_debug("Error building Activate UserN command.\n");
1506 return err;
1507 }
1508
1509 return finalize_and_send(dev, parse_and_check_status);
1510}
1511
1512static int erase_locking_range(struct opal_dev *dev, void *data)
1513{
1514 struct opal_session_info *session = data;
1515 u8 uid[OPAL_UID_LENGTH];
1516 int err;
1517
1518 if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1519 return -ERANGE;
1520
1521 err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]);
1522
1523 if (err) {
1524 pr_debug("Error building Erase Locking Range Command.\n");
1525 return err;
1526 }
1527
1528 return finalize_and_send(dev, parse_and_check_status);
1529}
1530
1531static int set_mbr_done(struct opal_dev *dev, void *data)
1532{
1533 u8 *mbr_done_tf = data;
1534 int err;
1535
1536 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1537 opalmethod[OPAL_SET]);
1538
1539 add_token_u8(&err, dev, OPAL_STARTNAME);
1540 add_token_u8(&err, dev, OPAL_VALUES);
1541 add_token_u8(&err, dev, OPAL_STARTLIST);
1542 add_token_u8(&err, dev, OPAL_STARTNAME);
1543 add_token_u8(&err, dev, OPAL_MBRDONE);
1544 add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */
1545 add_token_u8(&err, dev, OPAL_ENDNAME);
1546 add_token_u8(&err, dev, OPAL_ENDLIST);
1547 add_token_u8(&err, dev, OPAL_ENDNAME);
1548
1549 if (err) {
1550 pr_debug("Error Building set MBR Done command\n");
1551 return err;
1552 }
1553
1554 return finalize_and_send(dev, parse_and_check_status);
1555}
1556
1557static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1558{
1559 u8 *mbr_en_dis = data;
1560 int err;
1561
1562 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1563 opalmethod[OPAL_SET]);
1564
1565 add_token_u8(&err, dev, OPAL_STARTNAME);
1566 add_token_u8(&err, dev, OPAL_VALUES);
1567 add_token_u8(&err, dev, OPAL_STARTLIST);
1568 add_token_u8(&err, dev, OPAL_STARTNAME);
1569 add_token_u8(&err, dev, OPAL_MBRENABLE);
1570 add_token_u8(&err, dev, *mbr_en_dis);
1571 add_token_u8(&err, dev, OPAL_ENDNAME);
1572 add_token_u8(&err, dev, OPAL_ENDLIST);
1573 add_token_u8(&err, dev, OPAL_ENDNAME);
1574
1575 if (err) {
1576 pr_debug("Error Building set MBR done command\n");
1577 return err;
1578 }
1579
1580 return finalize_and_send(dev, parse_and_check_status);
1581}
1582
1583static int write_shadow_mbr(struct opal_dev *dev, void *data)
1584{
1585 struct opal_shadow_mbr *shadow = data;
1586 const u8 __user *src;
1587 u8 *dst;
1588 size_t off = 0;
1589 u64 len;
1590 int err = 0;
1591
1592 /* do we fit in the available shadow mbr space? */
1593 err = generic_get_table_info(dev, OPAL_MBR, OPAL_TABLE_ROWS);
1594 if (err) {
1595 pr_debug("MBR: could not get shadow size\n");
1596 return err;
1597 }
1598
1599 len = response_get_u64(&dev->parsed, 4);
1600 if (shadow->size > len || shadow->offset > len - shadow->size) {
1601 pr_debug("MBR: does not fit in shadow (%llu vs. %llu)\n",
1602 shadow->offset + shadow->size, len);
1603 return -ENOSPC;
1604 }
1605
1606 /* do the actual transmission(s) */
1607 src = (u8 __user *)(uintptr_t)shadow->data;
1608 while (off < shadow->size) {
1609 err = cmd_start(dev, opaluid[OPAL_MBR], opalmethod[OPAL_SET]);
1610 add_token_u8(&err, dev, OPAL_STARTNAME);
1611 add_token_u8(&err, dev, OPAL_WHERE);
1612 add_token_u64(&err, dev, shadow->offset + off);
1613 add_token_u8(&err, dev, OPAL_ENDNAME);
1614
1615 add_token_u8(&err, dev, OPAL_STARTNAME);
1616 add_token_u8(&err, dev, OPAL_VALUES);
1617
1618 /*
1619 * The bytestring header is either 1 or 2 bytes, so assume 2.
1620 * There also needs to be enough space to accommodate the
1621 * trailing OPAL_ENDNAME (1 byte) and tokens added by
1622 * cmd_finalize.
1623 */
1624 len = min(remaining_size(dev) - (2+1+CMD_FINALIZE_BYTES_NEEDED),
1625 (size_t)(shadow->size - off));
1626 pr_debug("MBR: write bytes %zu+%llu/%llu\n",
1627 off, len, shadow->size);
1628
1629 dst = add_bytestring_header(&err, dev, len);
1630 if (!dst)
1631 break;
1632 if (copy_from_user(dst, src + off, len))
1633 err = -EFAULT;
1634 dev->pos += len;
1635
1636 add_token_u8(&err, dev, OPAL_ENDNAME);
1637 if (err)
1638 break;
1639
1640 err = finalize_and_send(dev, parse_and_check_status);
1641 if (err)
1642 break;
1643
1644 off += len;
1645 }
1646
1647 return err;
1648}
1649
1650static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1651 struct opal_dev *dev)
1652{
1653 int err;
1654
1655 err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]);
1656
1657 add_token_u8(&err, dev, OPAL_STARTNAME);
1658 add_token_u8(&err, dev, OPAL_VALUES);
1659 add_token_u8(&err, dev, OPAL_STARTLIST);
1660 add_token_u8(&err, dev, OPAL_STARTNAME);
1661 add_token_u8(&err, dev, OPAL_PIN);
1662 add_token_bytestring(&err, dev, key, key_len);
1663 add_token_u8(&err, dev, OPAL_ENDNAME);
1664 add_token_u8(&err, dev, OPAL_ENDLIST);
1665 add_token_u8(&err, dev, OPAL_ENDNAME);
1666
1667 return err;
1668}
1669
1670static int set_new_pw(struct opal_dev *dev, void *data)
1671{
1672 u8 cpin_uid[OPAL_UID_LENGTH];
1673 struct opal_session_info *usr = data;
1674
1675 memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1676
1677 if (usr->who != OPAL_ADMIN1) {
1678 cpin_uid[5] = 0x03;
1679 if (usr->sum)
1680 cpin_uid[7] = usr->opal_key.lr + 1;
1681 else
1682 cpin_uid[7] = usr->who;
1683 }
1684
1685 if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
1686 cpin_uid, dev)) {
1687 pr_debug("Error building set password command.\n");
1688 return -ERANGE;
1689 }
1690
1691 return finalize_and_send(dev, parse_and_check_status);
1692}
1693
1694static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
1695{
1696 u8 cpin_uid[OPAL_UID_LENGTH];
1697 struct opal_key *key = data;
1698
1699 memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
1700
1701 if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
1702 pr_debug("Error building Set SID cpin\n");
1703 return -ERANGE;
1704 }
1705 return finalize_and_send(dev, parse_and_check_status);
1706}
1707
1708static int add_user_to_lr(struct opal_dev *dev, void *data)
1709{
1710 u8 lr_buffer[OPAL_UID_LENGTH];
1711 u8 user_uid[OPAL_UID_LENGTH];
1712 struct opal_lock_unlock *lkul = data;
1713 int err;
1714
1715 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_RDLOCKED],
1716 OPAL_UID_LENGTH);
1717
1718 if (lkul->l_state == OPAL_RW)
1719 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_WRLOCKED],
1720 OPAL_UID_LENGTH);
1721
1722 lr_buffer[7] = lkul->session.opal_key.lr;
1723
1724 memcpy(user_uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1725
1726 user_uid[7] = lkul->session.who;
1727
1728 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1729
1730 add_token_u8(&err, dev, OPAL_STARTNAME);
1731 add_token_u8(&err, dev, OPAL_VALUES);
1732
1733 add_token_u8(&err, dev, OPAL_STARTLIST);
1734 add_token_u8(&err, dev, OPAL_STARTNAME);
1735 add_token_u8(&err, dev, 3);
1736
1737 add_token_u8(&err, dev, OPAL_STARTLIST);
1738
1739
1740 add_token_u8(&err, dev, OPAL_STARTNAME);
1741 add_token_bytestring(&err, dev,
1742 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1743 OPAL_UID_LENGTH/2);
1744 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1745 add_token_u8(&err, dev, OPAL_ENDNAME);
1746
1747
1748 add_token_u8(&err, dev, OPAL_STARTNAME);
1749 add_token_bytestring(&err, dev,
1750 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1751 OPAL_UID_LENGTH/2);
1752 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1753 add_token_u8(&err, dev, OPAL_ENDNAME);
1754
1755
1756 add_token_u8(&err, dev, OPAL_STARTNAME);
1757 add_token_bytestring(&err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
1758 OPAL_UID_LENGTH/2);
1759 add_token_u8(&err, dev, 1);
1760 add_token_u8(&err, dev, OPAL_ENDNAME);
1761
1762
1763 add_token_u8(&err, dev, OPAL_ENDLIST);
1764 add_token_u8(&err, dev, OPAL_ENDNAME);
1765 add_token_u8(&err, dev, OPAL_ENDLIST);
1766 add_token_u8(&err, dev, OPAL_ENDNAME);
1767
1768 if (err) {
1769 pr_debug("Error building add user to locking range command.\n");
1770 return err;
1771 }
1772
1773 return finalize_and_send(dev, parse_and_check_status);
1774}
1775
1776static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
1777{
1778 u8 lr_buffer[OPAL_UID_LENGTH];
1779 struct opal_lock_unlock *lkul = data;
1780 u8 read_locked = 1, write_locked = 1;
1781 int err = 0;
1782
1783 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1784 lkul->session.opal_key.lr) < 0)
1785 return -ERANGE;
1786
1787 switch (lkul->l_state) {
1788 case OPAL_RO:
1789 read_locked = 0;
1790 write_locked = 1;
1791 break;
1792 case OPAL_RW:
1793 read_locked = 0;
1794 write_locked = 0;
1795 break;
1796 case OPAL_LK:
1797 /* vars are initialized to locked */
1798 break;
1799 default:
1800 pr_debug("Tried to set an invalid locking state... returning to uland\n");
1801 return OPAL_INVAL_PARAM;
1802 }
1803
1804 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1805
1806 add_token_u8(&err, dev, OPAL_STARTNAME);
1807 add_token_u8(&err, dev, OPAL_VALUES);
1808 add_token_u8(&err, dev, OPAL_STARTLIST);
1809
1810 add_token_u8(&err, dev, OPAL_STARTNAME);
1811 add_token_u8(&err, dev, OPAL_READLOCKED);
1812 add_token_u8(&err, dev, read_locked);
1813 add_token_u8(&err, dev, OPAL_ENDNAME);
1814
1815 add_token_u8(&err, dev, OPAL_STARTNAME);
1816 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1817 add_token_u8(&err, dev, write_locked);
1818 add_token_u8(&err, dev, OPAL_ENDNAME);
1819
1820 add_token_u8(&err, dev, OPAL_ENDLIST);
1821 add_token_u8(&err, dev, OPAL_ENDNAME);
1822
1823 if (err) {
1824 pr_debug("Error building SET command.\n");
1825 return err;
1826 }
1827
1828 return finalize_and_send(dev, parse_and_check_status);
1829}
1830
1831
1832static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
1833{
1834 u8 lr_buffer[OPAL_UID_LENGTH];
1835 u8 read_locked = 1, write_locked = 1;
1836 struct opal_lock_unlock *lkul = data;
1837 int ret;
1838
1839 clear_opal_cmd(dev);
1840 set_comid(dev, dev->comid);
1841
1842 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1843 lkul->session.opal_key.lr) < 0)
1844 return -ERANGE;
1845
1846 switch (lkul->l_state) {
1847 case OPAL_RO:
1848 read_locked = 0;
1849 write_locked = 1;
1850 break;
1851 case OPAL_RW:
1852 read_locked = 0;
1853 write_locked = 0;
1854 break;
1855 case OPAL_LK:
1856 /* vars are initialized to locked */
1857 break;
1858 default:
1859 pr_debug("Tried to set an invalid locking state.\n");
1860 return OPAL_INVAL_PARAM;
1861 }
1862 ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
1863 read_locked, write_locked);
1864
1865 if (ret < 0) {
1866 pr_debug("Error building SET command.\n");
1867 return ret;
1868 }
1869
1870 return finalize_and_send(dev, parse_and_check_status);
1871}
1872
1873static int activate_lsp(struct opal_dev *dev, void *data)
1874{
1875 struct opal_lr_act *opal_act = data;
1876 u8 user_lr[OPAL_UID_LENGTH];
1877 u8 uint_3 = 0x83;
1878 int err, i;
1879
1880 err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID],
1881 opalmethod[OPAL_ACTIVATE]);
1882
1883 if (opal_act->sum) {
1884 err = build_locking_range(user_lr, sizeof(user_lr),
1885 opal_act->lr[0]);
1886 if (err)
1887 return err;
1888
1889 add_token_u8(&err, dev, OPAL_STARTNAME);
1890 add_token_u8(&err, dev, uint_3);
1891 add_token_u8(&err, dev, 6);
1892 add_token_u8(&err, dev, 0);
1893 add_token_u8(&err, dev, 0);
1894
1895 add_token_u8(&err, dev, OPAL_STARTLIST);
1896 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1897 for (i = 1; i < opal_act->num_lrs; i++) {
1898 user_lr[7] = opal_act->lr[i];
1899 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1900 }
1901 add_token_u8(&err, dev, OPAL_ENDLIST);
1902 add_token_u8(&err, dev, OPAL_ENDNAME);
1903 }
1904
1905 if (err) {
1906 pr_debug("Error building Activate LockingSP command.\n");
1907 return err;
1908 }
1909
1910 return finalize_and_send(dev, parse_and_check_status);
1911}
1912
1913/* Determine if we're in the Manufactured Inactive or Active state */
1914static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
1915{
1916 u8 lc_status;
1917 int err;
1918
1919 err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID],
1920 OPAL_LIFECYCLE);
1921 if (err)
1922 return err;
1923
1924 lc_status = response_get_u64(&dev->parsed, 4);
1925 /* 0x08 is Manufactured Inactive */
1926 /* 0x09 is Manufactured */
1927 if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
1928 pr_debug("Couldn't determine the status of the Lifecycle state\n");
1929 return -ENODEV;
1930 }
1931
1932 return 0;
1933}
1934
1935static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
1936{
1937 const char *msid_pin;
1938 size_t strlen;
1939 int err;
1940
1941 err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN);
1942 if (err)
1943 return err;
1944
1945 strlen = response_get_string(&dev->parsed, 4, &msid_pin);
1946 if (!msid_pin) {
1947 pr_debug("Couldn't extract MSID_CPIN from response\n");
1948 return OPAL_INVAL_PARAM;
1949 }
1950
1951 dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
1952 if (!dev->prev_data)
1953 return -ENOMEM;
1954
1955 dev->prev_d_len = strlen;
1956
1957 return 0;
1958}
1959
1960static int end_opal_session(struct opal_dev *dev, void *data)
1961{
1962 int err = 0;
1963
1964 clear_opal_cmd(dev);
1965 set_comid(dev, dev->comid);
1966 add_token_u8(&err, dev, OPAL_ENDOFSESSION);
1967
1968 if (err < 0)
1969 return err;
1970
1971 return finalize_and_send(dev, end_session_cont);
1972}
1973
1974static int end_opal_session_error(struct opal_dev *dev)
1975{
1976 const struct opal_step error_end_session = {
1977 end_opal_session,
1978 };
1979
1980 return execute_step(dev, &error_end_session, 0);
1981}
1982
1983static inline void setup_opal_dev(struct opal_dev *dev)
1984{
1985 dev->tsn = 0;
1986 dev->hsn = 0;
1987 dev->prev_data = NULL;
1988}
1989
1990static int check_opal_support(struct opal_dev *dev)
1991{
1992 int ret;
1993
1994 mutex_lock(&dev->dev_lock);
1995 setup_opal_dev(dev);
1996 ret = opal_discovery0_step(dev);
1997 dev->supported = !ret;
1998 mutex_unlock(&dev->dev_lock);
1999
2000 return ret;
2001}
2002
2003static void clean_opal_dev(struct opal_dev *dev)
2004{
2005
2006 struct opal_suspend_data *suspend, *next;
2007
2008 mutex_lock(&dev->dev_lock);
2009 list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
2010 list_del(&suspend->node);
2011 kfree(suspend);
2012 }
2013 mutex_unlock(&dev->dev_lock);
2014}
2015
2016void free_opal_dev(struct opal_dev *dev)
2017{
2018 if (!dev)
2019 return;
2020
2021 clean_opal_dev(dev);
2022 kfree(dev);
2023}
2024EXPORT_SYMBOL(free_opal_dev);
2025
2026struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2027{
2028 struct opal_dev *dev;
2029
2030 dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2031 if (!dev)
2032 return NULL;
2033
2034 INIT_LIST_HEAD(&dev->unlk_lst);
2035 mutex_init(&dev->dev_lock);
2036 dev->data = data;
2037 dev->send_recv = send_recv;
2038 if (check_opal_support(dev) != 0) {
2039 pr_debug("Opal is not supported on this device\n");
2040 kfree(dev);
2041 return NULL;
2042 }
2043
2044 return dev;
2045}
2046EXPORT_SYMBOL(init_opal_dev);
2047
2048static int opal_secure_erase_locking_range(struct opal_dev *dev,
2049 struct opal_session_info *opal_session)
2050{
2051 const struct opal_step erase_steps[] = {
2052 { start_auth_opal_session, opal_session },
2053 { get_active_key, &opal_session->opal_key.lr },
2054 { gen_key, },
2055 { end_opal_session, }
2056 };
2057 int ret;
2058
2059 mutex_lock(&dev->dev_lock);
2060 setup_opal_dev(dev);
2061 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2062 mutex_unlock(&dev->dev_lock);
2063
2064 return ret;
2065}
2066
2067static int opal_erase_locking_range(struct opal_dev *dev,
2068 struct opal_session_info *opal_session)
2069{
2070 const struct opal_step erase_steps[] = {
2071 { start_auth_opal_session, opal_session },
2072 { erase_locking_range, opal_session },
2073 { end_opal_session, }
2074 };
2075 int ret;
2076
2077 mutex_lock(&dev->dev_lock);
2078 setup_opal_dev(dev);
2079 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2080 mutex_unlock(&dev->dev_lock);
2081
2082 return ret;
2083}
2084
2085static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2086 struct opal_mbr_data *opal_mbr)
2087{
2088 u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ?
2089 OPAL_TRUE : OPAL_FALSE;
2090
2091 const struct opal_step mbr_steps[] = {
2092 { start_admin1LSP_opal_session, &opal_mbr->key },
2093 { set_mbr_done, &enable_disable },
2094 { end_opal_session, },
2095 { start_admin1LSP_opal_session, &opal_mbr->key },
2096 { set_mbr_enable_disable, &enable_disable },
2097 { end_opal_session, }
2098 };
2099 int ret;
2100
2101 if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2102 opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2103 return -EINVAL;
2104
2105 mutex_lock(&dev->dev_lock);
2106 setup_opal_dev(dev);
2107 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2108 mutex_unlock(&dev->dev_lock);
2109
2110 return ret;
2111}
2112
2113static int opal_set_mbr_done(struct opal_dev *dev,
2114 struct opal_mbr_done *mbr_done)
2115{
2116 u8 mbr_done_tf = mbr_done->done_flag == OPAL_MBR_DONE ?
2117 OPAL_TRUE : OPAL_FALSE;
2118
2119 const struct opal_step mbr_steps[] = {
2120 { start_admin1LSP_opal_session, &mbr_done->key },
2121 { set_mbr_done, &mbr_done_tf },
2122 { end_opal_session, }
2123 };
2124 int ret;
2125
2126 if (mbr_done->done_flag != OPAL_MBR_DONE &&
2127 mbr_done->done_flag != OPAL_MBR_NOT_DONE)
2128 return -EINVAL;
2129
2130 mutex_lock(&dev->dev_lock);
2131 setup_opal_dev(dev);
2132 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2133 mutex_unlock(&dev->dev_lock);
2134
2135 return ret;
2136}
2137
2138static int opal_write_shadow_mbr(struct opal_dev *dev,
2139 struct opal_shadow_mbr *info)
2140{
2141 const struct opal_step mbr_steps[] = {
2142 { start_admin1LSP_opal_session, &info->key },
2143 { write_shadow_mbr, info },
2144 { end_opal_session, }
2145 };
2146 int ret;
2147
2148 if (info->size == 0)
2149 return 0;
2150
2151 mutex_lock(&dev->dev_lock);
2152 setup_opal_dev(dev);
2153 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2154 mutex_unlock(&dev->dev_lock);
2155
2156 return ret;
2157}
2158
2159static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2160{
2161 struct opal_suspend_data *suspend;
2162
2163 suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2164 if (!suspend)
2165 return -ENOMEM;
2166
2167 suspend->unlk = *lk_unlk;
2168 suspend->lr = lk_unlk->session.opal_key.lr;
2169
2170 mutex_lock(&dev->dev_lock);
2171 setup_opal_dev(dev);
2172 add_suspend_info(dev, suspend);
2173 mutex_unlock(&dev->dev_lock);
2174
2175 return 0;
2176}
2177
2178static int opal_add_user_to_lr(struct opal_dev *dev,
2179 struct opal_lock_unlock *lk_unlk)
2180{
2181 const struct opal_step steps[] = {
2182 { start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2183 { add_user_to_lr, lk_unlk },
2184 { end_opal_session, }
2185 };
2186 int ret;
2187
2188 if (lk_unlk->l_state != OPAL_RO &&
2189 lk_unlk->l_state != OPAL_RW) {
2190 pr_debug("Locking state was not RO or RW\n");
2191 return -EINVAL;
2192 }
2193
2194 if (lk_unlk->session.who < OPAL_USER1 ||
2195 lk_unlk->session.who > OPAL_USER9) {
2196 pr_debug("Authority was not within the range of users: %d\n",
2197 lk_unlk->session.who);
2198 return -EINVAL;
2199 }
2200
2201 if (lk_unlk->session.sum) {
2202 pr_debug("%s not supported in sum. Use setup locking range\n",
2203 __func__);
2204 return -EINVAL;
2205 }
2206
2207 mutex_lock(&dev->dev_lock);
2208 setup_opal_dev(dev);
2209 ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2210 mutex_unlock(&dev->dev_lock);
2211
2212 return ret;
2213}
2214
2215static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psid)
2216{
2217 /* controller will terminate session */
2218 const struct opal_step revert_steps[] = {
2219 { start_SIDASP_opal_session, opal },
2220 { revert_tper, }
2221 };
2222 const struct opal_step psid_revert_steps[] = {
2223 { start_PSID_opal_session, opal },
2224 { revert_tper, }
2225 };
2226
2227 int ret;
2228
2229 mutex_lock(&dev->dev_lock);
2230 setup_opal_dev(dev);
2231 if (psid)
2232 ret = execute_steps(dev, psid_revert_steps,
2233 ARRAY_SIZE(psid_revert_steps));
2234 else
2235 ret = execute_steps(dev, revert_steps,
2236 ARRAY_SIZE(revert_steps));
2237 mutex_unlock(&dev->dev_lock);
2238
2239 /*
2240 * If we successfully reverted lets clean
2241 * any saved locking ranges.
2242 */
2243 if (!ret)
2244 clean_opal_dev(dev);
2245
2246 return ret;
2247}
2248
2249static int __opal_lock_unlock(struct opal_dev *dev,
2250 struct opal_lock_unlock *lk_unlk)
2251{
2252 const struct opal_step unlock_steps[] = {
2253 { start_auth_opal_session, &lk_unlk->session },
2254 { lock_unlock_locking_range, lk_unlk },
2255 { end_opal_session, }
2256 };
2257 const struct opal_step unlock_sum_steps[] = {
2258 { start_auth_opal_session, &lk_unlk->session },
2259 { lock_unlock_locking_range_sum, lk_unlk },
2260 { end_opal_session, }
2261 };
2262
2263 if (lk_unlk->session.sum)
2264 return execute_steps(dev, unlock_sum_steps,
2265 ARRAY_SIZE(unlock_sum_steps));
2266 else
2267 return execute_steps(dev, unlock_steps,
2268 ARRAY_SIZE(unlock_steps));
2269}
2270
2271static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2272{
2273 u8 mbr_done_tf = OPAL_TRUE;
2274 const struct opal_step mbrdone_step[] = {
2275 { start_admin1LSP_opal_session, key },
2276 { set_mbr_done, &mbr_done_tf },
2277 { end_opal_session, }
2278 };
2279
2280 return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step));
2281}
2282
2283static int opal_lock_unlock(struct opal_dev *dev,
2284 struct opal_lock_unlock *lk_unlk)
2285{
2286 int ret;
2287
2288 if (lk_unlk->session.who > OPAL_USER9)
2289 return -EINVAL;
2290
2291 mutex_lock(&dev->dev_lock);
2292 ret = __opal_lock_unlock(dev, lk_unlk);
2293 mutex_unlock(&dev->dev_lock);
2294
2295 return ret;
2296}
2297
2298static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2299{
2300 const struct opal_step owner_steps[] = {
2301 { start_anybodyASP_opal_session, },
2302 { get_msid_cpin_pin, },
2303 { end_opal_session, },
2304 { start_SIDASP_opal_session, opal },
2305 { set_sid_cpin_pin, opal },
2306 { end_opal_session, }
2307 };
2308 int ret;
2309
2310 if (!dev)
2311 return -ENODEV;
2312
2313 mutex_lock(&dev->dev_lock);
2314 setup_opal_dev(dev);
2315 ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
2316 mutex_unlock(&dev->dev_lock);
2317
2318 return ret;
2319}
2320
2321static int opal_activate_lsp(struct opal_dev *dev,
2322 struct opal_lr_act *opal_lr_act)
2323{
2324 const struct opal_step active_steps[] = {
2325 { start_SIDASP_opal_session, &opal_lr_act->key },
2326 { get_lsp_lifecycle, },
2327 { activate_lsp, opal_lr_act },
2328 { end_opal_session, }
2329 };
2330 int ret;
2331
2332 if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2333 return -EINVAL;
2334
2335 mutex_lock(&dev->dev_lock);
2336 setup_opal_dev(dev);
2337 ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
2338 mutex_unlock(&dev->dev_lock);
2339
2340 return ret;
2341}
2342
2343static int opal_setup_locking_range(struct opal_dev *dev,
2344 struct opal_user_lr_setup *opal_lrs)
2345{
2346 const struct opal_step lr_steps[] = {
2347 { start_auth_opal_session, &opal_lrs->session },
2348 { setup_locking_range, opal_lrs },
2349 { end_opal_session, }
2350 };
2351 int ret;
2352
2353 mutex_lock(&dev->dev_lock);
2354 setup_opal_dev(dev);
2355 ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2356 mutex_unlock(&dev->dev_lock);
2357
2358 return ret;
2359}
2360
2361static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
2362{
2363 const struct opal_step pw_steps[] = {
2364 { start_auth_opal_session, &opal_pw->session },
2365 { set_new_pw, &opal_pw->new_user_pw },
2366 { end_opal_session, }
2367 };
2368 int ret;
2369
2370 if (opal_pw->session.who > OPAL_USER9 ||
2371 opal_pw->new_user_pw.who > OPAL_USER9)
2372 return -EINVAL;
2373
2374 mutex_lock(&dev->dev_lock);
2375 setup_opal_dev(dev);
2376 ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
2377 mutex_unlock(&dev->dev_lock);
2378
2379 return ret;
2380}
2381
2382static int opal_activate_user(struct opal_dev *dev,
2383 struct opal_session_info *opal_session)
2384{
2385 const struct opal_step act_steps[] = {
2386 { start_admin1LSP_opal_session, &opal_session->opal_key },
2387 { internal_activate_user, opal_session },
2388 { end_opal_session, }
2389 };
2390 int ret;
2391
2392 /* We can't activate Admin1 it's active as manufactured */
2393 if (opal_session->who < OPAL_USER1 ||
2394 opal_session->who > OPAL_USER9) {
2395 pr_debug("Who was not a valid user: %d\n", opal_session->who);
2396 return -EINVAL;
2397 }
2398
2399 mutex_lock(&dev->dev_lock);
2400 setup_opal_dev(dev);
2401 ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
2402 mutex_unlock(&dev->dev_lock);
2403
2404 return ret;
2405}
2406
2407bool opal_unlock_from_suspend(struct opal_dev *dev)
2408{
2409 struct opal_suspend_data *suspend;
2410 bool was_failure = false;
2411 int ret = 0;
2412
2413 if (!dev)
2414 return false;
2415
2416 if (!dev->supported)
2417 return false;
2418
2419 mutex_lock(&dev->dev_lock);
2420 setup_opal_dev(dev);
2421
2422 list_for_each_entry(suspend, &dev->unlk_lst, node) {
2423 dev->tsn = 0;
2424 dev->hsn = 0;
2425
2426 ret = __opal_lock_unlock(dev, &suspend->unlk);
2427 if (ret) {
2428 pr_debug("Failed to unlock LR %hhu with sum %d\n",
2429 suspend->unlk.session.opal_key.lr,
2430 suspend->unlk.session.sum);
2431 was_failure = true;
2432 }
2433
2434 if (dev->mbr_enabled) {
2435 ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
2436 if (ret)
2437 pr_debug("Failed to set MBR Done in S3 resume\n");
2438 }
2439 }
2440 mutex_unlock(&dev->dev_lock);
2441
2442 return was_failure;
2443}
2444EXPORT_SYMBOL(opal_unlock_from_suspend);
2445
2446int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
2447{
2448 void *p;
2449 int ret = -ENOTTY;
2450
2451 if (!capable(CAP_SYS_ADMIN))
2452 return -EACCES;
2453 if (!dev)
2454 return -ENOTSUPP;
2455 if (!dev->supported)
2456 return -ENOTSUPP;
2457
2458 p = memdup_user(arg, _IOC_SIZE(cmd));
2459 if (IS_ERR(p))
2460 return PTR_ERR(p);
2461
2462 switch (cmd) {
2463 case IOC_OPAL_SAVE:
2464 ret = opal_save(dev, p);
2465 break;
2466 case IOC_OPAL_LOCK_UNLOCK:
2467 ret = opal_lock_unlock(dev, p);
2468 break;
2469 case IOC_OPAL_TAKE_OWNERSHIP:
2470 ret = opal_take_ownership(dev, p);
2471 break;
2472 case IOC_OPAL_ACTIVATE_LSP:
2473 ret = opal_activate_lsp(dev, p);
2474 break;
2475 case IOC_OPAL_SET_PW:
2476 ret = opal_set_new_pw(dev, p);
2477 break;
2478 case IOC_OPAL_ACTIVATE_USR:
2479 ret = opal_activate_user(dev, p);
2480 break;
2481 case IOC_OPAL_REVERT_TPR:
2482 ret = opal_reverttper(dev, p, false);
2483 break;
2484 case IOC_OPAL_LR_SETUP:
2485 ret = opal_setup_locking_range(dev, p);
2486 break;
2487 case IOC_OPAL_ADD_USR_TO_LR:
2488 ret = opal_add_user_to_lr(dev, p);
2489 break;
2490 case IOC_OPAL_ENABLE_DISABLE_MBR:
2491 ret = opal_enable_disable_shadow_mbr(dev, p);
2492 break;
2493 case IOC_OPAL_MBR_DONE:
2494 ret = opal_set_mbr_done(dev, p);
2495 break;
2496 case IOC_OPAL_WRITE_SHADOW_MBR:
2497 ret = opal_write_shadow_mbr(dev, p);
2498 break;
2499 case IOC_OPAL_ERASE_LR:
2500 ret = opal_erase_locking_range(dev, p);
2501 break;
2502 case IOC_OPAL_SECURE_ERASE_LR:
2503 ret = opal_secure_erase_locking_range(dev, p);
2504 break;
2505 case IOC_OPAL_PSID_REVERT_TPR:
2506 ret = opal_reverttper(dev, p, true);
2507 break;
2508 default:
2509 break;
2510 }
2511
2512 kfree(p);
2513 return ret;
2514}
2515EXPORT_SYMBOL_GPL(sed_ioctl);