1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * Copyright © 2016 Intel Corporation
   4 *
   5 * Authors:
   6 *    Scott  Bauer      <scott.bauer@intel.com>
   7 *    Rafael Antognolli <rafael.antognolli@intel.com>
   8 */
   9
  10#define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
  11
  12#include <linux/delay.h>
  13#include <linux/device.h>
  14#include <linux/kernel.h>
  15#include <linux/list.h>
  16#include <linux/blkdev.h>
  17#include <linux/slab.h>
  18#include <linux/uaccess.h>
  19#include <uapi/linux/sed-opal.h>
  20#include <linux/sed-opal.h>
  21#include <linux/string.h>
  22#include <linux/kdev_t.h>
  23
  24#include "opal_proto.h"
  25
  26#define IO_BUFFER_LENGTH 2048
  27#define MAX_TOKS 64
  28
  29/* Number of bytes needed by cmd_finalize. */
  30#define CMD_FINALIZE_BYTES_NEEDED 7
  31
  32struct opal_step {
  33	int (*fn)(struct opal_dev *dev, void *data);
  34	void *data;
  35};
  36typedef int (cont_fn)(struct opal_dev *dev);
  37
  38enum opal_atom_width {
  39	OPAL_WIDTH_TINY,
  40	OPAL_WIDTH_SHORT,
  41	OPAL_WIDTH_MEDIUM,
  42	OPAL_WIDTH_LONG,
  43	OPAL_WIDTH_TOKEN
  44};
  45
  46/*
  47 * On the parsed response, we don't store again the toks that are already
  48 * stored in the response buffer. Instead, for each token, we just store a
  49 * pointer to the position in the buffer where the token starts, and the size
  50 * of the token in bytes.
  51 */
  52struct opal_resp_tok {
  53	const u8 *pos;
  54	size_t len;
  55	enum opal_response_token type;
  56	enum opal_atom_width width;
  57	union {
  58		u64 u;
  59		s64 s;
  60	} stored;
  61};
  62
  63/*
  64 * From the response header it's not possible to know how many tokens there are
  65 * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
  66 * if we start dealing with messages that have more than that, we can increase
  67 * this number. This is done to avoid having to make two passes through the
  68 * response, the first one counting how many tokens we have and the second one
  69 * actually storing the positions.
  70 */
  71struct parsed_resp {
  72	int num;
  73	struct opal_resp_tok toks[MAX_TOKS];
  74};
  75
  76struct opal_dev {
  77	u32 flags;
 
  78
  79	void *data;
  80	sec_send_recv *send_recv;
  81
  82	struct mutex dev_lock;
  83	u16 comid;
  84	u32 hsn;
  85	u32 tsn;
  86	u64 align;
  87	u64 lowest_lba;
  88
  89	size_t pos;
  90	u8 *cmd;
  91	u8 *resp;
  92
  93	struct parsed_resp parsed;
  94	size_t prev_d_len;
  95	void *prev_data;
  96
  97	struct list_head unlk_lst;
  98};
  99
 100
 101static const u8 opaluid[][OPAL_UID_LENGTH] = {
 102	/* users */
 103	[OPAL_SMUID_UID] =
 104		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
 105	[OPAL_THISSP_UID] =
 106		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
 107	[OPAL_ADMINSP_UID] =
 108		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
 109	[OPAL_LOCKINGSP_UID] =
 110		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
 111	[OPAL_ENTERPRISE_LOCKINGSP_UID] =
 112		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
 113	[OPAL_ANYBODY_UID] =
 114		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
 115	[OPAL_SID_UID] =
 116		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
 117	[OPAL_ADMIN1_UID] =
 118		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
 119	[OPAL_USER1_UID] =
 120		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
 121	[OPAL_USER2_UID] =
 122		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
 123	[OPAL_PSID_UID] =
 124		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
 125	[OPAL_ENTERPRISE_BANDMASTER0_UID] =
 126		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
 127	[OPAL_ENTERPRISE_ERASEMASTER_UID] =
 128		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
 129
 130	/* tables */
 131	[OPAL_TABLE_TABLE] =
 132		{ 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01 },
 133	[OPAL_LOCKINGRANGE_GLOBAL] =
 134		{ 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
 135	[OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
 136		{ 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
 137	[OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
 138		{ 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
 139	[OPAL_MBRCONTROL] =
 140		{ 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
 141	[OPAL_MBR] =
 142		{ 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
 143	[OPAL_AUTHORITY_TABLE] =
 144		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
 145	[OPAL_C_PIN_TABLE] =
 146		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
 147	[OPAL_LOCKING_INFO_TABLE] =
 148		{ 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
 149	[OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
 150		{ 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
 151	[OPAL_DATASTORE] =
 152		{ 0x00, 0x00, 0x10, 0x01, 0x00, 0x00, 0x00, 0x00 },
 153
 154	/* C_PIN_TABLE object ID's */
 155	[OPAL_C_PIN_MSID] =
 156		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
 157	[OPAL_C_PIN_SID] =
 158		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
 159	[OPAL_C_PIN_ADMIN1] =
 160		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
 161
 162	/* half UID's (only first 4 bytes used) */
 163	[OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
 164		{ 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
 165	[OPAL_HALF_UID_BOOLEAN_ACE] =
 166		{ 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
 167
 168	/* special value for omitted optional parameter */
 169	[OPAL_UID_HEXFF] =
 170		{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
 171};
 172
 173/*
 174 * TCG Storage SSC Methods.
 175 * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
 176 * Section: 6.3 Assigned UIDs
 177 */
 178static const u8 opalmethod[][OPAL_METHOD_LENGTH] = {
 179	[OPAL_PROPERTIES] =
 180		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
 181	[OPAL_STARTSESSION] =
 182		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
 183	[OPAL_REVERT] =
 184		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
 185	[OPAL_ACTIVATE] =
 186		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
 187	[OPAL_EGET] =
 188		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
 189	[OPAL_ESET] =
 190		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
 191	[OPAL_NEXT] =
 192		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
 193	[OPAL_EAUTHENTICATE] =
 194		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
 195	[OPAL_GETACL] =
 196		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
 197	[OPAL_GENKEY] =
 198		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
 199	[OPAL_REVERTSP] =
 200		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
 201	[OPAL_GET] =
 202		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
 203	[OPAL_SET] =
 204		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
 205	[OPAL_AUTHENTICATE] =
 206		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
 207	[OPAL_RANDOM] =
 208		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
 209	[OPAL_ERASE] =
 210		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
 211};
 212
 213static int end_opal_session_error(struct opal_dev *dev);
 214static int opal_discovery0_step(struct opal_dev *dev);
 215
 216struct opal_suspend_data {
 217	struct opal_lock_unlock unlk;
 218	u8 lr;
 219	struct list_head node;
 220};
 221
 222/*
 223 * Derived from:
 224 * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
 225 * Section: 5.1.5 Method Status Codes
 226 */
 227static const char * const opal_errors[] = {
 228	"Success",
 229	"Not Authorized",
 230	"Unknown Error",
 231	"SP Busy",
 232	"SP Failed",
 233	"SP Disabled",
 234	"SP Frozen",
 235	"No Sessions Available",
 236	"Uniqueness Conflict",
 237	"Insufficient Space",
 238	"Insufficient Rows",
 239	"Invalid Function",
 240	"Invalid Parameter",
 241	"Invalid Reference",
 242	"Unknown Error",
 243	"TPER Malfunction",
 244	"Transaction Failure",
 245	"Response Overflow",
 246	"Authority Locked Out",
 247};
 248
 249static const char *opal_error_to_human(int error)
 250{
 251	if (error == 0x3f)
 252		return "Failed";
 253
 254	if (error >= ARRAY_SIZE(opal_errors) || error < 0)
 255		return "Unknown Error";
 256
 257	return opal_errors[error];
 258}
 259
 260static void print_buffer(const u8 *ptr, u32 length)
 261{
 262#ifdef DEBUG
 263	print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
 264	pr_debug("\n");
 265#endif
 266}
 267
 268static bool check_tper(const void *data)
 269{
 270	const struct d0_tper_features *tper = data;
 271	u8 flags = tper->supported_features;
 272
 273	if (!(flags & TPER_SYNC_SUPPORTED)) {
 274		pr_debug("TPer sync not supported. flags = %d\n",
 275			 tper->supported_features);
 276		return false;
 277	}
 278
 279	return true;
 280}
 281
 282static bool check_lcksuppt(const void *data)
 283{
 284	const struct d0_locking_features *lfeat = data;
 285	u8 sup_feat = lfeat->supported_features;
 286
 287	return !!(sup_feat & LOCKING_SUPPORTED_MASK);
 288}
 289
 290static bool check_lckenabled(const void *data)
 291{
 292	const struct d0_locking_features *lfeat = data;
 293	u8 sup_feat = lfeat->supported_features;
 294
 295	return !!(sup_feat & LOCKING_ENABLED_MASK);
 296}
 297
 298static bool check_locked(const void *data)
 299{
 300	const struct d0_locking_features *lfeat = data;
 301	u8 sup_feat = lfeat->supported_features;
 302
 303	return !!(sup_feat & LOCKED_MASK);
 304}
 305
 306static bool check_mbrenabled(const void *data)
 307{
 308	const struct d0_locking_features *lfeat = data;
 309	u8 sup_feat = lfeat->supported_features;
 310
 311	return !!(sup_feat & MBR_ENABLED_MASK);
 312}
 313
 314static bool check_mbrdone(const void *data)
 315{
 316	const struct d0_locking_features *lfeat = data;
 317	u8 sup_feat = lfeat->supported_features;
 318
 319	return !!(sup_feat & MBR_DONE_MASK);
 320}
 321
 322static bool check_sum(const void *data)
 323{
 324	const struct d0_single_user_mode *sum = data;
 325	u32 nlo = be32_to_cpu(sum->num_locking_objects);
 326
 327	if (nlo == 0) {
 328		pr_debug("Need at least one locking object.\n");
 329		return false;
 330	}
 331
 332	pr_debug("Number of locking objects: %d\n", nlo);
 333
 334	return true;
 335}
 336
 337static u16 get_comid_v100(const void *data)
 338{
 339	const struct d0_opal_v100 *v100 = data;
 340
 341	return be16_to_cpu(v100->baseComID);
 342}
 343
 344static u16 get_comid_v200(const void *data)
 345{
 346	const struct d0_opal_v200 *v200 = data;
 347
 348	return be16_to_cpu(v200->baseComID);
 349}
 350
 351static int opal_send_cmd(struct opal_dev *dev)
 352{
 353	return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
 354			      dev->cmd, IO_BUFFER_LENGTH,
 355			      true);
 356}
 357
 358static int opal_recv_cmd(struct opal_dev *dev)
 359{
 360	return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
 361			      dev->resp, IO_BUFFER_LENGTH,
 362			      false);
 363}
 364
 365static int opal_recv_check(struct opal_dev *dev)
 366{
 367	size_t buflen = IO_BUFFER_LENGTH;
 368	void *buffer = dev->resp;
 369	struct opal_header *hdr = buffer;
 370	int ret;
 371
 372	do {
 373		pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
 374			 hdr->cp.outstandingData,
 375			 hdr->cp.minTransfer);
 376
 377		if (hdr->cp.outstandingData == 0 ||
 378		    hdr->cp.minTransfer != 0)
 379			return 0;
 380
 381		memset(buffer, 0, buflen);
 382		ret = opal_recv_cmd(dev);
 383	} while (!ret);
 384
 385	return ret;
 386}
 387
 388static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
 389{
 390	int ret;
 391
 392	ret = opal_send_cmd(dev);
 393	if (ret)
 394		return ret;
 395	ret = opal_recv_cmd(dev);
 396	if (ret)
 397		return ret;
 398	ret = opal_recv_check(dev);
 399	if (ret)
 400		return ret;
 401	return cont(dev);
 402}
 403
 404static void check_geometry(struct opal_dev *dev, const void *data)
 405{
 406	const struct d0_geometry_features *geo = data;
 407
 408	dev->align = be64_to_cpu(geo->alignment_granularity);
 409	dev->lowest_lba = be64_to_cpu(geo->lowest_aligned_lba);
 410}
 411
 412static int execute_step(struct opal_dev *dev,
 413			const struct opal_step *step, size_t stepIndex)
 414{
 415	int error = step->fn(dev, step->data);
 416
 417	if (error) {
 418		pr_debug("Step %zu (%pS) failed with error %d: %s\n",
 419			 stepIndex, step->fn, error,
 420			 opal_error_to_human(error));
 421	}
 422
 423	return error;
 424}
 425
 426static int execute_steps(struct opal_dev *dev,
 427			 const struct opal_step *steps, size_t n_steps)
 428{
 429	size_t state = 0;
 430	int error;
 431
 432	/* first do a discovery0 */
 433	error = opal_discovery0_step(dev);
 434	if (error)
 435		return error;
 436
 437	for (state = 0; state < n_steps; state++) {
 438		error = execute_step(dev, &steps[state], state);
 439		if (error)
 440			goto out_error;
 441	}
 442
 443	return 0;
 444
 445out_error:
 446	/*
 447	 * For each OPAL command the first step in steps starts some sort of
 448	 * session. If an error occurred in the initial discovery0 or if an
 449	 * error occurred in the first step (and thus stopping the loop with
 450	 * state == 0) then there was an error before or during the attempt to
 451	 * start a session. Therefore we shouldn't attempt to terminate a
 452	 * session, as one has not yet been created.
 453	 */
 454	if (state > 0)
 455		end_opal_session_error(dev);
 456
 457	return error;
 458}
 459
 460static int opal_discovery0_end(struct opal_dev *dev)
 461{
 462	bool found_com_id = false, supported = true, single_user = false;
 463	const struct d0_header *hdr = (struct d0_header *)dev->resp;
 464	const u8 *epos = dev->resp, *cpos = dev->resp;
 465	u16 comid = 0;
 466	u32 hlen = be32_to_cpu(hdr->length);
 467
 468	print_buffer(dev->resp, hlen);
 469	dev->flags &= OPAL_FL_SUPPORTED;
 470
 471	if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
 472		pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
 473			 sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
 474		return -EFAULT;
 475	}
 476
 477	epos += hlen; /* end of buffer */
 478	cpos += sizeof(*hdr); /* current position on buffer */
 479
 480	while (cpos < epos && supported) {
 481		const struct d0_features *body =
 482			(const struct d0_features *)cpos;
 483
 484		switch (be16_to_cpu(body->code)) {
 485		case FC_TPER:
 486			supported = check_tper(body->features);
 487			break;
 488		case FC_SINGLEUSER:
 489			single_user = check_sum(body->features);
 490			break;
 491		case FC_GEOMETRY:
 492			check_geometry(dev, body);
 493			break;
 494		case FC_LOCKING:
 495			if (check_lcksuppt(body->features))
 496				dev->flags |= OPAL_FL_LOCKING_SUPPORTED;
 497			if (check_lckenabled(body->features))
 498				dev->flags |= OPAL_FL_LOCKING_ENABLED;
 499			if (check_locked(body->features))
 500				dev->flags |= OPAL_FL_LOCKED;
 501			if (check_mbrenabled(body->features))
 502				dev->flags |= OPAL_FL_MBR_ENABLED;
 503			if (check_mbrdone(body->features))
 504				dev->flags |= OPAL_FL_MBR_DONE;
 505			break;
 506		case FC_ENTERPRISE:
 507		case FC_DATASTORE:
 508			/* some ignored properties */
 509			pr_debug("Found OPAL feature description: %d\n",
 510				 be16_to_cpu(body->code));
 511			break;
 512		case FC_OPALV100:
 513			comid = get_comid_v100(body->features);
 514			found_com_id = true;
 515			break;
 516		case FC_OPALV200:
 517			comid = get_comid_v200(body->features);
 518			found_com_id = true;
 519			break;
 520		case 0xbfff ... 0xffff:
 521			/* vendor specific, just ignore */
 522			break;
 523		default:
 524			pr_debug("OPAL Unknown feature: %d\n",
 525				 be16_to_cpu(body->code));
 526
 527		}
 528		cpos += body->length + 4;
 529	}
 530
 531	if (!supported) {
 532		pr_debug("This device is not Opal enabled. Not Supported!\n");
 533		return -EOPNOTSUPP;
 534	}
 535
 536	if (!single_user)
 537		pr_debug("Device doesn't support single user mode\n");
 538
 539
 540	if (!found_com_id) {
 541		pr_debug("Could not find OPAL comid for device. Returning early\n");
 542		return -EOPNOTSUPP;
 543	}
 544
 545	dev->comid = comid;
 546
 547	return 0;
 548}
 549
 550static int opal_discovery0(struct opal_dev *dev, void *data)
 551{
 552	int ret;
 553
 554	memset(dev->resp, 0, IO_BUFFER_LENGTH);
 555	dev->comid = OPAL_DISCOVERY_COMID;
 556	ret = opal_recv_cmd(dev);
 557	if (ret)
 558		return ret;
 559
 560	return opal_discovery0_end(dev);
 561}
 562
 563static int opal_discovery0_step(struct opal_dev *dev)
 564{
 565	const struct opal_step discovery0_step = {
 566		opal_discovery0,
 567	};
 568
 569	return execute_step(dev, &discovery0_step, 0);
 570}
 571
 572static size_t remaining_size(struct opal_dev *cmd)
 573{
 574	return IO_BUFFER_LENGTH - cmd->pos;
 575}
 576
 577static bool can_add(int *err, struct opal_dev *cmd, size_t len)
 578{
 579	if (*err)
 580		return false;
 581
 582	if (remaining_size(cmd) < len) {
 583		pr_debug("Error adding %zu bytes: end of buffer.\n", len);
 584		*err = -ERANGE;
 585		return false;
 586	}
 587
 588	return true;
 589}
 590
 591static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
 592{
 593	if (!can_add(err, cmd, 1))
 594		return;
 595
 596	cmd->cmd[cmd->pos++] = tok;
 597}
 598
 599static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
 600				  bool has_sign, int len)
 601{
 602	u8 atom;
 603	int err = 0;
 604
 605	atom = SHORT_ATOM_ID;
 606	atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
 607	atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
 608	atom |= len & SHORT_ATOM_LEN_MASK;
 609
 610	add_token_u8(&err, cmd, atom);
 611}
 612
 613static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
 614				   bool has_sign, int len)
 615{
 616	u8 header0;
 617
 618	header0 = MEDIUM_ATOM_ID;
 619	header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
 620	header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
 621	header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
 622
 623	cmd->cmd[cmd->pos++] = header0;
 624	cmd->cmd[cmd->pos++] = len;
 625}
 626
 627static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
 628{
 629	size_t len;
 630	int msb;
 631
 632	if (!(number & ~TINY_ATOM_DATA_MASK)) {
 633		add_token_u8(err, cmd, number);
 634		return;
 635	}
 636
 637	msb = fls64(number);
 638	len = DIV_ROUND_UP(msb, 8);
 639
 640	if (!can_add(err, cmd, len + 1)) {
 641		pr_debug("Error adding u64: end of buffer.\n");
 642		return;
 643	}
 644	add_short_atom_header(cmd, false, false, len);
 645	while (len--)
 646		add_token_u8(err, cmd, number >> (len * 8));
 647}
 648
 649static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len)
 650{
 651	size_t header_len = 1;
 652	bool is_short_atom = true;
 653
 654	if (len & ~SHORT_ATOM_LEN_MASK) {
 655		header_len = 2;
 656		is_short_atom = false;
 657	}
 658
 659	if (!can_add(err, cmd, header_len + len)) {
 660		pr_debug("Error adding bytestring: end of buffer.\n");
 661		return NULL;
 662	}
 663
 664	if (is_short_atom)
 665		add_short_atom_header(cmd, true, false, len);
 666	else
 667		add_medium_atom_header(cmd, true, false, len);
 668
 669	return &cmd->cmd[cmd->pos];
 670}
 671
 672static void add_token_bytestring(int *err, struct opal_dev *cmd,
 673				 const u8 *bytestring, size_t len)
 674{
 675	u8 *start;
 676
 677	start = add_bytestring_header(err, cmd, len);
 678	if (!start)
 679		return;
 680	memcpy(start, bytestring, len);
 681	cmd->pos += len;
 682}
 683
 684static int build_locking_range(u8 *buffer, size_t length, u8 lr)
 685{
 686	if (length > OPAL_UID_LENGTH) {
 687		pr_debug("Can't build locking range. Length OOB\n");
 688		return -ERANGE;
 689	}
 690
 691	memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
 692
 693	if (lr == 0)
 694		return 0;
 695
 696	buffer[5] = LOCKING_RANGE_NON_GLOBAL;
 697	buffer[7] = lr;
 698
 699	return 0;
 700}
 701
 702static int build_locking_user(u8 *buffer, size_t length, u8 lr)
 703{
 704	if (length > OPAL_UID_LENGTH) {
 705		pr_debug("Can't build locking range user. Length OOB\n");
 706		return -ERANGE;
 707	}
 708
 709	memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
 710
 711	buffer[7] = lr + 1;
 712
 713	return 0;
 714}
 715
 716static void set_comid(struct opal_dev *cmd, u16 comid)
 717{
 718	struct opal_header *hdr = (struct opal_header *)cmd->cmd;
 719
 720	hdr->cp.extendedComID[0] = comid >> 8;
 721	hdr->cp.extendedComID[1] = comid;
 722	hdr->cp.extendedComID[2] = 0;
 723	hdr->cp.extendedComID[3] = 0;
 724}
 725
 726static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
 727{
 728	struct opal_header *hdr;
 729	int err = 0;
 730
 731	/*
 732	 * Close the parameter list opened from cmd_start.
 733	 * The number of bytes added must be equal to
 734	 * CMD_FINALIZE_BYTES_NEEDED.
 735	 */
 736	add_token_u8(&err, cmd, OPAL_ENDLIST);
 737
 738	add_token_u8(&err, cmd, OPAL_ENDOFDATA);
 739	add_token_u8(&err, cmd, OPAL_STARTLIST);
 740	add_token_u8(&err, cmd, 0);
 741	add_token_u8(&err, cmd, 0);
 742	add_token_u8(&err, cmd, 0);
 743	add_token_u8(&err, cmd, OPAL_ENDLIST);
 744
 745	if (err) {
 746		pr_debug("Error finalizing command.\n");
 747		return -EFAULT;
 748	}
 749
 750	hdr = (struct opal_header *) cmd->cmd;
 751
 752	hdr->pkt.tsn = cpu_to_be32(tsn);
 753	hdr->pkt.hsn = cpu_to_be32(hsn);
 754
 755	hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
 756	while (cmd->pos % 4) {
 757		if (cmd->pos >= IO_BUFFER_LENGTH) {
 758			pr_debug("Error: Buffer overrun\n");
 759			return -ERANGE;
 760		}
 761		cmd->cmd[cmd->pos++] = 0;
 762	}
 763	hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
 764				      sizeof(hdr->pkt));
 765	hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
 766
 767	return 0;
 768}
 769
 770static const struct opal_resp_tok *response_get_token(
 771				const struct parsed_resp *resp,
 772				int n)
 773{
 774	const struct opal_resp_tok *tok;
 775
 776	if (!resp) {
 777		pr_debug("Response is NULL\n");
 778		return ERR_PTR(-EINVAL);
 779	}
 780
 781	if (n >= resp->num) {
 782		pr_debug("Token number doesn't exist: %d, resp: %d\n",
 783			 n, resp->num);
 784		return ERR_PTR(-EINVAL);
 785	}
 786
 787	tok = &resp->toks[n];
 788	if (tok->len == 0) {
 789		pr_debug("Token length must be non-zero\n");
 790		return ERR_PTR(-EINVAL);
 791	}
 792
 793	return tok;
 794}
 795
 796static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
 797				   const u8 *pos)
 798{
 799	tok->pos = pos;
 800	tok->len = 1;
 801	tok->width = OPAL_WIDTH_TINY;
 802
 803	if (pos[0] & TINY_ATOM_SIGNED) {
 804		tok->type = OPAL_DTA_TOKENID_SINT;
 805	} else {
 806		tok->type = OPAL_DTA_TOKENID_UINT;
 807		tok->stored.u = pos[0] & 0x3f;
 808	}
 809
 810	return tok->len;
 811}
 812
 813static ssize_t response_parse_short(struct opal_resp_tok *tok,
 814				    const u8 *pos)
 815{
 816	tok->pos = pos;
 817	tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
 818	tok->width = OPAL_WIDTH_SHORT;
 819
 820	if (pos[0] & SHORT_ATOM_BYTESTRING) {
 821		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
 822	} else if (pos[0] & SHORT_ATOM_SIGNED) {
 823		tok->type = OPAL_DTA_TOKENID_SINT;
 824	} else {
 825		u64 u_integer = 0;
 826		ssize_t i, b = 0;
 827
 828		tok->type = OPAL_DTA_TOKENID_UINT;
 829		if (tok->len > 9) {
 830			pr_debug("uint64 with more than 8 bytes\n");
 831			return -EINVAL;
 832		}
 833		for (i = tok->len - 1; i > 0; i--) {
 834			u_integer |= ((u64)pos[i] << (8 * b));
 835			b++;
 836		}
 837		tok->stored.u = u_integer;
 838	}
 839
 840	return tok->len;
 841}
 842
 843static ssize_t response_parse_medium(struct opal_resp_tok *tok,
 844				     const u8 *pos)
 845{
 846	tok->pos = pos;
 847	tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
 848	tok->width = OPAL_WIDTH_MEDIUM;
 849
 850	if (pos[0] & MEDIUM_ATOM_BYTESTRING)
 851		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
 852	else if (pos[0] & MEDIUM_ATOM_SIGNED)
 853		tok->type = OPAL_DTA_TOKENID_SINT;
 854	else
 855		tok->type = OPAL_DTA_TOKENID_UINT;
 856
 857	return tok->len;
 858}
 859
 860static ssize_t response_parse_long(struct opal_resp_tok *tok,
 861				   const u8 *pos)
 862{
 863	tok->pos = pos;
 864	tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
 865	tok->width = OPAL_WIDTH_LONG;
 866
 867	if (pos[0] & LONG_ATOM_BYTESTRING)
 868		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
 869	else if (pos[0] & LONG_ATOM_SIGNED)
 870		tok->type = OPAL_DTA_TOKENID_SINT;
 871	else
 872		tok->type = OPAL_DTA_TOKENID_UINT;
 873
 874	return tok->len;
 875}
 876
 877static ssize_t response_parse_token(struct opal_resp_tok *tok,
 878				    const u8 *pos)
 879{
 880	tok->pos = pos;
 881	tok->len = 1;
 882	tok->type = OPAL_DTA_TOKENID_TOKEN;
 883	tok->width = OPAL_WIDTH_TOKEN;
 884
 885	return tok->len;
 886}
 887
 888static int response_parse(const u8 *buf, size_t length,
 889			  struct parsed_resp *resp)
 890{
 891	const struct opal_header *hdr;
 892	struct opal_resp_tok *iter;
 893	int num_entries = 0;
 894	int total;
 895	ssize_t token_length;
 896	const u8 *pos;
 897	u32 clen, plen, slen;
 898
 899	if (!buf)
 900		return -EFAULT;
 901
 902	if (!resp)
 903		return -EFAULT;
 904
 905	hdr = (struct opal_header *)buf;
 906	pos = buf;
 907	pos += sizeof(*hdr);
 908
 909	clen = be32_to_cpu(hdr->cp.length);
 910	plen = be32_to_cpu(hdr->pkt.length);
 911	slen = be32_to_cpu(hdr->subpkt.length);
 912	pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
 913		 clen, plen, slen);
 914
 915	if (clen == 0 || plen == 0 || slen == 0 ||
 916	    slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
 917		pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
 918			 clen, plen, slen);
 919		print_buffer(pos, sizeof(*hdr));
 920		return -EINVAL;
 921	}
 922
 923	if (pos > buf + length)
 924		return -EFAULT;
 925
 926	iter = resp->toks;
 927	total = slen;
 928	print_buffer(pos, total);
 929	while (total > 0) {
 930		if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
 931			token_length = response_parse_tiny(iter, pos);
 932		else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
 933			token_length = response_parse_short(iter, pos);
 934		else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
 935			token_length = response_parse_medium(iter, pos);
 936		else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
 937			token_length = response_parse_long(iter, pos);
 938		else /* TOKEN */
 939			token_length = response_parse_token(iter, pos);
 940
 941		if (token_length < 0)
 942			return token_length;
 943
 944		pos += token_length;
 945		total -= token_length;
 946		iter++;
 947		num_entries++;
 948	}
 949
 950	resp->num = num_entries;
 951
 952	return 0;
 953}
 954
 955static size_t response_get_string(const struct parsed_resp *resp, int n,
 956				  const char **store)
 957{
 958	u8 skip;
 959	const struct opal_resp_tok *tok;
 960
 961	*store = NULL;
 962	tok = response_get_token(resp, n);
 963	if (IS_ERR(tok))
 964		return 0;
 965
 966	if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) {
 967		pr_debug("Token is not a byte string!\n");
 968		return 0;
 969	}
 970
 971	switch (tok->width) {
 972	case OPAL_WIDTH_TINY:
 973	case OPAL_WIDTH_SHORT:
 974		skip = 1;
 975		break;
 976	case OPAL_WIDTH_MEDIUM:
 977		skip = 2;
 978		break;
 979	case OPAL_WIDTH_LONG:
 980		skip = 4;
 981		break;
 982	default:
 983		pr_debug("Token has invalid width!\n");
 984		return 0;
 985	}
 986
 987	*store = tok->pos + skip;
 988
 989	return tok->len - skip;
 990}
 991
 992static u64 response_get_u64(const struct parsed_resp *resp, int n)
 993{
 994	const struct opal_resp_tok *tok;
 995
 996	tok = response_get_token(resp, n);
 997	if (IS_ERR(tok))
 998		return 0;
 999
1000	if (tok->type != OPAL_DTA_TOKENID_UINT) {
1001		pr_debug("Token is not unsigned int: %d\n", tok->type);
1002		return 0;
1003	}
1004
1005	if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) {
1006		pr_debug("Atom is not short or tiny: %d\n", tok->width);
1007		return 0;
1008	}
1009
1010	return tok->stored.u;
1011}
1012
1013static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
1014{
1015	if (IS_ERR(token) ||
1016	    token->type != OPAL_DTA_TOKENID_TOKEN ||
1017	    token->pos[0] != match)
1018		return false;
1019	return true;
1020}
1021
1022static u8 response_status(const struct parsed_resp *resp)
1023{
1024	const struct opal_resp_tok *tok;
1025
1026	tok = response_get_token(resp, 0);
1027	if (response_token_matches(tok, OPAL_ENDOFSESSION))
1028		return 0;
1029
1030	if (resp->num < 5)
1031		return DTAERROR_NO_METHOD_STATUS;
1032
1033	tok = response_get_token(resp, resp->num - 5);
1034	if (!response_token_matches(tok, OPAL_STARTLIST))
1035		return DTAERROR_NO_METHOD_STATUS;
1036
1037	tok = response_get_token(resp, resp->num - 1);
1038	if (!response_token_matches(tok, OPAL_ENDLIST))
1039		return DTAERROR_NO_METHOD_STATUS;
1040
1041	return response_get_u64(resp, resp->num - 4);
1042}
1043
1044/* Parses and checks for errors */
1045static int parse_and_check_status(struct opal_dev *dev)
1046{
1047	int error;
1048
1049	print_buffer(dev->cmd, dev->pos);
1050
1051	error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
1052	if (error) {
1053		pr_debug("Couldn't parse response.\n");
1054		return error;
1055	}
1056
1057	return response_status(&dev->parsed);
1058}
1059
1060static void clear_opal_cmd(struct opal_dev *dev)
1061{
1062	dev->pos = sizeof(struct opal_header);
1063	memset(dev->cmd, 0, IO_BUFFER_LENGTH);
1064}
1065
1066static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method)
1067{
1068	int err = 0;
1069
1070	clear_opal_cmd(dev);
1071	set_comid(dev, dev->comid);
1072
1073	add_token_u8(&err, dev, OPAL_CALL);
1074	add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1075	add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH);
1076
1077	/*
1078	 * Every method call is followed by its parameters enclosed within
1079	 * OPAL_STARTLIST and OPAL_ENDLIST tokens. We automatically open the
1080	 * parameter list here and close it later in cmd_finalize.
1081	 */
1082	add_token_u8(&err, dev, OPAL_STARTLIST);
1083
1084	return err;
1085}
1086
1087static int start_opal_session_cont(struct opal_dev *dev)
1088{
1089	u32 hsn, tsn;
1090	int error = 0;
1091
1092	error = parse_and_check_status(dev);
1093	if (error)
1094		return error;
1095
1096	hsn = response_get_u64(&dev->parsed, 4);
1097	tsn = response_get_u64(&dev->parsed, 5);
1098
1099	if (hsn != GENERIC_HOST_SESSION_NUM || tsn < FIRST_TPER_SESSION_NUM) {
1100		pr_debug("Couldn't authenticate session\n");
1101		return -EPERM;
1102	}
1103
1104	dev->hsn = hsn;
1105	dev->tsn = tsn;
1106
1107	return 0;
1108}
1109
1110static void add_suspend_info(struct opal_dev *dev,
1111			     struct opal_suspend_data *sus)
1112{
1113	struct opal_suspend_data *iter;
1114
1115	list_for_each_entry(iter, &dev->unlk_lst, node) {
1116		if (iter->lr == sus->lr) {
1117			list_del(&iter->node);
1118			kfree(iter);
1119			break;
1120		}
1121	}
1122	list_add_tail(&sus->node, &dev->unlk_lst);
1123}
1124
1125static int end_session_cont(struct opal_dev *dev)
1126{
1127	dev->hsn = 0;
1128	dev->tsn = 0;
1129
1130	return parse_and_check_status(dev);
1131}
1132
1133static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1134{
1135	int ret;
1136
1137	ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1138	if (ret) {
1139		pr_debug("Error finalizing command buffer: %d\n", ret);
1140		return ret;
1141	}
1142
1143	print_buffer(dev->cmd, dev->pos);
1144
1145	return opal_send_recv(dev, cont);
1146}
1147
1148/*
1149 * request @column from table @table on device @dev. On success, the column
1150 * data will be available in dev->resp->tok[4]
1151 */
1152static int generic_get_column(struct opal_dev *dev, const u8 *table,
1153			      u64 column)
1154{
1155	int err;
1156
1157	err = cmd_start(dev, table, opalmethod[OPAL_GET]);
1158
1159	add_token_u8(&err, dev, OPAL_STARTLIST);
1160
1161	add_token_u8(&err, dev, OPAL_STARTNAME);
1162	add_token_u8(&err, dev, OPAL_STARTCOLUMN);
1163	add_token_u64(&err, dev, column);
1164	add_token_u8(&err, dev, OPAL_ENDNAME);
1165
1166	add_token_u8(&err, dev, OPAL_STARTNAME);
1167	add_token_u8(&err, dev, OPAL_ENDCOLUMN);
1168	add_token_u64(&err, dev, column);
1169	add_token_u8(&err, dev, OPAL_ENDNAME);
1170
1171	add_token_u8(&err, dev, OPAL_ENDLIST);
1172
1173	if (err)
1174		return err;
1175
1176	return finalize_and_send(dev, parse_and_check_status);
1177}
1178
1179/*
1180 * see TCG SAS 5.3.2.3 for a description of the available columns
1181 *
1182 * the result is provided in dev->resp->tok[4]
1183 */
1184static int generic_get_table_info(struct opal_dev *dev, const u8 *table_uid,
1185				  u64 column)
1186{
1187	u8 uid[OPAL_UID_LENGTH];
1188	const unsigned int half = OPAL_UID_LENGTH_HALF;
1189
1190	/* sed-opal UIDs can be split in two halves:
1191	 *  first:  actual table index
1192	 *  second: relative index in the table
1193	 * so we have to get the first half of the OPAL_TABLE_TABLE and use the
1194	 * first part of the target table as relative index into that table
1195	 */
1196	memcpy(uid, opaluid[OPAL_TABLE_TABLE], half);
1197	memcpy(uid + half, table_uid, half);
1198
1199	return generic_get_column(dev, uid, column);
1200}
1201
1202static int gen_key(struct opal_dev *dev, void *data)
1203{
1204	u8 uid[OPAL_UID_LENGTH];
1205	int err;
1206
1207	memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1208	kfree(dev->prev_data);
1209	dev->prev_data = NULL;
1210
1211	err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]);
1212
1213	if (err) {
1214		pr_debug("Error building gen key command\n");
1215		return err;
1216
1217	}
1218
1219	return finalize_and_send(dev, parse_and_check_status);
1220}
1221
1222static int get_active_key_cont(struct opal_dev *dev)
1223{
1224	const char *activekey;
1225	size_t keylen;
1226	int error = 0;
1227
1228	error = parse_and_check_status(dev);
1229	if (error)
1230		return error;
1231
1232	keylen = response_get_string(&dev->parsed, 4, &activekey);
1233	if (!activekey) {
1234		pr_debug("%s: Couldn't extract the Activekey from the response\n",
1235			 __func__);
1236		return OPAL_INVAL_PARAM;
1237	}
1238
1239	dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1240
1241	if (!dev->prev_data)
1242		return -ENOMEM;
1243
1244	dev->prev_d_len = keylen;
1245
1246	return 0;
1247}
1248
1249static int get_active_key(struct opal_dev *dev, void *data)
1250{
1251	u8 uid[OPAL_UID_LENGTH];
1252	int err;
1253	u8 *lr = data;
1254
1255	err = build_locking_range(uid, sizeof(uid), *lr);
1256	if (err)
1257		return err;
1258
1259	err = generic_get_column(dev, uid, OPAL_ACTIVEKEY);
1260	if (err)
1261		return err;
1262
1263	return get_active_key_cont(dev);
1264}
1265
1266static int generic_table_write_data(struct opal_dev *dev, const u64 data,
1267				    u64 offset, u64 size, const u8 *uid)
1268{
1269	const u8 __user *src = (u8 __user *)(uintptr_t)data;
1270	u8 *dst;
1271	u64 len;
1272	size_t off = 0;
1273	int err;
1274
1275	/* do we fit in the available space? */
1276	err = generic_get_table_info(dev, uid, OPAL_TABLE_ROWS);
1277	if (err) {
1278		pr_debug("Couldn't get the table size\n");
1279		return err;
1280	}
1281
1282	len = response_get_u64(&dev->parsed, 4);
1283	if (size > len || offset > len - size) {
1284		pr_debug("Does not fit in the table (%llu vs. %llu)\n",
1285			  offset + size, len);
1286		return -ENOSPC;
1287	}
1288
1289	/* do the actual transmission(s) */
1290	while (off < size) {
1291		err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1292		add_token_u8(&err, dev, OPAL_STARTNAME);
1293		add_token_u8(&err, dev, OPAL_WHERE);
1294		add_token_u64(&err, dev, offset + off);
1295		add_token_u8(&err, dev, OPAL_ENDNAME);
1296
1297		add_token_u8(&err, dev, OPAL_STARTNAME);
1298		add_token_u8(&err, dev, OPAL_VALUES);
1299
1300		/*
1301		 * The bytestring header is either 1 or 2 bytes, so assume 2.
1302		 * There also needs to be enough space to accommodate the
1303		 * trailing OPAL_ENDNAME (1 byte) and tokens added by
1304		 * cmd_finalize.
1305		 */
1306		len = min(remaining_size(dev) - (2+1+CMD_FINALIZE_BYTES_NEEDED),
1307			  (size_t)(size - off));
1308		pr_debug("Write bytes %zu+%llu/%llu\n", off, len, size);
1309
1310		dst = add_bytestring_header(&err, dev, len);
1311		if (!dst)
1312			break;
1313
1314		if (copy_from_user(dst, src + off, len)) {
1315			err = -EFAULT;
1316			break;
1317		}
1318
1319		dev->pos += len;
1320
1321		add_token_u8(&err, dev, OPAL_ENDNAME);
1322		if (err)
1323			break;
1324
1325		err = finalize_and_send(dev, parse_and_check_status);
1326		if (err)
1327			break;
1328
1329		off += len;
1330	}
1331
1332	return err;
1333}
1334
1335static int generic_lr_enable_disable(struct opal_dev *dev,
1336				     u8 *uid, bool rle, bool wle,
1337				     bool rl, bool wl)
1338{
1339	int err;
1340
1341	err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1342
1343	add_token_u8(&err, dev, OPAL_STARTNAME);
1344	add_token_u8(&err, dev, OPAL_VALUES);
1345	add_token_u8(&err, dev, OPAL_STARTLIST);
1346
1347	add_token_u8(&err, dev, OPAL_STARTNAME);
1348	add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1349	add_token_u8(&err, dev, rle);
1350	add_token_u8(&err, dev, OPAL_ENDNAME);
1351
1352	add_token_u8(&err, dev, OPAL_STARTNAME);
1353	add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1354	add_token_u8(&err, dev, wle);
1355	add_token_u8(&err, dev, OPAL_ENDNAME);
1356
1357	add_token_u8(&err, dev, OPAL_STARTNAME);
1358	add_token_u8(&err, dev, OPAL_READLOCKED);
1359	add_token_u8(&err, dev, rl);
1360	add_token_u8(&err, dev, OPAL_ENDNAME);
1361
1362	add_token_u8(&err, dev, OPAL_STARTNAME);
1363	add_token_u8(&err, dev, OPAL_WRITELOCKED);
1364	add_token_u8(&err, dev, wl);
1365	add_token_u8(&err, dev, OPAL_ENDNAME);
1366
1367	add_token_u8(&err, dev, OPAL_ENDLIST);
1368	add_token_u8(&err, dev, OPAL_ENDNAME);
1369
1370	return err;
1371}
1372
1373static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1374				   struct opal_user_lr_setup *setup)
1375{
1376	int err;
1377
1378	err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1379					0, 0);
1380	if (err)
1381		pr_debug("Failed to create enable global lr command\n");
1382
1383	return err;
1384}
1385
1386static int setup_locking_range(struct opal_dev *dev, void *data)
1387{
1388	u8 uid[OPAL_UID_LENGTH];
1389	struct opal_user_lr_setup *setup = data;
1390	u8 lr;
1391	int err;
1392
1393	lr = setup->session.opal_key.lr;
1394	err = build_locking_range(uid, sizeof(uid), lr);
1395	if (err)
1396		return err;
1397
1398	if (lr == 0)
1399		err = enable_global_lr(dev, uid, setup);
1400	else {
1401		err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1402
1403		add_token_u8(&err, dev, OPAL_STARTNAME);
1404		add_token_u8(&err, dev, OPAL_VALUES);
1405		add_token_u8(&err, dev, OPAL_STARTLIST);
1406
1407		add_token_u8(&err, dev, OPAL_STARTNAME);
1408		add_token_u8(&err, dev, OPAL_RANGESTART);
1409		add_token_u64(&err, dev, setup->range_start);
1410		add_token_u8(&err, dev, OPAL_ENDNAME);
1411
1412		add_token_u8(&err, dev, OPAL_STARTNAME);
1413		add_token_u8(&err, dev, OPAL_RANGELENGTH);
1414		add_token_u64(&err, dev, setup->range_length);
1415		add_token_u8(&err, dev, OPAL_ENDNAME);
1416
1417		add_token_u8(&err, dev, OPAL_STARTNAME);
1418		add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1419		add_token_u64(&err, dev, !!setup->RLE);
1420		add_token_u8(&err, dev, OPAL_ENDNAME);
1421
1422		add_token_u8(&err, dev, OPAL_STARTNAME);
1423		add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1424		add_token_u64(&err, dev, !!setup->WLE);
1425		add_token_u8(&err, dev, OPAL_ENDNAME);
1426
1427		add_token_u8(&err, dev, OPAL_ENDLIST);
1428		add_token_u8(&err, dev, OPAL_ENDNAME);
1429	}
1430	if (err) {
1431		pr_debug("Error building Setup Locking range command.\n");
1432		return err;
1433	}
1434
1435	return finalize_and_send(dev, parse_and_check_status);
1436}
1437
1438static int start_generic_opal_session(struct opal_dev *dev,
1439				      enum opal_uid auth,
1440				      enum opal_uid sp_type,
1441				      const char *key,
1442				      u8 key_len)
1443{
1444	u32 hsn;
1445	int err;
1446
1447	if (key == NULL && auth != OPAL_ANYBODY_UID)
1448		return OPAL_INVAL_PARAM;
1449
1450	hsn = GENERIC_HOST_SESSION_NUM;
1451	err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1452			opalmethod[OPAL_STARTSESSION]);
1453
1454	add_token_u64(&err, dev, hsn);
1455	add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1456	add_token_u8(&err, dev, 1);
1457
1458	switch (auth) {
1459	case OPAL_ANYBODY_UID:
1460		break;
1461	case OPAL_ADMIN1_UID:
1462	case OPAL_SID_UID:
1463	case OPAL_PSID_UID:
1464		add_token_u8(&err, dev, OPAL_STARTNAME);
1465		add_token_u8(&err, dev, 0); /* HostChallenge */
1466		add_token_bytestring(&err, dev, key, key_len);
1467		add_token_u8(&err, dev, OPAL_ENDNAME);
1468		add_token_u8(&err, dev, OPAL_STARTNAME);
1469		add_token_u8(&err, dev, 3); /* HostSignAuth */
1470		add_token_bytestring(&err, dev, opaluid[auth],
1471				     OPAL_UID_LENGTH);
1472		add_token_u8(&err, dev, OPAL_ENDNAME);
1473		break;
1474	default:
1475		pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1476		return OPAL_INVAL_PARAM;
1477	}
1478
1479	if (err) {
1480		pr_debug("Error building start adminsp session command.\n");
1481		return err;
1482	}
1483
1484	return finalize_and_send(dev, start_opal_session_cont);
1485}
1486
1487static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1488{
1489	return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1490					  OPAL_ADMINSP_UID, NULL, 0);
1491}
1492
1493static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1494{
1495	int ret;
1496	const u8 *key = dev->prev_data;
1497
1498	if (!key) {
1499		const struct opal_key *okey = data;
1500
1501		ret = start_generic_opal_session(dev, OPAL_SID_UID,
1502						 OPAL_ADMINSP_UID,
1503						 okey->key,
1504						 okey->key_len);
1505	} else {
1506		ret = start_generic_opal_session(dev, OPAL_SID_UID,
1507						 OPAL_ADMINSP_UID,
1508						 key, dev->prev_d_len);
1509		kfree(key);
1510		dev->prev_data = NULL;
1511	}
1512
1513	return ret;
1514}
1515
1516static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1517{
1518	struct opal_key *key = data;
1519
1520	return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1521					  OPAL_LOCKINGSP_UID,
1522					  key->key, key->key_len);
1523}
1524
1525static int start_PSID_opal_session(struct opal_dev *dev, void *data)
1526{
1527	const struct opal_key *okey = data;
1528
1529	return start_generic_opal_session(dev, OPAL_PSID_UID,
1530					  OPAL_ADMINSP_UID,
1531					  okey->key,
1532					  okey->key_len);
1533}
1534
1535static int start_auth_opal_session(struct opal_dev *dev, void *data)
1536{
1537	struct opal_session_info *session = data;
1538	u8 lk_ul_user[OPAL_UID_LENGTH];
1539	size_t keylen = session->opal_key.key_len;
1540	int err = 0;
1541
1542	u8 *key = session->opal_key.key;
1543	u32 hsn = GENERIC_HOST_SESSION_NUM;
1544
1545	if (session->sum)
1546		err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1547					 session->opal_key.lr);
1548	else if (session->who != OPAL_ADMIN1 && !session->sum)
1549		err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1550					 session->who - 1);
1551	else
1552		memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1553
1554	if (err)
1555		return err;
1556
1557	err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1558			opalmethod[OPAL_STARTSESSION]);
1559
1560	add_token_u64(&err, dev, hsn);
1561	add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1562			     OPAL_UID_LENGTH);
1563	add_token_u8(&err, dev, 1);
1564	add_token_u8(&err, dev, OPAL_STARTNAME);
1565	add_token_u8(&err, dev, 0);
1566	add_token_bytestring(&err, dev, key, keylen);
1567	add_token_u8(&err, dev, OPAL_ENDNAME);
1568	add_token_u8(&err, dev, OPAL_STARTNAME);
1569	add_token_u8(&err, dev, 3);
1570	add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1571	add_token_u8(&err, dev, OPAL_ENDNAME);
1572
1573	if (err) {
1574		pr_debug("Error building STARTSESSION command.\n");
1575		return err;
1576	}
1577
1578	return finalize_and_send(dev, start_opal_session_cont);
1579}
1580
1581static int revert_tper(struct opal_dev *dev, void *data)
1582{
1583	int err;
1584
1585	err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID],
1586			opalmethod[OPAL_REVERT]);
1587	if (err) {
1588		pr_debug("Error building REVERT TPER command.\n");
1589		return err;
1590	}
1591
1592	return finalize_and_send(dev, parse_and_check_status);
1593}
1594
1595static int internal_activate_user(struct opal_dev *dev, void *data)
1596{
1597	struct opal_session_info *session = data;
1598	u8 uid[OPAL_UID_LENGTH];
1599	int err;
1600
1601	memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1602	uid[7] = session->who;
1603
1604	err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1605	add_token_u8(&err, dev, OPAL_STARTNAME);
1606	add_token_u8(&err, dev, OPAL_VALUES);
1607	add_token_u8(&err, dev, OPAL_STARTLIST);
1608	add_token_u8(&err, dev, OPAL_STARTNAME);
1609	add_token_u8(&err, dev, 5); /* Enabled */
1610	add_token_u8(&err, dev, OPAL_TRUE);
1611	add_token_u8(&err, dev, OPAL_ENDNAME);
1612	add_token_u8(&err, dev, OPAL_ENDLIST);
1613	add_token_u8(&err, dev, OPAL_ENDNAME);
1614
1615	if (err) {
1616		pr_debug("Error building Activate UserN command.\n");
1617		return err;
1618	}
1619
1620	return finalize_and_send(dev, parse_and_check_status);
1621}
1622
1623static int erase_locking_range(struct opal_dev *dev, void *data)
1624{
1625	struct opal_session_info *session = data;
1626	u8 uid[OPAL_UID_LENGTH];
1627	int err;
1628
1629	if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1630		return -ERANGE;
1631
1632	err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]);
1633
1634	if (err) {
1635		pr_debug("Error building Erase Locking Range Command.\n");
1636		return err;
1637	}
1638
1639	return finalize_and_send(dev, parse_and_check_status);
1640}
1641
1642static int set_mbr_done(struct opal_dev *dev, void *data)
1643{
1644	u8 *mbr_done_tf = data;
1645	int err;
1646
1647	err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1648			opalmethod[OPAL_SET]);
1649
1650	add_token_u8(&err, dev, OPAL_STARTNAME);
1651	add_token_u8(&err, dev, OPAL_VALUES);
1652	add_token_u8(&err, dev, OPAL_STARTLIST);
1653	add_token_u8(&err, dev, OPAL_STARTNAME);
1654	add_token_u8(&err, dev, OPAL_MBRDONE);
1655	add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */
1656	add_token_u8(&err, dev, OPAL_ENDNAME);
1657	add_token_u8(&err, dev, OPAL_ENDLIST);
1658	add_token_u8(&err, dev, OPAL_ENDNAME);
1659
1660	if (err) {
1661		pr_debug("Error Building set MBR Done command\n");
1662		return err;
1663	}
1664
1665	return finalize_and_send(dev, parse_and_check_status);
1666}
1667
1668static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1669{
1670	u8 *mbr_en_dis = data;
1671	int err;
1672
1673	err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1674			opalmethod[OPAL_SET]);
1675
1676	add_token_u8(&err, dev, OPAL_STARTNAME);
1677	add_token_u8(&err, dev, OPAL_VALUES);
1678	add_token_u8(&err, dev, OPAL_STARTLIST);
1679	add_token_u8(&err, dev, OPAL_STARTNAME);
1680	add_token_u8(&err, dev, OPAL_MBRENABLE);
1681	add_token_u8(&err, dev, *mbr_en_dis);
1682	add_token_u8(&err, dev, OPAL_ENDNAME);
1683	add_token_u8(&err, dev, OPAL_ENDLIST);
1684	add_token_u8(&err, dev, OPAL_ENDNAME);
1685
1686	if (err) {
1687		pr_debug("Error Building set MBR done command\n");
1688		return err;
1689	}
1690
1691	return finalize_and_send(dev, parse_and_check_status);
1692}
1693
1694static int write_shadow_mbr(struct opal_dev *dev, void *data)
1695{
1696	struct opal_shadow_mbr *shadow = data;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1697
1698	return generic_table_write_data(dev, shadow->data, shadow->offset,
1699					shadow->size, opaluid[OPAL_MBR]);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1700}
1701
1702static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1703			  struct opal_dev *dev)
1704{
1705	int err;
1706
1707	err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]);
1708
1709	add_token_u8(&err, dev, OPAL_STARTNAME);
1710	add_token_u8(&err, dev, OPAL_VALUES);
1711	add_token_u8(&err, dev, OPAL_STARTLIST);
1712	add_token_u8(&err, dev, OPAL_STARTNAME);
1713	add_token_u8(&err, dev, OPAL_PIN);
1714	add_token_bytestring(&err, dev, key, key_len);
1715	add_token_u8(&err, dev, OPAL_ENDNAME);
1716	add_token_u8(&err, dev, OPAL_ENDLIST);
1717	add_token_u8(&err, dev, OPAL_ENDNAME);
1718
1719	return err;
1720}
1721
1722static int set_new_pw(struct opal_dev *dev, void *data)
1723{
1724	u8 cpin_uid[OPAL_UID_LENGTH];
1725	struct opal_session_info *usr = data;
1726
1727	memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1728
1729	if (usr->who != OPAL_ADMIN1) {
1730		cpin_uid[5] = 0x03;
1731		if (usr->sum)
1732			cpin_uid[7] = usr->opal_key.lr + 1;
1733		else
1734			cpin_uid[7] = usr->who;
1735	}
1736
1737	if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
1738			   cpin_uid, dev)) {
1739		pr_debug("Error building set password command.\n");
1740		return -ERANGE;
1741	}
1742
1743	return finalize_and_send(dev, parse_and_check_status);
1744}
1745
1746static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
1747{
1748	u8 cpin_uid[OPAL_UID_LENGTH];
1749	struct opal_key *key = data;
1750
1751	memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
1752
1753	if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
1754		pr_debug("Error building Set SID cpin\n");
1755		return -ERANGE;
1756	}
1757	return finalize_and_send(dev, parse_and_check_status);
1758}
1759
1760static int add_user_to_lr(struct opal_dev *dev, void *data)
1761{
1762	u8 lr_buffer[OPAL_UID_LENGTH];
1763	u8 user_uid[OPAL_UID_LENGTH];
1764	struct opal_lock_unlock *lkul = data;
1765	int err;
1766
1767	memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_RDLOCKED],
1768	       OPAL_UID_LENGTH);
1769
1770	if (lkul->l_state == OPAL_RW)
1771		memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_WRLOCKED],
1772		       OPAL_UID_LENGTH);
1773
1774	lr_buffer[7] = lkul->session.opal_key.lr;
1775
1776	memcpy(user_uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1777
1778	user_uid[7] = lkul->session.who;
1779
1780	err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1781
1782	add_token_u8(&err, dev, OPAL_STARTNAME);
1783	add_token_u8(&err, dev, OPAL_VALUES);
1784
1785	add_token_u8(&err, dev, OPAL_STARTLIST);
1786	add_token_u8(&err, dev, OPAL_STARTNAME);
1787	add_token_u8(&err, dev, 3);
1788
1789	add_token_u8(&err, dev, OPAL_STARTLIST);
1790
1791
1792	add_token_u8(&err, dev, OPAL_STARTNAME);
1793	add_token_bytestring(&err, dev,
1794			     opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1795			     OPAL_UID_LENGTH/2);
1796	add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1797	add_token_u8(&err, dev, OPAL_ENDNAME);
1798
1799
1800	add_token_u8(&err, dev, OPAL_STARTNAME);
1801	add_token_bytestring(&err, dev,
1802			     opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1803			     OPAL_UID_LENGTH/2);
1804	add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1805	add_token_u8(&err, dev, OPAL_ENDNAME);
1806
1807
1808	add_token_u8(&err, dev, OPAL_STARTNAME);
1809	add_token_bytestring(&err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
1810			     OPAL_UID_LENGTH/2);
1811	add_token_u8(&err, dev, 1);
1812	add_token_u8(&err, dev, OPAL_ENDNAME);
1813
1814
1815	add_token_u8(&err, dev, OPAL_ENDLIST);
1816	add_token_u8(&err, dev, OPAL_ENDNAME);
1817	add_token_u8(&err, dev, OPAL_ENDLIST);
1818	add_token_u8(&err, dev, OPAL_ENDNAME);
1819
1820	if (err) {
1821		pr_debug("Error building add user to locking range command.\n");
1822		return err;
1823	}
1824
1825	return finalize_and_send(dev, parse_and_check_status);
1826}
1827
1828static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
1829{
1830	u8 lr_buffer[OPAL_UID_LENGTH];
1831	struct opal_lock_unlock *lkul = data;
1832	u8 read_locked = 1, write_locked = 1;
1833	int err = 0;
1834
1835	if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1836				lkul->session.opal_key.lr) < 0)
1837		return -ERANGE;
1838
1839	switch (lkul->l_state) {
1840	case OPAL_RO:
1841		read_locked = 0;
1842		write_locked = 1;
1843		break;
1844	case OPAL_RW:
1845		read_locked = 0;
1846		write_locked = 0;
1847		break;
1848	case OPAL_LK:
1849		/* vars are initialized to locked */
1850		break;
1851	default:
1852		pr_debug("Tried to set an invalid locking state... returning to uland\n");
1853		return OPAL_INVAL_PARAM;
1854	}
1855
1856	err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1857
1858	add_token_u8(&err, dev, OPAL_STARTNAME);
1859	add_token_u8(&err, dev, OPAL_VALUES);
1860	add_token_u8(&err, dev, OPAL_STARTLIST);
1861
1862	add_token_u8(&err, dev, OPAL_STARTNAME);
1863	add_token_u8(&err, dev, OPAL_READLOCKED);
1864	add_token_u8(&err, dev, read_locked);
1865	add_token_u8(&err, dev, OPAL_ENDNAME);
1866
1867	add_token_u8(&err, dev, OPAL_STARTNAME);
1868	add_token_u8(&err, dev, OPAL_WRITELOCKED);
1869	add_token_u8(&err, dev, write_locked);
1870	add_token_u8(&err, dev, OPAL_ENDNAME);
1871
1872	add_token_u8(&err, dev, OPAL_ENDLIST);
1873	add_token_u8(&err, dev, OPAL_ENDNAME);
1874
1875	if (err) {
1876		pr_debug("Error building SET command.\n");
1877		return err;
1878	}
1879
1880	return finalize_and_send(dev, parse_and_check_status);
1881}
1882
1883
1884static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
1885{
1886	u8 lr_buffer[OPAL_UID_LENGTH];
1887	u8 read_locked = 1, write_locked = 1;
1888	struct opal_lock_unlock *lkul = data;
1889	int ret;
1890
1891	clear_opal_cmd(dev);
1892	set_comid(dev, dev->comid);
1893
1894	if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1895				lkul->session.opal_key.lr) < 0)
1896		return -ERANGE;
1897
1898	switch (lkul->l_state) {
1899	case OPAL_RO:
1900		read_locked = 0;
1901		write_locked = 1;
1902		break;
1903	case OPAL_RW:
1904		read_locked = 0;
1905		write_locked = 0;
1906		break;
1907	case OPAL_LK:
1908		/* vars are initialized to locked */
1909		break;
1910	default:
1911		pr_debug("Tried to set an invalid locking state.\n");
1912		return OPAL_INVAL_PARAM;
1913	}
1914	ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
1915					read_locked, write_locked);
1916
1917	if (ret < 0) {
1918		pr_debug("Error building SET command.\n");
1919		return ret;
1920	}
1921
1922	return finalize_and_send(dev, parse_and_check_status);
1923}
1924
1925static int activate_lsp(struct opal_dev *dev, void *data)
1926{
1927	struct opal_lr_act *opal_act = data;
1928	u8 user_lr[OPAL_UID_LENGTH];
 
1929	int err, i;
1930
1931	err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID],
1932			opalmethod[OPAL_ACTIVATE]);
1933
1934	if (opal_act->sum) {
1935		err = build_locking_range(user_lr, sizeof(user_lr),
1936					  opal_act->lr[0]);
1937		if (err)
1938			return err;
1939
1940		add_token_u8(&err, dev, OPAL_STARTNAME);
1941		add_token_u64(&err, dev, OPAL_SUM_SET_LIST);
 
 
 
1942
1943		add_token_u8(&err, dev, OPAL_STARTLIST);
1944		add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1945		for (i = 1; i < opal_act->num_lrs; i++) {
1946			user_lr[7] = opal_act->lr[i];
1947			add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1948		}
1949		add_token_u8(&err, dev, OPAL_ENDLIST);
1950		add_token_u8(&err, dev, OPAL_ENDNAME);
1951	}
1952
1953	if (err) {
1954		pr_debug("Error building Activate LockingSP command.\n");
1955		return err;
1956	}
1957
1958	return finalize_and_send(dev, parse_and_check_status);
1959}
1960
1961/* Determine if we're in the Manufactured Inactive or Active state */
1962static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
1963{
1964	u8 lc_status;
1965	int err;
1966
1967	err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID],
1968				 OPAL_LIFECYCLE);
1969	if (err)
1970		return err;
1971
1972	lc_status = response_get_u64(&dev->parsed, 4);
1973	/* 0x08 is Manufactured Inactive */
1974	/* 0x09 is Manufactured */
1975	if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
1976		pr_debug("Couldn't determine the status of the Lifecycle state\n");
1977		return -ENODEV;
1978	}
1979
1980	return 0;
1981}
1982
1983static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
1984{
1985	const char *msid_pin;
1986	size_t strlen;
1987	int err;
1988
1989	err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN);
1990	if (err)
1991		return err;
1992
1993	strlen = response_get_string(&dev->parsed, 4, &msid_pin);
1994	if (!msid_pin) {
1995		pr_debug("Couldn't extract MSID_CPIN from response\n");
1996		return OPAL_INVAL_PARAM;
1997	}
1998
1999	dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
2000	if (!dev->prev_data)
2001		return -ENOMEM;
2002
2003	dev->prev_d_len = strlen;
2004
2005	return 0;
2006}
2007
2008static int write_table_data(struct opal_dev *dev, void *data)
2009{
2010	struct opal_read_write_table *write_tbl = data;
2011
2012	return generic_table_write_data(dev, write_tbl->data, write_tbl->offset,
2013					write_tbl->size, write_tbl->table_uid);
2014}
2015
2016static int read_table_data_cont(struct opal_dev *dev)
2017{
2018	int err;
2019	const char *data_read;
2020
2021	err = parse_and_check_status(dev);
2022	if (err)
2023		return err;
2024
2025	dev->prev_d_len = response_get_string(&dev->parsed, 1, &data_read);
2026	dev->prev_data = (void *)data_read;
2027	if (!dev->prev_data) {
2028		pr_debug("%s: Couldn't read data from the table.\n", __func__);
2029		return OPAL_INVAL_PARAM;
2030	}
2031
2032	return 0;
2033}
2034
2035/*
2036 * IO_BUFFER_LENGTH = 2048
2037 * sizeof(header) = 56
2038 * No. of Token Bytes in the Response = 11
2039 * MAX size of data that can be carried in response buffer
2040 * at a time is : 2048 - (56 + 11) = 1981 = 0x7BD.
2041 */
2042#define OPAL_MAX_READ_TABLE (0x7BD)
2043
2044static int read_table_data(struct opal_dev *dev, void *data)
2045{
2046	struct opal_read_write_table *read_tbl = data;
2047	int err;
2048	size_t off = 0, max_read_size = OPAL_MAX_READ_TABLE;
2049	u64 table_len, len;
2050	u64 offset = read_tbl->offset, read_size = read_tbl->size - 1;
2051	u8 __user *dst;
2052
2053	err = generic_get_table_info(dev, read_tbl->table_uid, OPAL_TABLE_ROWS);
2054	if (err) {
2055		pr_debug("Couldn't get the table size\n");
2056		return err;
2057	}
2058
2059	table_len = response_get_u64(&dev->parsed, 4);
2060
2061	/* Check if the user is trying to read from the table limits */
2062	if (read_size > table_len || offset > table_len - read_size) {
2063		pr_debug("Read size exceeds the Table size limits (%llu vs. %llu)\n",
2064			  offset + read_size, table_len);
2065		return -EINVAL;
2066	}
2067
2068	while (off < read_size) {
2069		err = cmd_start(dev, read_tbl->table_uid, opalmethod[OPAL_GET]);
2070
2071		add_token_u8(&err, dev, OPAL_STARTLIST);
2072		add_token_u8(&err, dev, OPAL_STARTNAME);
2073		add_token_u8(&err, dev, OPAL_STARTROW);
2074		add_token_u64(&err, dev, offset + off); /* start row value */
2075		add_token_u8(&err, dev, OPAL_ENDNAME);
2076
2077		add_token_u8(&err, dev, OPAL_STARTNAME);
2078		add_token_u8(&err, dev, OPAL_ENDROW);
2079
2080		len = min(max_read_size, (size_t)(read_size - off));
2081		add_token_u64(&err, dev, offset + off + len); /* end row value
2082							       */
2083		add_token_u8(&err, dev, OPAL_ENDNAME);
2084		add_token_u8(&err, dev, OPAL_ENDLIST);
2085
2086		if (err) {
2087			pr_debug("Error building read table data command.\n");
2088			break;
2089		}
2090
2091		err = finalize_and_send(dev, read_table_data_cont);
2092		if (err)
2093			break;
2094
2095		/* len+1: This includes the NULL terminator at the end*/
2096		if (dev->prev_d_len > len + 1) {
2097			err = -EOVERFLOW;
2098			break;
2099		}
2100
2101		dst = (u8 __user *)(uintptr_t)read_tbl->data;
2102		if (copy_to_user(dst + off, dev->prev_data, dev->prev_d_len)) {
2103			pr_debug("Error copying data to userspace\n");
2104			err = -EFAULT;
2105			break;
2106		}
2107		dev->prev_data = NULL;
2108
2109		off += len;
2110	}
2111
2112	return err;
2113}
2114
2115static int end_opal_session(struct opal_dev *dev, void *data)
2116{
2117	int err = 0;
2118
2119	clear_opal_cmd(dev);
2120	set_comid(dev, dev->comid);
2121	add_token_u8(&err, dev, OPAL_ENDOFSESSION);
2122
2123	if (err < 0)
2124		return err;
2125
2126	return finalize_and_send(dev, end_session_cont);
2127}
2128
2129static int end_opal_session_error(struct opal_dev *dev)
2130{
2131	const struct opal_step error_end_session = {
2132		end_opal_session,
2133	};
2134
2135	return execute_step(dev, &error_end_session, 0);
2136}
2137
2138static inline void setup_opal_dev(struct opal_dev *dev)
2139{
2140	dev->tsn = 0;
2141	dev->hsn = 0;
2142	dev->prev_data = NULL;
2143}
2144
2145static int check_opal_support(struct opal_dev *dev)
2146{
2147	int ret;
2148
2149	mutex_lock(&dev->dev_lock);
2150	setup_opal_dev(dev);
2151	ret = opal_discovery0_step(dev);
2152	if (!ret)
2153		dev->flags |= OPAL_FL_SUPPORTED;
2154	mutex_unlock(&dev->dev_lock);
2155
2156	return ret;
2157}
2158
2159static void clean_opal_dev(struct opal_dev *dev)
2160{
2161
2162	struct opal_suspend_data *suspend, *next;
2163
2164	mutex_lock(&dev->dev_lock);
2165	list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
2166		list_del(&suspend->node);
2167		kfree(suspend);
2168	}
2169	mutex_unlock(&dev->dev_lock);
2170}
2171
2172void free_opal_dev(struct opal_dev *dev)
2173{
2174	if (!dev)
2175		return;
2176
2177	clean_opal_dev(dev);
2178	kfree(dev->resp);
2179	kfree(dev->cmd);
2180	kfree(dev);
2181}
2182EXPORT_SYMBOL(free_opal_dev);
2183
2184struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2185{
2186	struct opal_dev *dev;
2187
2188	dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2189	if (!dev)
2190		return NULL;
2191
2192	/*
2193	 * Presumably DMA-able buffers must be cache-aligned. Kmalloc makes
2194	 * sure the allocated buffer is DMA-safe in that regard.
2195	 */
2196	dev->cmd = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2197	if (!dev->cmd)
2198		goto err_free_dev;
2199
2200	dev->resp = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2201	if (!dev->resp)
2202		goto err_free_cmd;
2203
2204	INIT_LIST_HEAD(&dev->unlk_lst);
2205	mutex_init(&dev->dev_lock);
2206	dev->flags = 0;
2207	dev->data = data;
2208	dev->send_recv = send_recv;
2209	if (check_opal_support(dev) != 0) {
2210		pr_debug("Opal is not supported on this device\n");
2211		goto err_free_resp;
 
2212	}
2213
2214	return dev;
2215
2216err_free_resp:
2217	kfree(dev->resp);
2218
2219err_free_cmd:
2220	kfree(dev->cmd);
2221
2222err_free_dev:
2223	kfree(dev);
2224
2225	return NULL;
2226}
2227EXPORT_SYMBOL(init_opal_dev);
2228
2229static int opal_secure_erase_locking_range(struct opal_dev *dev,
2230					   struct opal_session_info *opal_session)
2231{
2232	const struct opal_step erase_steps[] = {
2233		{ start_auth_opal_session, opal_session },
2234		{ get_active_key, &opal_session->opal_key.lr },
2235		{ gen_key, },
2236		{ end_opal_session, }
2237	};
2238	int ret;
2239
2240	mutex_lock(&dev->dev_lock);
2241	setup_opal_dev(dev);
2242	ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2243	mutex_unlock(&dev->dev_lock);
2244
2245	return ret;
2246}
2247
2248static int opal_erase_locking_range(struct opal_dev *dev,
2249				    struct opal_session_info *opal_session)
2250{
2251	const struct opal_step erase_steps[] = {
2252		{ start_auth_opal_session, opal_session },
2253		{ erase_locking_range, opal_session },
2254		{ end_opal_session, }
2255	};
2256	int ret;
2257
2258	mutex_lock(&dev->dev_lock);
2259	setup_opal_dev(dev);
2260	ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2261	mutex_unlock(&dev->dev_lock);
2262
2263	return ret;
2264}
2265
2266static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2267					  struct opal_mbr_data *opal_mbr)
2268{
2269	u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ?
2270		OPAL_TRUE : OPAL_FALSE;
2271
2272	const struct opal_step mbr_steps[] = {
2273		{ start_admin1LSP_opal_session, &opal_mbr->key },
2274		{ set_mbr_done, &enable_disable },
2275		{ end_opal_session, },
2276		{ start_admin1LSP_opal_session, &opal_mbr->key },
2277		{ set_mbr_enable_disable, &enable_disable },
2278		{ end_opal_session, }
2279	};
2280	int ret;
2281
2282	if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2283	    opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2284		return -EINVAL;
2285
2286	mutex_lock(&dev->dev_lock);
2287	setup_opal_dev(dev);
2288	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2289	mutex_unlock(&dev->dev_lock);
2290
2291	return ret;
2292}
2293
2294static int opal_set_mbr_done(struct opal_dev *dev,
2295			     struct opal_mbr_done *mbr_done)
2296{
2297	u8 mbr_done_tf = mbr_done->done_flag == OPAL_MBR_DONE ?
2298		OPAL_TRUE : OPAL_FALSE;
2299
2300	const struct opal_step mbr_steps[] = {
2301		{ start_admin1LSP_opal_session, &mbr_done->key },
2302		{ set_mbr_done, &mbr_done_tf },
2303		{ end_opal_session, }
2304	};
2305	int ret;
2306
2307	if (mbr_done->done_flag != OPAL_MBR_DONE &&
2308	    mbr_done->done_flag != OPAL_MBR_NOT_DONE)
2309		return -EINVAL;
2310
2311	mutex_lock(&dev->dev_lock);
2312	setup_opal_dev(dev);
2313	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2314	mutex_unlock(&dev->dev_lock);
2315
2316	return ret;
2317}
2318
2319static int opal_write_shadow_mbr(struct opal_dev *dev,
2320				 struct opal_shadow_mbr *info)
2321{
2322	const struct opal_step mbr_steps[] = {
2323		{ start_admin1LSP_opal_session, &info->key },
2324		{ write_shadow_mbr, info },
2325		{ end_opal_session, }
2326	};
2327	int ret;
2328
2329	if (info->size == 0)
2330		return 0;
2331
2332	mutex_lock(&dev->dev_lock);
2333	setup_opal_dev(dev);
2334	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2335	mutex_unlock(&dev->dev_lock);
2336
2337	return ret;
2338}
2339
2340static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2341{
2342	struct opal_suspend_data *suspend;
2343
2344	suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2345	if (!suspend)
2346		return -ENOMEM;
2347
2348	suspend->unlk = *lk_unlk;
2349	suspend->lr = lk_unlk->session.opal_key.lr;
2350
2351	mutex_lock(&dev->dev_lock);
2352	setup_opal_dev(dev);
2353	add_suspend_info(dev, suspend);
2354	mutex_unlock(&dev->dev_lock);
2355
2356	return 0;
2357}
2358
2359static int opal_add_user_to_lr(struct opal_dev *dev,
2360			       struct opal_lock_unlock *lk_unlk)
2361{
2362	const struct opal_step steps[] = {
2363		{ start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2364		{ add_user_to_lr, lk_unlk },
2365		{ end_opal_session, }
2366	};
2367	int ret;
2368
2369	if (lk_unlk->l_state != OPAL_RO &&
2370	    lk_unlk->l_state != OPAL_RW) {
2371		pr_debug("Locking state was not RO or RW\n");
2372		return -EINVAL;
2373	}
2374
2375	if (lk_unlk->session.who < OPAL_USER1 ||
2376	    lk_unlk->session.who > OPAL_USER9) {
2377		pr_debug("Authority was not within the range of users: %d\n",
2378			 lk_unlk->session.who);
2379		return -EINVAL;
2380	}
2381
2382	if (lk_unlk->session.sum) {
2383		pr_debug("%s not supported in sum. Use setup locking range\n",
2384			 __func__);
2385		return -EINVAL;
2386	}
2387
2388	mutex_lock(&dev->dev_lock);
2389	setup_opal_dev(dev);
2390	ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2391	mutex_unlock(&dev->dev_lock);
2392
2393	return ret;
2394}
2395
2396static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psid)
2397{
2398	/* controller will terminate session */
2399	const struct opal_step revert_steps[] = {
2400		{ start_SIDASP_opal_session, opal },
2401		{ revert_tper, }
2402	};
2403	const struct opal_step psid_revert_steps[] = {
2404		{ start_PSID_opal_session, opal },
2405		{ revert_tper, }
2406	};
2407
2408	int ret;
2409
2410	mutex_lock(&dev->dev_lock);
2411	setup_opal_dev(dev);
2412	if (psid)
2413		ret = execute_steps(dev, psid_revert_steps,
2414				    ARRAY_SIZE(psid_revert_steps));
2415	else
2416		ret = execute_steps(dev, revert_steps,
2417				    ARRAY_SIZE(revert_steps));
2418	mutex_unlock(&dev->dev_lock);
2419
2420	/*
2421	 * If we successfully reverted lets clean
2422	 * any saved locking ranges.
2423	 */
2424	if (!ret)
2425		clean_opal_dev(dev);
2426
2427	return ret;
2428}
2429
2430static int __opal_lock_unlock(struct opal_dev *dev,
2431			      struct opal_lock_unlock *lk_unlk)
2432{
2433	const struct opal_step unlock_steps[] = {
2434		{ start_auth_opal_session, &lk_unlk->session },
2435		{ lock_unlock_locking_range, lk_unlk },
2436		{ end_opal_session, }
2437	};
2438	const struct opal_step unlock_sum_steps[] = {
2439		{ start_auth_opal_session, &lk_unlk->session },
2440		{ lock_unlock_locking_range_sum, lk_unlk },
2441		{ end_opal_session, }
2442	};
2443
2444	if (lk_unlk->session.sum)
2445		return execute_steps(dev, unlock_sum_steps,
2446				     ARRAY_SIZE(unlock_sum_steps));
2447	else
2448		return execute_steps(dev, unlock_steps,
2449				     ARRAY_SIZE(unlock_steps));
2450}
2451
2452static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2453{
2454	u8 mbr_done_tf = OPAL_TRUE;
2455	const struct opal_step mbrdone_step[] = {
2456		{ start_admin1LSP_opal_session, key },
2457		{ set_mbr_done, &mbr_done_tf },
2458		{ end_opal_session, }
2459	};
2460
2461	return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step));
2462}
2463
2464static void opal_lock_check_for_saved_key(struct opal_dev *dev,
2465			    struct opal_lock_unlock *lk_unlk)
2466{
2467	struct opal_suspend_data *iter;
2468
2469	if (lk_unlk->l_state != OPAL_LK ||
2470			lk_unlk->session.opal_key.key_len > 0)
2471		return;
2472
2473	/*
2474	 * Usually when closing a crypto device (eg: dm-crypt with LUKS) the
2475	 * volume key is not required, as it requires root privileges anyway,
2476	 * and root can deny access to a disk in many ways regardless.
2477	 * Requiring the volume key to lock the device is a peculiarity of the
2478	 * OPAL specification. Given we might already have saved the key if
2479	 * the user requested it via the 'IOC_OPAL_SAVE' ioctl, we can use
2480	 * that key to lock the device if no key was provided here, the
2481	 * locking range matches and the appropriate flag was passed with
2482	 * 'IOC_OPAL_SAVE'.
2483	 * This allows integrating OPAL with tools and libraries that are used
2484	 * to the common behaviour and do not ask for the volume key when
2485	 * closing a device.
2486	 */
2487	setup_opal_dev(dev);
2488	list_for_each_entry(iter, &dev->unlk_lst, node) {
2489		if ((iter->unlk.flags & OPAL_SAVE_FOR_LOCK) &&
2490				iter->lr == lk_unlk->session.opal_key.lr &&
2491				iter->unlk.session.opal_key.key_len > 0) {
2492			lk_unlk->session.opal_key.key_len =
2493				iter->unlk.session.opal_key.key_len;
2494			memcpy(lk_unlk->session.opal_key.key,
2495				iter->unlk.session.opal_key.key,
2496				iter->unlk.session.opal_key.key_len);
2497			break;
2498		}
2499	}
2500}
2501
2502static int opal_lock_unlock(struct opal_dev *dev,
2503			    struct opal_lock_unlock *lk_unlk)
2504{
2505	int ret;
2506
2507	if (lk_unlk->session.who > OPAL_USER9)
2508		return -EINVAL;
2509
2510	mutex_lock(&dev->dev_lock);
2511	opal_lock_check_for_saved_key(dev, lk_unlk);
2512	ret = __opal_lock_unlock(dev, lk_unlk);
2513	mutex_unlock(&dev->dev_lock);
2514
2515	return ret;
2516}
2517
2518static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2519{
2520	const struct opal_step owner_steps[] = {
2521		{ start_anybodyASP_opal_session, },
2522		{ get_msid_cpin_pin, },
2523		{ end_opal_session, },
2524		{ start_SIDASP_opal_session, opal },
2525		{ set_sid_cpin_pin, opal },
2526		{ end_opal_session, }
2527	};
2528	int ret;
2529
2530	if (!dev)
2531		return -ENODEV;
2532
2533	mutex_lock(&dev->dev_lock);
2534	setup_opal_dev(dev);
2535	ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
2536	mutex_unlock(&dev->dev_lock);
2537
2538	return ret;
2539}
2540
2541static int opal_activate_lsp(struct opal_dev *dev,
2542			     struct opal_lr_act *opal_lr_act)
2543{
2544	const struct opal_step active_steps[] = {
2545		{ start_SIDASP_opal_session, &opal_lr_act->key },
2546		{ get_lsp_lifecycle, },
2547		{ activate_lsp, opal_lr_act },
2548		{ end_opal_session, }
2549	};
2550	int ret;
2551
2552	if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2553		return -EINVAL;
2554
2555	mutex_lock(&dev->dev_lock);
2556	setup_opal_dev(dev);
2557	ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
2558	mutex_unlock(&dev->dev_lock);
2559
2560	return ret;
2561}
2562
2563static int opal_setup_locking_range(struct opal_dev *dev,
2564				    struct opal_user_lr_setup *opal_lrs)
2565{
2566	const struct opal_step lr_steps[] = {
2567		{ start_auth_opal_session, &opal_lrs->session },
2568		{ setup_locking_range, opal_lrs },
2569		{ end_opal_session, }
2570	};
2571	int ret;
2572
2573	mutex_lock(&dev->dev_lock);
2574	setup_opal_dev(dev);
2575	ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2576	mutex_unlock(&dev->dev_lock);
2577
2578	return ret;
2579}
2580
2581static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
2582{
2583	const struct opal_step pw_steps[] = {
2584		{ start_auth_opal_session, &opal_pw->session },
2585		{ set_new_pw, &opal_pw->new_user_pw },
2586		{ end_opal_session, }
2587	};
2588	int ret;
2589
2590	if (opal_pw->session.who > OPAL_USER9  ||
2591	    opal_pw->new_user_pw.who > OPAL_USER9)
2592		return -EINVAL;
2593
2594	mutex_lock(&dev->dev_lock);
2595	setup_opal_dev(dev);
2596	ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
2597	mutex_unlock(&dev->dev_lock);
2598
2599	return ret;
2600}
2601
2602static int opal_activate_user(struct opal_dev *dev,
2603			      struct opal_session_info *opal_session)
2604{
2605	const struct opal_step act_steps[] = {
2606		{ start_admin1LSP_opal_session, &opal_session->opal_key },
2607		{ internal_activate_user, opal_session },
2608		{ end_opal_session, }
2609	};
2610	int ret;
2611
2612	/* We can't activate Admin1 it's active as manufactured */
2613	if (opal_session->who < OPAL_USER1 ||
2614	    opal_session->who > OPAL_USER9) {
2615		pr_debug("Who was not a valid user: %d\n", opal_session->who);
2616		return -EINVAL;
2617	}
2618
2619	mutex_lock(&dev->dev_lock);
2620	setup_opal_dev(dev);
2621	ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
2622	mutex_unlock(&dev->dev_lock);
2623
2624	return ret;
2625}
2626
2627bool opal_unlock_from_suspend(struct opal_dev *dev)
2628{
2629	struct opal_suspend_data *suspend;
2630	bool was_failure = false;
2631	int ret = 0;
2632
2633	if (!dev)
2634		return false;
2635
2636	if (!(dev->flags & OPAL_FL_SUPPORTED))
2637		return false;
2638
2639	mutex_lock(&dev->dev_lock);
2640	setup_opal_dev(dev);
2641
2642	list_for_each_entry(suspend, &dev->unlk_lst, node) {
2643		dev->tsn = 0;
2644		dev->hsn = 0;
2645
2646		ret = __opal_lock_unlock(dev, &suspend->unlk);
2647		if (ret) {
2648			pr_debug("Failed to unlock LR %hhu with sum %d\n",
2649				 suspend->unlk.session.opal_key.lr,
2650				 suspend->unlk.session.sum);
2651			was_failure = true;
2652		}
2653
2654		if (dev->flags & OPAL_FL_MBR_ENABLED) {
2655			ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
2656			if (ret)
2657				pr_debug("Failed to set MBR Done in S3 resume\n");
2658		}
2659	}
2660	mutex_unlock(&dev->dev_lock);
2661
2662	return was_failure;
2663}
2664EXPORT_SYMBOL(opal_unlock_from_suspend);
2665
2666static int opal_read_table(struct opal_dev *dev,
2667			   struct opal_read_write_table *rw_tbl)
2668{
2669	const struct opal_step read_table_steps[] = {
2670		{ start_admin1LSP_opal_session, &rw_tbl->key },
2671		{ read_table_data, rw_tbl },
2672		{ end_opal_session, }
2673	};
2674	int ret = 0;
2675
2676	if (!rw_tbl->size)
2677		return ret;
2678
2679	return execute_steps(dev, read_table_steps,
2680			     ARRAY_SIZE(read_table_steps));
2681}
2682
2683static int opal_write_table(struct opal_dev *dev,
2684			    struct opal_read_write_table *rw_tbl)
2685{
2686	const struct opal_step write_table_steps[] = {
2687		{ start_admin1LSP_opal_session, &rw_tbl->key },
2688		{ write_table_data, rw_tbl },
2689		{ end_opal_session, }
2690	};
2691	int ret = 0;
2692
2693	if (!rw_tbl->size)
2694		return ret;
2695
2696	return execute_steps(dev, write_table_steps,
2697			     ARRAY_SIZE(write_table_steps));
2698}
2699
2700static int opal_generic_read_write_table(struct opal_dev *dev,
2701					 struct opal_read_write_table *rw_tbl)
2702{
2703	int ret, bit_set;
2704
2705	mutex_lock(&dev->dev_lock);
2706	setup_opal_dev(dev);
2707
2708	bit_set = fls64(rw_tbl->flags) - 1;
2709	switch (bit_set) {
2710	case OPAL_READ_TABLE:
2711		ret = opal_read_table(dev, rw_tbl);
2712		break;
2713	case OPAL_WRITE_TABLE:
2714		ret = opal_write_table(dev, rw_tbl);
2715		break;
2716	default:
2717		pr_debug("Invalid bit set in the flag (%016llx).\n",
2718			 rw_tbl->flags);
2719		ret = -EINVAL;
2720		break;
2721	}
2722
2723	mutex_unlock(&dev->dev_lock);
2724
2725	return ret;
2726}
2727
2728static int opal_get_status(struct opal_dev *dev, void __user *data)
2729{
2730	struct opal_status sts = {0};
2731
2732	/*
2733	 * check_opal_support() error is not fatal,
2734	 * !dev->supported is a valid condition
2735	 */
2736	if (!check_opal_support(dev))
2737		sts.flags = dev->flags;
2738	if (copy_to_user(data, &sts, sizeof(sts))) {
2739		pr_debug("Error copying status to userspace\n");
2740		return -EFAULT;
2741	}
2742	return 0;
2743}
2744
2745int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
2746{
2747	void *p;
2748	int ret = -ENOTTY;
2749
2750	if (!capable(CAP_SYS_ADMIN))
2751		return -EACCES;
2752	if (!dev)
2753		return -ENOTSUPP;
2754	if (!(dev->flags & OPAL_FL_SUPPORTED))
2755		return -ENOTSUPP;
2756
2757	if (cmd & IOC_IN) {
2758		p = memdup_user(arg, _IOC_SIZE(cmd));
2759		if (IS_ERR(p))
2760			return PTR_ERR(p);
2761	}
2762
2763	switch (cmd) {
2764	case IOC_OPAL_SAVE:
2765		ret = opal_save(dev, p);
2766		break;
2767	case IOC_OPAL_LOCK_UNLOCK:
2768		ret = opal_lock_unlock(dev, p);
2769		break;
2770	case IOC_OPAL_TAKE_OWNERSHIP:
2771		ret = opal_take_ownership(dev, p);
2772		break;
2773	case IOC_OPAL_ACTIVATE_LSP:
2774		ret = opal_activate_lsp(dev, p);
2775		break;
2776	case IOC_OPAL_SET_PW:
2777		ret = opal_set_new_pw(dev, p);
2778		break;
2779	case IOC_OPAL_ACTIVATE_USR:
2780		ret = opal_activate_user(dev, p);
2781		break;
2782	case IOC_OPAL_REVERT_TPR:
2783		ret = opal_reverttper(dev, p, false);
2784		break;
2785	case IOC_OPAL_LR_SETUP:
2786		ret = opal_setup_locking_range(dev, p);
2787		break;
2788	case IOC_OPAL_ADD_USR_TO_LR:
2789		ret = opal_add_user_to_lr(dev, p);
2790		break;
2791	case IOC_OPAL_ENABLE_DISABLE_MBR:
2792		ret = opal_enable_disable_shadow_mbr(dev, p);
2793		break;
2794	case IOC_OPAL_MBR_DONE:
2795		ret = opal_set_mbr_done(dev, p);
2796		break;
2797	case IOC_OPAL_WRITE_SHADOW_MBR:
2798		ret = opal_write_shadow_mbr(dev, p);
2799		break;
2800	case IOC_OPAL_ERASE_LR:
2801		ret = opal_erase_locking_range(dev, p);
2802		break;
2803	case IOC_OPAL_SECURE_ERASE_LR:
2804		ret = opal_secure_erase_locking_range(dev, p);
2805		break;
2806	case IOC_OPAL_PSID_REVERT_TPR:
2807		ret = opal_reverttper(dev, p, true);
2808		break;
2809	case IOC_OPAL_GENERIC_TABLE_RW:
2810		ret = opal_generic_read_write_table(dev, p);
2811		break;
2812	case IOC_OPAL_GET_STATUS:
2813		ret = opal_get_status(dev, arg);
2814		break;
2815	default:
2816		break;
2817	}
2818
2819	if (cmd & IOC_IN)
2820		kfree(p);
2821	return ret;
2822}
2823EXPORT_SYMBOL_GPL(sed_ioctl);