Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright © 2016 Intel Corporation
4 *
5 * Authors:
6 * Scott Bauer <scott.bauer@intel.com>
7 * Rafael Antognolli <rafael.antognolli@intel.com>
8 */
9
10#define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
11
12#include <linux/delay.h>
13#include <linux/device.h>
14#include <linux/kernel.h>
15#include <linux/list.h>
16#include <linux/blkdev.h>
17#include <linux/slab.h>
18#include <linux/uaccess.h>
19#include <uapi/linux/sed-opal.h>
20#include <linux/sed-opal.h>
21#include <linux/string.h>
22#include <linux/kdev_t.h>
23
24#include "opal_proto.h"
25
26#define IO_BUFFER_LENGTH 2048
27#define MAX_TOKS 64
28
29/* Number of bytes needed by cmd_finalize. */
30#define CMD_FINALIZE_BYTES_NEEDED 7
31
32struct opal_step {
33 int (*fn)(struct opal_dev *dev, void *data);
34 void *data;
35};
36typedef int (cont_fn)(struct opal_dev *dev);
37
38enum opal_atom_width {
39 OPAL_WIDTH_TINY,
40 OPAL_WIDTH_SHORT,
41 OPAL_WIDTH_MEDIUM,
42 OPAL_WIDTH_LONG,
43 OPAL_WIDTH_TOKEN
44};
45
46/*
47 * On the parsed response, we don't store again the toks that are already
48 * stored in the response buffer. Instead, for each token, we just store a
49 * pointer to the position in the buffer where the token starts, and the size
50 * of the token in bytes.
51 */
52struct opal_resp_tok {
53 const u8 *pos;
54 size_t len;
55 enum opal_response_token type;
56 enum opal_atom_width width;
57 union {
58 u64 u;
59 s64 s;
60 } stored;
61};
62
63/*
64 * From the response header it's not possible to know how many tokens there are
65 * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
66 * if we start dealing with messages that have more than that, we can increase
67 * this number. This is done to avoid having to make two passes through the
68 * response, the first one counting how many tokens we have and the second one
69 * actually storing the positions.
70 */
71struct parsed_resp {
72 int num;
73 struct opal_resp_tok toks[MAX_TOKS];
74};
75
76struct opal_dev {
77 u32 flags;
78
79 void *data;
80 sec_send_recv *send_recv;
81
82 struct mutex dev_lock;
83 u16 comid;
84 u32 hsn;
85 u32 tsn;
86 u64 align;
87 u64 lowest_lba;
88
89 size_t pos;
90 u8 *cmd;
91 u8 *resp;
92
93 struct parsed_resp parsed;
94 size_t prev_d_len;
95 void *prev_data;
96
97 struct list_head unlk_lst;
98};
99
100
101static const u8 opaluid[][OPAL_UID_LENGTH] = {
102 /* users */
103 [OPAL_SMUID_UID] =
104 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
105 [OPAL_THISSP_UID] =
106 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
107 [OPAL_ADMINSP_UID] =
108 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
109 [OPAL_LOCKINGSP_UID] =
110 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
111 [OPAL_ENTERPRISE_LOCKINGSP_UID] =
112 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
113 [OPAL_ANYBODY_UID] =
114 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
115 [OPAL_SID_UID] =
116 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
117 [OPAL_ADMIN1_UID] =
118 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
119 [OPAL_USER1_UID] =
120 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
121 [OPAL_USER2_UID] =
122 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
123 [OPAL_PSID_UID] =
124 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
125 [OPAL_ENTERPRISE_BANDMASTER0_UID] =
126 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
127 [OPAL_ENTERPRISE_ERASEMASTER_UID] =
128 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
129
130 /* tables */
131 [OPAL_TABLE_TABLE] =
132 { 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01 },
133 [OPAL_LOCKINGRANGE_GLOBAL] =
134 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
135 [OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
136 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
137 [OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
138 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
139 [OPAL_MBRCONTROL] =
140 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
141 [OPAL_MBR] =
142 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
143 [OPAL_AUTHORITY_TABLE] =
144 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
145 [OPAL_C_PIN_TABLE] =
146 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
147 [OPAL_LOCKING_INFO_TABLE] =
148 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
149 [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
150 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
151 [OPAL_DATASTORE] =
152 { 0x00, 0x00, 0x10, 0x01, 0x00, 0x00, 0x00, 0x00 },
153
154 /* C_PIN_TABLE object ID's */
155 [OPAL_C_PIN_MSID] =
156 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
157 [OPAL_C_PIN_SID] =
158 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
159 [OPAL_C_PIN_ADMIN1] =
160 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
161
162 /* half UID's (only first 4 bytes used) */
163 [OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
164 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
165 [OPAL_HALF_UID_BOOLEAN_ACE] =
166 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
167
168 /* special value for omitted optional parameter */
169 [OPAL_UID_HEXFF] =
170 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
171};
172
173/*
174 * TCG Storage SSC Methods.
175 * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
176 * Section: 6.3 Assigned UIDs
177 */
178static const u8 opalmethod[][OPAL_METHOD_LENGTH] = {
179 [OPAL_PROPERTIES] =
180 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
181 [OPAL_STARTSESSION] =
182 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
183 [OPAL_REVERT] =
184 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
185 [OPAL_ACTIVATE] =
186 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
187 [OPAL_EGET] =
188 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
189 [OPAL_ESET] =
190 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
191 [OPAL_NEXT] =
192 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
193 [OPAL_EAUTHENTICATE] =
194 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
195 [OPAL_GETACL] =
196 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
197 [OPAL_GENKEY] =
198 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
199 [OPAL_REVERTSP] =
200 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
201 [OPAL_GET] =
202 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
203 [OPAL_SET] =
204 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
205 [OPAL_AUTHENTICATE] =
206 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
207 [OPAL_RANDOM] =
208 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
209 [OPAL_ERASE] =
210 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
211};
212
213static int end_opal_session_error(struct opal_dev *dev);
214static int opal_discovery0_step(struct opal_dev *dev);
215
216struct opal_suspend_data {
217 struct opal_lock_unlock unlk;
218 u8 lr;
219 struct list_head node;
220};
221
222/*
223 * Derived from:
224 * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
225 * Section: 5.1.5 Method Status Codes
226 */
227static const char * const opal_errors[] = {
228 "Success",
229 "Not Authorized",
230 "Unknown Error",
231 "SP Busy",
232 "SP Failed",
233 "SP Disabled",
234 "SP Frozen",
235 "No Sessions Available",
236 "Uniqueness Conflict",
237 "Insufficient Space",
238 "Insufficient Rows",
239 "Invalid Function",
240 "Invalid Parameter",
241 "Invalid Reference",
242 "Unknown Error",
243 "TPER Malfunction",
244 "Transaction Failure",
245 "Response Overflow",
246 "Authority Locked Out",
247};
248
249static const char *opal_error_to_human(int error)
250{
251 if (error == 0x3f)
252 return "Failed";
253
254 if (error >= ARRAY_SIZE(opal_errors) || error < 0)
255 return "Unknown Error";
256
257 return opal_errors[error];
258}
259
260static void print_buffer(const u8 *ptr, u32 length)
261{
262#ifdef DEBUG
263 print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
264 pr_debug("\n");
265#endif
266}
267
268static bool check_tper(const void *data)
269{
270 const struct d0_tper_features *tper = data;
271 u8 flags = tper->supported_features;
272
273 if (!(flags & TPER_SYNC_SUPPORTED)) {
274 pr_debug("TPer sync not supported. flags = %d\n",
275 tper->supported_features);
276 return false;
277 }
278
279 return true;
280}
281
282static bool check_lcksuppt(const void *data)
283{
284 const struct d0_locking_features *lfeat = data;
285 u8 sup_feat = lfeat->supported_features;
286
287 return !!(sup_feat & LOCKING_SUPPORTED_MASK);
288}
289
290static bool check_lckenabled(const void *data)
291{
292 const struct d0_locking_features *lfeat = data;
293 u8 sup_feat = lfeat->supported_features;
294
295 return !!(sup_feat & LOCKING_ENABLED_MASK);
296}
297
298static bool check_locked(const void *data)
299{
300 const struct d0_locking_features *lfeat = data;
301 u8 sup_feat = lfeat->supported_features;
302
303 return !!(sup_feat & LOCKED_MASK);
304}
305
306static bool check_mbrenabled(const void *data)
307{
308 const struct d0_locking_features *lfeat = data;
309 u8 sup_feat = lfeat->supported_features;
310
311 return !!(sup_feat & MBR_ENABLED_MASK);
312}
313
314static bool check_mbrdone(const void *data)
315{
316 const struct d0_locking_features *lfeat = data;
317 u8 sup_feat = lfeat->supported_features;
318
319 return !!(sup_feat & MBR_DONE_MASK);
320}
321
322static bool check_sum(const void *data)
323{
324 const struct d0_single_user_mode *sum = data;
325 u32 nlo = be32_to_cpu(sum->num_locking_objects);
326
327 if (nlo == 0) {
328 pr_debug("Need at least one locking object.\n");
329 return false;
330 }
331
332 pr_debug("Number of locking objects: %d\n", nlo);
333
334 return true;
335}
336
337static u16 get_comid_v100(const void *data)
338{
339 const struct d0_opal_v100 *v100 = data;
340
341 return be16_to_cpu(v100->baseComID);
342}
343
344static u16 get_comid_v200(const void *data)
345{
346 const struct d0_opal_v200 *v200 = data;
347
348 return be16_to_cpu(v200->baseComID);
349}
350
351static int opal_send_cmd(struct opal_dev *dev)
352{
353 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
354 dev->cmd, IO_BUFFER_LENGTH,
355 true);
356}
357
358static int opal_recv_cmd(struct opal_dev *dev)
359{
360 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
361 dev->resp, IO_BUFFER_LENGTH,
362 false);
363}
364
365static int opal_recv_check(struct opal_dev *dev)
366{
367 size_t buflen = IO_BUFFER_LENGTH;
368 void *buffer = dev->resp;
369 struct opal_header *hdr = buffer;
370 int ret;
371
372 do {
373 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
374 hdr->cp.outstandingData,
375 hdr->cp.minTransfer);
376
377 if (hdr->cp.outstandingData == 0 ||
378 hdr->cp.minTransfer != 0)
379 return 0;
380
381 memset(buffer, 0, buflen);
382 ret = opal_recv_cmd(dev);
383 } while (!ret);
384
385 return ret;
386}
387
388static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
389{
390 int ret;
391
392 ret = opal_send_cmd(dev);
393 if (ret)
394 return ret;
395 ret = opal_recv_cmd(dev);
396 if (ret)
397 return ret;
398 ret = opal_recv_check(dev);
399 if (ret)
400 return ret;
401 return cont(dev);
402}
403
404static void check_geometry(struct opal_dev *dev, const void *data)
405{
406 const struct d0_geometry_features *geo = data;
407
408 dev->align = be64_to_cpu(geo->alignment_granularity);
409 dev->lowest_lba = be64_to_cpu(geo->lowest_aligned_lba);
410}
411
412static int execute_step(struct opal_dev *dev,
413 const struct opal_step *step, size_t stepIndex)
414{
415 int error = step->fn(dev, step->data);
416
417 if (error) {
418 pr_debug("Step %zu (%pS) failed with error %d: %s\n",
419 stepIndex, step->fn, error,
420 opal_error_to_human(error));
421 }
422
423 return error;
424}
425
426static int execute_steps(struct opal_dev *dev,
427 const struct opal_step *steps, size_t n_steps)
428{
429 size_t state = 0;
430 int error;
431
432 /* first do a discovery0 */
433 error = opal_discovery0_step(dev);
434 if (error)
435 return error;
436
437 for (state = 0; state < n_steps; state++) {
438 error = execute_step(dev, &steps[state], state);
439 if (error)
440 goto out_error;
441 }
442
443 return 0;
444
445out_error:
446 /*
447 * For each OPAL command the first step in steps starts some sort of
448 * session. If an error occurred in the initial discovery0 or if an
449 * error occurred in the first step (and thus stopping the loop with
450 * state == 0) then there was an error before or during the attempt to
451 * start a session. Therefore we shouldn't attempt to terminate a
452 * session, as one has not yet been created.
453 */
454 if (state > 0)
455 end_opal_session_error(dev);
456
457 return error;
458}
459
460static int opal_discovery0_end(struct opal_dev *dev)
461{
462 bool found_com_id = false, supported = true, single_user = false;
463 const struct d0_header *hdr = (struct d0_header *)dev->resp;
464 const u8 *epos = dev->resp, *cpos = dev->resp;
465 u16 comid = 0;
466 u32 hlen = be32_to_cpu(hdr->length);
467
468 print_buffer(dev->resp, hlen);
469 dev->flags &= OPAL_FL_SUPPORTED;
470
471 if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
472 pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
473 sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
474 return -EFAULT;
475 }
476
477 epos += hlen; /* end of buffer */
478 cpos += sizeof(*hdr); /* current position on buffer */
479
480 while (cpos < epos && supported) {
481 const struct d0_features *body =
482 (const struct d0_features *)cpos;
483
484 switch (be16_to_cpu(body->code)) {
485 case FC_TPER:
486 supported = check_tper(body->features);
487 break;
488 case FC_SINGLEUSER:
489 single_user = check_sum(body->features);
490 break;
491 case FC_GEOMETRY:
492 check_geometry(dev, body);
493 break;
494 case FC_LOCKING:
495 if (check_lcksuppt(body->features))
496 dev->flags |= OPAL_FL_LOCKING_SUPPORTED;
497 if (check_lckenabled(body->features))
498 dev->flags |= OPAL_FL_LOCKING_ENABLED;
499 if (check_locked(body->features))
500 dev->flags |= OPAL_FL_LOCKED;
501 if (check_mbrenabled(body->features))
502 dev->flags |= OPAL_FL_MBR_ENABLED;
503 if (check_mbrdone(body->features))
504 dev->flags |= OPAL_FL_MBR_DONE;
505 break;
506 case FC_ENTERPRISE:
507 case FC_DATASTORE:
508 /* some ignored properties */
509 pr_debug("Found OPAL feature description: %d\n",
510 be16_to_cpu(body->code));
511 break;
512 case FC_OPALV100:
513 comid = get_comid_v100(body->features);
514 found_com_id = true;
515 break;
516 case FC_OPALV200:
517 comid = get_comid_v200(body->features);
518 found_com_id = true;
519 break;
520 case 0xbfff ... 0xffff:
521 /* vendor specific, just ignore */
522 break;
523 default:
524 pr_debug("OPAL Unknown feature: %d\n",
525 be16_to_cpu(body->code));
526
527 }
528 cpos += body->length + 4;
529 }
530
531 if (!supported) {
532 pr_debug("This device is not Opal enabled. Not Supported!\n");
533 return -EOPNOTSUPP;
534 }
535
536 if (!single_user)
537 pr_debug("Device doesn't support single user mode\n");
538
539
540 if (!found_com_id) {
541 pr_debug("Could not find OPAL comid for device. Returning early\n");
542 return -EOPNOTSUPP;
543 }
544
545 dev->comid = comid;
546
547 return 0;
548}
549
550static int opal_discovery0(struct opal_dev *dev, void *data)
551{
552 int ret;
553
554 memset(dev->resp, 0, IO_BUFFER_LENGTH);
555 dev->comid = OPAL_DISCOVERY_COMID;
556 ret = opal_recv_cmd(dev);
557 if (ret)
558 return ret;
559
560 return opal_discovery0_end(dev);
561}
562
563static int opal_discovery0_step(struct opal_dev *dev)
564{
565 const struct opal_step discovery0_step = {
566 opal_discovery0,
567 };
568
569 return execute_step(dev, &discovery0_step, 0);
570}
571
572static size_t remaining_size(struct opal_dev *cmd)
573{
574 return IO_BUFFER_LENGTH - cmd->pos;
575}
576
577static bool can_add(int *err, struct opal_dev *cmd, size_t len)
578{
579 if (*err)
580 return false;
581
582 if (remaining_size(cmd) < len) {
583 pr_debug("Error adding %zu bytes: end of buffer.\n", len);
584 *err = -ERANGE;
585 return false;
586 }
587
588 return true;
589}
590
591static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
592{
593 if (!can_add(err, cmd, 1))
594 return;
595
596 cmd->cmd[cmd->pos++] = tok;
597}
598
599static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
600 bool has_sign, int len)
601{
602 u8 atom;
603 int err = 0;
604
605 atom = SHORT_ATOM_ID;
606 atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
607 atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
608 atom |= len & SHORT_ATOM_LEN_MASK;
609
610 add_token_u8(&err, cmd, atom);
611}
612
613static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
614 bool has_sign, int len)
615{
616 u8 header0;
617
618 header0 = MEDIUM_ATOM_ID;
619 header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
620 header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
621 header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
622
623 cmd->cmd[cmd->pos++] = header0;
624 cmd->cmd[cmd->pos++] = len;
625}
626
627static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
628{
629 size_t len;
630 int msb;
631
632 if (!(number & ~TINY_ATOM_DATA_MASK)) {
633 add_token_u8(err, cmd, number);
634 return;
635 }
636
637 msb = fls64(number);
638 len = DIV_ROUND_UP(msb, 8);
639
640 if (!can_add(err, cmd, len + 1)) {
641 pr_debug("Error adding u64: end of buffer.\n");
642 return;
643 }
644 add_short_atom_header(cmd, false, false, len);
645 while (len--)
646 add_token_u8(err, cmd, number >> (len * 8));
647}
648
649static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len)
650{
651 size_t header_len = 1;
652 bool is_short_atom = true;
653
654 if (len & ~SHORT_ATOM_LEN_MASK) {
655 header_len = 2;
656 is_short_atom = false;
657 }
658
659 if (!can_add(err, cmd, header_len + len)) {
660 pr_debug("Error adding bytestring: end of buffer.\n");
661 return NULL;
662 }
663
664 if (is_short_atom)
665 add_short_atom_header(cmd, true, false, len);
666 else
667 add_medium_atom_header(cmd, true, false, len);
668
669 return &cmd->cmd[cmd->pos];
670}
671
672static void add_token_bytestring(int *err, struct opal_dev *cmd,
673 const u8 *bytestring, size_t len)
674{
675 u8 *start;
676
677 start = add_bytestring_header(err, cmd, len);
678 if (!start)
679 return;
680 memcpy(start, bytestring, len);
681 cmd->pos += len;
682}
683
684static int build_locking_range(u8 *buffer, size_t length, u8 lr)
685{
686 if (length > OPAL_UID_LENGTH) {
687 pr_debug("Can't build locking range. Length OOB\n");
688 return -ERANGE;
689 }
690
691 memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
692
693 if (lr == 0)
694 return 0;
695
696 buffer[5] = LOCKING_RANGE_NON_GLOBAL;
697 buffer[7] = lr;
698
699 return 0;
700}
701
702static int build_locking_user(u8 *buffer, size_t length, u8 lr)
703{
704 if (length > OPAL_UID_LENGTH) {
705 pr_debug("Can't build locking range user. Length OOB\n");
706 return -ERANGE;
707 }
708
709 memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
710
711 buffer[7] = lr + 1;
712
713 return 0;
714}
715
716static void set_comid(struct opal_dev *cmd, u16 comid)
717{
718 struct opal_header *hdr = (struct opal_header *)cmd->cmd;
719
720 hdr->cp.extendedComID[0] = comid >> 8;
721 hdr->cp.extendedComID[1] = comid;
722 hdr->cp.extendedComID[2] = 0;
723 hdr->cp.extendedComID[3] = 0;
724}
725
726static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
727{
728 struct opal_header *hdr;
729 int err = 0;
730
731 /*
732 * Close the parameter list opened from cmd_start.
733 * The number of bytes added must be equal to
734 * CMD_FINALIZE_BYTES_NEEDED.
735 */
736 add_token_u8(&err, cmd, OPAL_ENDLIST);
737
738 add_token_u8(&err, cmd, OPAL_ENDOFDATA);
739 add_token_u8(&err, cmd, OPAL_STARTLIST);
740 add_token_u8(&err, cmd, 0);
741 add_token_u8(&err, cmd, 0);
742 add_token_u8(&err, cmd, 0);
743 add_token_u8(&err, cmd, OPAL_ENDLIST);
744
745 if (err) {
746 pr_debug("Error finalizing command.\n");
747 return -EFAULT;
748 }
749
750 hdr = (struct opal_header *) cmd->cmd;
751
752 hdr->pkt.tsn = cpu_to_be32(tsn);
753 hdr->pkt.hsn = cpu_to_be32(hsn);
754
755 hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
756 while (cmd->pos % 4) {
757 if (cmd->pos >= IO_BUFFER_LENGTH) {
758 pr_debug("Error: Buffer overrun\n");
759 return -ERANGE;
760 }
761 cmd->cmd[cmd->pos++] = 0;
762 }
763 hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
764 sizeof(hdr->pkt));
765 hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
766
767 return 0;
768}
769
770static const struct opal_resp_tok *response_get_token(
771 const struct parsed_resp *resp,
772 int n)
773{
774 const struct opal_resp_tok *tok;
775
776 if (!resp) {
777 pr_debug("Response is NULL\n");
778 return ERR_PTR(-EINVAL);
779 }
780
781 if (n >= resp->num) {
782 pr_debug("Token number doesn't exist: %d, resp: %d\n",
783 n, resp->num);
784 return ERR_PTR(-EINVAL);
785 }
786
787 tok = &resp->toks[n];
788 if (tok->len == 0) {
789 pr_debug("Token length must be non-zero\n");
790 return ERR_PTR(-EINVAL);
791 }
792
793 return tok;
794}
795
796static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
797 const u8 *pos)
798{
799 tok->pos = pos;
800 tok->len = 1;
801 tok->width = OPAL_WIDTH_TINY;
802
803 if (pos[0] & TINY_ATOM_SIGNED) {
804 tok->type = OPAL_DTA_TOKENID_SINT;
805 } else {
806 tok->type = OPAL_DTA_TOKENID_UINT;
807 tok->stored.u = pos[0] & 0x3f;
808 }
809
810 return tok->len;
811}
812
813static ssize_t response_parse_short(struct opal_resp_tok *tok,
814 const u8 *pos)
815{
816 tok->pos = pos;
817 tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
818 tok->width = OPAL_WIDTH_SHORT;
819
820 if (pos[0] & SHORT_ATOM_BYTESTRING) {
821 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
822 } else if (pos[0] & SHORT_ATOM_SIGNED) {
823 tok->type = OPAL_DTA_TOKENID_SINT;
824 } else {
825 u64 u_integer = 0;
826 ssize_t i, b = 0;
827
828 tok->type = OPAL_DTA_TOKENID_UINT;
829 if (tok->len > 9) {
830 pr_debug("uint64 with more than 8 bytes\n");
831 return -EINVAL;
832 }
833 for (i = tok->len - 1; i > 0; i--) {
834 u_integer |= ((u64)pos[i] << (8 * b));
835 b++;
836 }
837 tok->stored.u = u_integer;
838 }
839
840 return tok->len;
841}
842
843static ssize_t response_parse_medium(struct opal_resp_tok *tok,
844 const u8 *pos)
845{
846 tok->pos = pos;
847 tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
848 tok->width = OPAL_WIDTH_MEDIUM;
849
850 if (pos[0] & MEDIUM_ATOM_BYTESTRING)
851 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
852 else if (pos[0] & MEDIUM_ATOM_SIGNED)
853 tok->type = OPAL_DTA_TOKENID_SINT;
854 else
855 tok->type = OPAL_DTA_TOKENID_UINT;
856
857 return tok->len;
858}
859
860static ssize_t response_parse_long(struct opal_resp_tok *tok,
861 const u8 *pos)
862{
863 tok->pos = pos;
864 tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
865 tok->width = OPAL_WIDTH_LONG;
866
867 if (pos[0] & LONG_ATOM_BYTESTRING)
868 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
869 else if (pos[0] & LONG_ATOM_SIGNED)
870 tok->type = OPAL_DTA_TOKENID_SINT;
871 else
872 tok->type = OPAL_DTA_TOKENID_UINT;
873
874 return tok->len;
875}
876
877static ssize_t response_parse_token(struct opal_resp_tok *tok,
878 const u8 *pos)
879{
880 tok->pos = pos;
881 tok->len = 1;
882 tok->type = OPAL_DTA_TOKENID_TOKEN;
883 tok->width = OPAL_WIDTH_TOKEN;
884
885 return tok->len;
886}
887
888static int response_parse(const u8 *buf, size_t length,
889 struct parsed_resp *resp)
890{
891 const struct opal_header *hdr;
892 struct opal_resp_tok *iter;
893 int num_entries = 0;
894 int total;
895 ssize_t token_length;
896 const u8 *pos;
897 u32 clen, plen, slen;
898
899 if (!buf)
900 return -EFAULT;
901
902 if (!resp)
903 return -EFAULT;
904
905 hdr = (struct opal_header *)buf;
906 pos = buf;
907 pos += sizeof(*hdr);
908
909 clen = be32_to_cpu(hdr->cp.length);
910 plen = be32_to_cpu(hdr->pkt.length);
911 slen = be32_to_cpu(hdr->subpkt.length);
912 pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
913 clen, plen, slen);
914
915 if (clen == 0 || plen == 0 || slen == 0 ||
916 slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
917 pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
918 clen, plen, slen);
919 print_buffer(pos, sizeof(*hdr));
920 return -EINVAL;
921 }
922
923 if (pos > buf + length)
924 return -EFAULT;
925
926 iter = resp->toks;
927 total = slen;
928 print_buffer(pos, total);
929 while (total > 0) {
930 if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
931 token_length = response_parse_tiny(iter, pos);
932 else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
933 token_length = response_parse_short(iter, pos);
934 else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
935 token_length = response_parse_medium(iter, pos);
936 else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
937 token_length = response_parse_long(iter, pos);
938 else /* TOKEN */
939 token_length = response_parse_token(iter, pos);
940
941 if (token_length < 0)
942 return token_length;
943
944 pos += token_length;
945 total -= token_length;
946 iter++;
947 num_entries++;
948 }
949
950 resp->num = num_entries;
951
952 return 0;
953}
954
955static size_t response_get_string(const struct parsed_resp *resp, int n,
956 const char **store)
957{
958 u8 skip;
959 const struct opal_resp_tok *tok;
960
961 *store = NULL;
962 tok = response_get_token(resp, n);
963 if (IS_ERR(tok))
964 return 0;
965
966 if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) {
967 pr_debug("Token is not a byte string!\n");
968 return 0;
969 }
970
971 switch (tok->width) {
972 case OPAL_WIDTH_TINY:
973 case OPAL_WIDTH_SHORT:
974 skip = 1;
975 break;
976 case OPAL_WIDTH_MEDIUM:
977 skip = 2;
978 break;
979 case OPAL_WIDTH_LONG:
980 skip = 4;
981 break;
982 default:
983 pr_debug("Token has invalid width!\n");
984 return 0;
985 }
986
987 *store = tok->pos + skip;
988
989 return tok->len - skip;
990}
991
992static u64 response_get_u64(const struct parsed_resp *resp, int n)
993{
994 const struct opal_resp_tok *tok;
995
996 tok = response_get_token(resp, n);
997 if (IS_ERR(tok))
998 return 0;
999
1000 if (tok->type != OPAL_DTA_TOKENID_UINT) {
1001 pr_debug("Token is not unsigned int: %d\n", tok->type);
1002 return 0;
1003 }
1004
1005 if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) {
1006 pr_debug("Atom is not short or tiny: %d\n", tok->width);
1007 return 0;
1008 }
1009
1010 return tok->stored.u;
1011}
1012
1013static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
1014{
1015 if (IS_ERR(token) ||
1016 token->type != OPAL_DTA_TOKENID_TOKEN ||
1017 token->pos[0] != match)
1018 return false;
1019 return true;
1020}
1021
1022static u8 response_status(const struct parsed_resp *resp)
1023{
1024 const struct opal_resp_tok *tok;
1025
1026 tok = response_get_token(resp, 0);
1027 if (response_token_matches(tok, OPAL_ENDOFSESSION))
1028 return 0;
1029
1030 if (resp->num < 5)
1031 return DTAERROR_NO_METHOD_STATUS;
1032
1033 tok = response_get_token(resp, resp->num - 5);
1034 if (!response_token_matches(tok, OPAL_STARTLIST))
1035 return DTAERROR_NO_METHOD_STATUS;
1036
1037 tok = response_get_token(resp, resp->num - 1);
1038 if (!response_token_matches(tok, OPAL_ENDLIST))
1039 return DTAERROR_NO_METHOD_STATUS;
1040
1041 return response_get_u64(resp, resp->num - 4);
1042}
1043
1044/* Parses and checks for errors */
1045static int parse_and_check_status(struct opal_dev *dev)
1046{
1047 int error;
1048
1049 print_buffer(dev->cmd, dev->pos);
1050
1051 error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
1052 if (error) {
1053 pr_debug("Couldn't parse response.\n");
1054 return error;
1055 }
1056
1057 return response_status(&dev->parsed);
1058}
1059
1060static void clear_opal_cmd(struct opal_dev *dev)
1061{
1062 dev->pos = sizeof(struct opal_header);
1063 memset(dev->cmd, 0, IO_BUFFER_LENGTH);
1064}
1065
1066static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method)
1067{
1068 int err = 0;
1069
1070 clear_opal_cmd(dev);
1071 set_comid(dev, dev->comid);
1072
1073 add_token_u8(&err, dev, OPAL_CALL);
1074 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1075 add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH);
1076
1077 /*
1078 * Every method call is followed by its parameters enclosed within
1079 * OPAL_STARTLIST and OPAL_ENDLIST tokens. We automatically open the
1080 * parameter list here and close it later in cmd_finalize.
1081 */
1082 add_token_u8(&err, dev, OPAL_STARTLIST);
1083
1084 return err;
1085}
1086
1087static int start_opal_session_cont(struct opal_dev *dev)
1088{
1089 u32 hsn, tsn;
1090 int error = 0;
1091
1092 error = parse_and_check_status(dev);
1093 if (error)
1094 return error;
1095
1096 hsn = response_get_u64(&dev->parsed, 4);
1097 tsn = response_get_u64(&dev->parsed, 5);
1098
1099 if (hsn != GENERIC_HOST_SESSION_NUM || tsn < FIRST_TPER_SESSION_NUM) {
1100 pr_debug("Couldn't authenticate session\n");
1101 return -EPERM;
1102 }
1103
1104 dev->hsn = hsn;
1105 dev->tsn = tsn;
1106
1107 return 0;
1108}
1109
1110static void add_suspend_info(struct opal_dev *dev,
1111 struct opal_suspend_data *sus)
1112{
1113 struct opal_suspend_data *iter;
1114
1115 list_for_each_entry(iter, &dev->unlk_lst, node) {
1116 if (iter->lr == sus->lr) {
1117 list_del(&iter->node);
1118 kfree(iter);
1119 break;
1120 }
1121 }
1122 list_add_tail(&sus->node, &dev->unlk_lst);
1123}
1124
1125static int end_session_cont(struct opal_dev *dev)
1126{
1127 dev->hsn = 0;
1128 dev->tsn = 0;
1129
1130 return parse_and_check_status(dev);
1131}
1132
1133static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1134{
1135 int ret;
1136
1137 ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1138 if (ret) {
1139 pr_debug("Error finalizing command buffer: %d\n", ret);
1140 return ret;
1141 }
1142
1143 print_buffer(dev->cmd, dev->pos);
1144
1145 return opal_send_recv(dev, cont);
1146}
1147
1148/*
1149 * request @column from table @table on device @dev. On success, the column
1150 * data will be available in dev->resp->tok[4]
1151 */
1152static int generic_get_column(struct opal_dev *dev, const u8 *table,
1153 u64 column)
1154{
1155 int err;
1156
1157 err = cmd_start(dev, table, opalmethod[OPAL_GET]);
1158
1159 add_token_u8(&err, dev, OPAL_STARTLIST);
1160
1161 add_token_u8(&err, dev, OPAL_STARTNAME);
1162 add_token_u8(&err, dev, OPAL_STARTCOLUMN);
1163 add_token_u64(&err, dev, column);
1164 add_token_u8(&err, dev, OPAL_ENDNAME);
1165
1166 add_token_u8(&err, dev, OPAL_STARTNAME);
1167 add_token_u8(&err, dev, OPAL_ENDCOLUMN);
1168 add_token_u64(&err, dev, column);
1169 add_token_u8(&err, dev, OPAL_ENDNAME);
1170
1171 add_token_u8(&err, dev, OPAL_ENDLIST);
1172
1173 if (err)
1174 return err;
1175
1176 return finalize_and_send(dev, parse_and_check_status);
1177}
1178
1179/*
1180 * see TCG SAS 5.3.2.3 for a description of the available columns
1181 *
1182 * the result is provided in dev->resp->tok[4]
1183 */
1184static int generic_get_table_info(struct opal_dev *dev, const u8 *table_uid,
1185 u64 column)
1186{
1187 u8 uid[OPAL_UID_LENGTH];
1188 const unsigned int half = OPAL_UID_LENGTH_HALF;
1189
1190 /* sed-opal UIDs can be split in two halves:
1191 * first: actual table index
1192 * second: relative index in the table
1193 * so we have to get the first half of the OPAL_TABLE_TABLE and use the
1194 * first part of the target table as relative index into that table
1195 */
1196 memcpy(uid, opaluid[OPAL_TABLE_TABLE], half);
1197 memcpy(uid + half, table_uid, half);
1198
1199 return generic_get_column(dev, uid, column);
1200}
1201
1202static int gen_key(struct opal_dev *dev, void *data)
1203{
1204 u8 uid[OPAL_UID_LENGTH];
1205 int err;
1206
1207 memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1208 kfree(dev->prev_data);
1209 dev->prev_data = NULL;
1210
1211 err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]);
1212
1213 if (err) {
1214 pr_debug("Error building gen key command\n");
1215 return err;
1216
1217 }
1218
1219 return finalize_and_send(dev, parse_and_check_status);
1220}
1221
1222static int get_active_key_cont(struct opal_dev *dev)
1223{
1224 const char *activekey;
1225 size_t keylen;
1226 int error = 0;
1227
1228 error = parse_and_check_status(dev);
1229 if (error)
1230 return error;
1231
1232 keylen = response_get_string(&dev->parsed, 4, &activekey);
1233 if (!activekey) {
1234 pr_debug("%s: Couldn't extract the Activekey from the response\n",
1235 __func__);
1236 return OPAL_INVAL_PARAM;
1237 }
1238
1239 dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1240
1241 if (!dev->prev_data)
1242 return -ENOMEM;
1243
1244 dev->prev_d_len = keylen;
1245
1246 return 0;
1247}
1248
1249static int get_active_key(struct opal_dev *dev, void *data)
1250{
1251 u8 uid[OPAL_UID_LENGTH];
1252 int err;
1253 u8 *lr = data;
1254
1255 err = build_locking_range(uid, sizeof(uid), *lr);
1256 if (err)
1257 return err;
1258
1259 err = generic_get_column(dev, uid, OPAL_ACTIVEKEY);
1260 if (err)
1261 return err;
1262
1263 return get_active_key_cont(dev);
1264}
1265
1266static int generic_table_write_data(struct opal_dev *dev, const u64 data,
1267 u64 offset, u64 size, const u8 *uid)
1268{
1269 const u8 __user *src = (u8 __user *)(uintptr_t)data;
1270 u8 *dst;
1271 u64 len;
1272 size_t off = 0;
1273 int err;
1274
1275 /* do we fit in the available space? */
1276 err = generic_get_table_info(dev, uid, OPAL_TABLE_ROWS);
1277 if (err) {
1278 pr_debug("Couldn't get the table size\n");
1279 return err;
1280 }
1281
1282 len = response_get_u64(&dev->parsed, 4);
1283 if (size > len || offset > len - size) {
1284 pr_debug("Does not fit in the table (%llu vs. %llu)\n",
1285 offset + size, len);
1286 return -ENOSPC;
1287 }
1288
1289 /* do the actual transmission(s) */
1290 while (off < size) {
1291 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1292 add_token_u8(&err, dev, OPAL_STARTNAME);
1293 add_token_u8(&err, dev, OPAL_WHERE);
1294 add_token_u64(&err, dev, offset + off);
1295 add_token_u8(&err, dev, OPAL_ENDNAME);
1296
1297 add_token_u8(&err, dev, OPAL_STARTNAME);
1298 add_token_u8(&err, dev, OPAL_VALUES);
1299
1300 /*
1301 * The bytestring header is either 1 or 2 bytes, so assume 2.
1302 * There also needs to be enough space to accommodate the
1303 * trailing OPAL_ENDNAME (1 byte) and tokens added by
1304 * cmd_finalize.
1305 */
1306 len = min(remaining_size(dev) - (2+1+CMD_FINALIZE_BYTES_NEEDED),
1307 (size_t)(size - off));
1308 pr_debug("Write bytes %zu+%llu/%llu\n", off, len, size);
1309
1310 dst = add_bytestring_header(&err, dev, len);
1311 if (!dst)
1312 break;
1313
1314 if (copy_from_user(dst, src + off, len)) {
1315 err = -EFAULT;
1316 break;
1317 }
1318
1319 dev->pos += len;
1320
1321 add_token_u8(&err, dev, OPAL_ENDNAME);
1322 if (err)
1323 break;
1324
1325 err = finalize_and_send(dev, parse_and_check_status);
1326 if (err)
1327 break;
1328
1329 off += len;
1330 }
1331
1332 return err;
1333}
1334
1335static int generic_lr_enable_disable(struct opal_dev *dev,
1336 u8 *uid, bool rle, bool wle,
1337 bool rl, bool wl)
1338{
1339 int err;
1340
1341 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1342
1343 add_token_u8(&err, dev, OPAL_STARTNAME);
1344 add_token_u8(&err, dev, OPAL_VALUES);
1345 add_token_u8(&err, dev, OPAL_STARTLIST);
1346
1347 add_token_u8(&err, dev, OPAL_STARTNAME);
1348 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1349 add_token_u8(&err, dev, rle);
1350 add_token_u8(&err, dev, OPAL_ENDNAME);
1351
1352 add_token_u8(&err, dev, OPAL_STARTNAME);
1353 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1354 add_token_u8(&err, dev, wle);
1355 add_token_u8(&err, dev, OPAL_ENDNAME);
1356
1357 add_token_u8(&err, dev, OPAL_STARTNAME);
1358 add_token_u8(&err, dev, OPAL_READLOCKED);
1359 add_token_u8(&err, dev, rl);
1360 add_token_u8(&err, dev, OPAL_ENDNAME);
1361
1362 add_token_u8(&err, dev, OPAL_STARTNAME);
1363 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1364 add_token_u8(&err, dev, wl);
1365 add_token_u8(&err, dev, OPAL_ENDNAME);
1366
1367 add_token_u8(&err, dev, OPAL_ENDLIST);
1368 add_token_u8(&err, dev, OPAL_ENDNAME);
1369
1370 return err;
1371}
1372
1373static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1374 struct opal_user_lr_setup *setup)
1375{
1376 int err;
1377
1378 err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1379 0, 0);
1380 if (err)
1381 pr_debug("Failed to create enable global lr command\n");
1382
1383 return err;
1384}
1385
1386static int setup_locking_range(struct opal_dev *dev, void *data)
1387{
1388 u8 uid[OPAL_UID_LENGTH];
1389 struct opal_user_lr_setup *setup = data;
1390 u8 lr;
1391 int err;
1392
1393 lr = setup->session.opal_key.lr;
1394 err = build_locking_range(uid, sizeof(uid), lr);
1395 if (err)
1396 return err;
1397
1398 if (lr == 0)
1399 err = enable_global_lr(dev, uid, setup);
1400 else {
1401 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1402
1403 add_token_u8(&err, dev, OPAL_STARTNAME);
1404 add_token_u8(&err, dev, OPAL_VALUES);
1405 add_token_u8(&err, dev, OPAL_STARTLIST);
1406
1407 add_token_u8(&err, dev, OPAL_STARTNAME);
1408 add_token_u8(&err, dev, OPAL_RANGESTART);
1409 add_token_u64(&err, dev, setup->range_start);
1410 add_token_u8(&err, dev, OPAL_ENDNAME);
1411
1412 add_token_u8(&err, dev, OPAL_STARTNAME);
1413 add_token_u8(&err, dev, OPAL_RANGELENGTH);
1414 add_token_u64(&err, dev, setup->range_length);
1415 add_token_u8(&err, dev, OPAL_ENDNAME);
1416
1417 add_token_u8(&err, dev, OPAL_STARTNAME);
1418 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1419 add_token_u64(&err, dev, !!setup->RLE);
1420 add_token_u8(&err, dev, OPAL_ENDNAME);
1421
1422 add_token_u8(&err, dev, OPAL_STARTNAME);
1423 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1424 add_token_u64(&err, dev, !!setup->WLE);
1425 add_token_u8(&err, dev, OPAL_ENDNAME);
1426
1427 add_token_u8(&err, dev, OPAL_ENDLIST);
1428 add_token_u8(&err, dev, OPAL_ENDNAME);
1429 }
1430 if (err) {
1431 pr_debug("Error building Setup Locking range command.\n");
1432 return err;
1433 }
1434
1435 return finalize_and_send(dev, parse_and_check_status);
1436}
1437
1438static int start_generic_opal_session(struct opal_dev *dev,
1439 enum opal_uid auth,
1440 enum opal_uid sp_type,
1441 const char *key,
1442 u8 key_len)
1443{
1444 u32 hsn;
1445 int err;
1446
1447 if (key == NULL && auth != OPAL_ANYBODY_UID)
1448 return OPAL_INVAL_PARAM;
1449
1450 hsn = GENERIC_HOST_SESSION_NUM;
1451 err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1452 opalmethod[OPAL_STARTSESSION]);
1453
1454 add_token_u64(&err, dev, hsn);
1455 add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1456 add_token_u8(&err, dev, 1);
1457
1458 switch (auth) {
1459 case OPAL_ANYBODY_UID:
1460 break;
1461 case OPAL_ADMIN1_UID:
1462 case OPAL_SID_UID:
1463 case OPAL_PSID_UID:
1464 add_token_u8(&err, dev, OPAL_STARTNAME);
1465 add_token_u8(&err, dev, 0); /* HostChallenge */
1466 add_token_bytestring(&err, dev, key, key_len);
1467 add_token_u8(&err, dev, OPAL_ENDNAME);
1468 add_token_u8(&err, dev, OPAL_STARTNAME);
1469 add_token_u8(&err, dev, 3); /* HostSignAuth */
1470 add_token_bytestring(&err, dev, opaluid[auth],
1471 OPAL_UID_LENGTH);
1472 add_token_u8(&err, dev, OPAL_ENDNAME);
1473 break;
1474 default:
1475 pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1476 return OPAL_INVAL_PARAM;
1477 }
1478
1479 if (err) {
1480 pr_debug("Error building start adminsp session command.\n");
1481 return err;
1482 }
1483
1484 return finalize_and_send(dev, start_opal_session_cont);
1485}
1486
1487static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1488{
1489 return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1490 OPAL_ADMINSP_UID, NULL, 0);
1491}
1492
1493static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1494{
1495 int ret;
1496 const u8 *key = dev->prev_data;
1497
1498 if (!key) {
1499 const struct opal_key *okey = data;
1500
1501 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1502 OPAL_ADMINSP_UID,
1503 okey->key,
1504 okey->key_len);
1505 } else {
1506 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1507 OPAL_ADMINSP_UID,
1508 key, dev->prev_d_len);
1509 kfree(key);
1510 dev->prev_data = NULL;
1511 }
1512
1513 return ret;
1514}
1515
1516static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1517{
1518 struct opal_key *key = data;
1519
1520 return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1521 OPAL_LOCKINGSP_UID,
1522 key->key, key->key_len);
1523}
1524
1525static int start_PSID_opal_session(struct opal_dev *dev, void *data)
1526{
1527 const struct opal_key *okey = data;
1528
1529 return start_generic_opal_session(dev, OPAL_PSID_UID,
1530 OPAL_ADMINSP_UID,
1531 okey->key,
1532 okey->key_len);
1533}
1534
1535static int start_auth_opal_session(struct opal_dev *dev, void *data)
1536{
1537 struct opal_session_info *session = data;
1538 u8 lk_ul_user[OPAL_UID_LENGTH];
1539 size_t keylen = session->opal_key.key_len;
1540 int err = 0;
1541
1542 u8 *key = session->opal_key.key;
1543 u32 hsn = GENERIC_HOST_SESSION_NUM;
1544
1545 if (session->sum)
1546 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1547 session->opal_key.lr);
1548 else if (session->who != OPAL_ADMIN1 && !session->sum)
1549 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1550 session->who - 1);
1551 else
1552 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1553
1554 if (err)
1555 return err;
1556
1557 err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1558 opalmethod[OPAL_STARTSESSION]);
1559
1560 add_token_u64(&err, dev, hsn);
1561 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1562 OPAL_UID_LENGTH);
1563 add_token_u8(&err, dev, 1);
1564 add_token_u8(&err, dev, OPAL_STARTNAME);
1565 add_token_u8(&err, dev, 0);
1566 add_token_bytestring(&err, dev, key, keylen);
1567 add_token_u8(&err, dev, OPAL_ENDNAME);
1568 add_token_u8(&err, dev, OPAL_STARTNAME);
1569 add_token_u8(&err, dev, 3);
1570 add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1571 add_token_u8(&err, dev, OPAL_ENDNAME);
1572
1573 if (err) {
1574 pr_debug("Error building STARTSESSION command.\n");
1575 return err;
1576 }
1577
1578 return finalize_and_send(dev, start_opal_session_cont);
1579}
1580
1581static int revert_tper(struct opal_dev *dev, void *data)
1582{
1583 int err;
1584
1585 err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID],
1586 opalmethod[OPAL_REVERT]);
1587 if (err) {
1588 pr_debug("Error building REVERT TPER command.\n");
1589 return err;
1590 }
1591
1592 return finalize_and_send(dev, parse_and_check_status);
1593}
1594
1595static int internal_activate_user(struct opal_dev *dev, void *data)
1596{
1597 struct opal_session_info *session = data;
1598 u8 uid[OPAL_UID_LENGTH];
1599 int err;
1600
1601 memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1602 uid[7] = session->who;
1603
1604 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1605 add_token_u8(&err, dev, OPAL_STARTNAME);
1606 add_token_u8(&err, dev, OPAL_VALUES);
1607 add_token_u8(&err, dev, OPAL_STARTLIST);
1608 add_token_u8(&err, dev, OPAL_STARTNAME);
1609 add_token_u8(&err, dev, 5); /* Enabled */
1610 add_token_u8(&err, dev, OPAL_TRUE);
1611 add_token_u8(&err, dev, OPAL_ENDNAME);
1612 add_token_u8(&err, dev, OPAL_ENDLIST);
1613 add_token_u8(&err, dev, OPAL_ENDNAME);
1614
1615 if (err) {
1616 pr_debug("Error building Activate UserN command.\n");
1617 return err;
1618 }
1619
1620 return finalize_and_send(dev, parse_and_check_status);
1621}
1622
1623static int erase_locking_range(struct opal_dev *dev, void *data)
1624{
1625 struct opal_session_info *session = data;
1626 u8 uid[OPAL_UID_LENGTH];
1627 int err;
1628
1629 if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1630 return -ERANGE;
1631
1632 err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]);
1633
1634 if (err) {
1635 pr_debug("Error building Erase Locking Range Command.\n");
1636 return err;
1637 }
1638
1639 return finalize_and_send(dev, parse_and_check_status);
1640}
1641
1642static int set_mbr_done(struct opal_dev *dev, void *data)
1643{
1644 u8 *mbr_done_tf = data;
1645 int err;
1646
1647 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1648 opalmethod[OPAL_SET]);
1649
1650 add_token_u8(&err, dev, OPAL_STARTNAME);
1651 add_token_u8(&err, dev, OPAL_VALUES);
1652 add_token_u8(&err, dev, OPAL_STARTLIST);
1653 add_token_u8(&err, dev, OPAL_STARTNAME);
1654 add_token_u8(&err, dev, OPAL_MBRDONE);
1655 add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */
1656 add_token_u8(&err, dev, OPAL_ENDNAME);
1657 add_token_u8(&err, dev, OPAL_ENDLIST);
1658 add_token_u8(&err, dev, OPAL_ENDNAME);
1659
1660 if (err) {
1661 pr_debug("Error Building set MBR Done command\n");
1662 return err;
1663 }
1664
1665 return finalize_and_send(dev, parse_and_check_status);
1666}
1667
1668static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1669{
1670 u8 *mbr_en_dis = data;
1671 int err;
1672
1673 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1674 opalmethod[OPAL_SET]);
1675
1676 add_token_u8(&err, dev, OPAL_STARTNAME);
1677 add_token_u8(&err, dev, OPAL_VALUES);
1678 add_token_u8(&err, dev, OPAL_STARTLIST);
1679 add_token_u8(&err, dev, OPAL_STARTNAME);
1680 add_token_u8(&err, dev, OPAL_MBRENABLE);
1681 add_token_u8(&err, dev, *mbr_en_dis);
1682 add_token_u8(&err, dev, OPAL_ENDNAME);
1683 add_token_u8(&err, dev, OPAL_ENDLIST);
1684 add_token_u8(&err, dev, OPAL_ENDNAME);
1685
1686 if (err) {
1687 pr_debug("Error Building set MBR done command\n");
1688 return err;
1689 }
1690
1691 return finalize_and_send(dev, parse_and_check_status);
1692}
1693
1694static int write_shadow_mbr(struct opal_dev *dev, void *data)
1695{
1696 struct opal_shadow_mbr *shadow = data;
1697
1698 return generic_table_write_data(dev, shadow->data, shadow->offset,
1699 shadow->size, opaluid[OPAL_MBR]);
1700}
1701
1702static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1703 struct opal_dev *dev)
1704{
1705 int err;
1706
1707 err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]);
1708
1709 add_token_u8(&err, dev, OPAL_STARTNAME);
1710 add_token_u8(&err, dev, OPAL_VALUES);
1711 add_token_u8(&err, dev, OPAL_STARTLIST);
1712 add_token_u8(&err, dev, OPAL_STARTNAME);
1713 add_token_u8(&err, dev, OPAL_PIN);
1714 add_token_bytestring(&err, dev, key, key_len);
1715 add_token_u8(&err, dev, OPAL_ENDNAME);
1716 add_token_u8(&err, dev, OPAL_ENDLIST);
1717 add_token_u8(&err, dev, OPAL_ENDNAME);
1718
1719 return err;
1720}
1721
1722static int set_new_pw(struct opal_dev *dev, void *data)
1723{
1724 u8 cpin_uid[OPAL_UID_LENGTH];
1725 struct opal_session_info *usr = data;
1726
1727 memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1728
1729 if (usr->who != OPAL_ADMIN1) {
1730 cpin_uid[5] = 0x03;
1731 if (usr->sum)
1732 cpin_uid[7] = usr->opal_key.lr + 1;
1733 else
1734 cpin_uid[7] = usr->who;
1735 }
1736
1737 if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
1738 cpin_uid, dev)) {
1739 pr_debug("Error building set password command.\n");
1740 return -ERANGE;
1741 }
1742
1743 return finalize_and_send(dev, parse_and_check_status);
1744}
1745
1746static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
1747{
1748 u8 cpin_uid[OPAL_UID_LENGTH];
1749 struct opal_key *key = data;
1750
1751 memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
1752
1753 if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
1754 pr_debug("Error building Set SID cpin\n");
1755 return -ERANGE;
1756 }
1757 return finalize_and_send(dev, parse_and_check_status);
1758}
1759
1760static int add_user_to_lr(struct opal_dev *dev, void *data)
1761{
1762 u8 lr_buffer[OPAL_UID_LENGTH];
1763 u8 user_uid[OPAL_UID_LENGTH];
1764 struct opal_lock_unlock *lkul = data;
1765 int err;
1766
1767 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_RDLOCKED],
1768 OPAL_UID_LENGTH);
1769
1770 if (lkul->l_state == OPAL_RW)
1771 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_WRLOCKED],
1772 OPAL_UID_LENGTH);
1773
1774 lr_buffer[7] = lkul->session.opal_key.lr;
1775
1776 memcpy(user_uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1777
1778 user_uid[7] = lkul->session.who;
1779
1780 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1781
1782 add_token_u8(&err, dev, OPAL_STARTNAME);
1783 add_token_u8(&err, dev, OPAL_VALUES);
1784
1785 add_token_u8(&err, dev, OPAL_STARTLIST);
1786 add_token_u8(&err, dev, OPAL_STARTNAME);
1787 add_token_u8(&err, dev, 3);
1788
1789 add_token_u8(&err, dev, OPAL_STARTLIST);
1790
1791
1792 add_token_u8(&err, dev, OPAL_STARTNAME);
1793 add_token_bytestring(&err, dev,
1794 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1795 OPAL_UID_LENGTH/2);
1796 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1797 add_token_u8(&err, dev, OPAL_ENDNAME);
1798
1799
1800 add_token_u8(&err, dev, OPAL_STARTNAME);
1801 add_token_bytestring(&err, dev,
1802 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1803 OPAL_UID_LENGTH/2);
1804 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1805 add_token_u8(&err, dev, OPAL_ENDNAME);
1806
1807
1808 add_token_u8(&err, dev, OPAL_STARTNAME);
1809 add_token_bytestring(&err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
1810 OPAL_UID_LENGTH/2);
1811 add_token_u8(&err, dev, 1);
1812 add_token_u8(&err, dev, OPAL_ENDNAME);
1813
1814
1815 add_token_u8(&err, dev, OPAL_ENDLIST);
1816 add_token_u8(&err, dev, OPAL_ENDNAME);
1817 add_token_u8(&err, dev, OPAL_ENDLIST);
1818 add_token_u8(&err, dev, OPAL_ENDNAME);
1819
1820 if (err) {
1821 pr_debug("Error building add user to locking range command.\n");
1822 return err;
1823 }
1824
1825 return finalize_and_send(dev, parse_and_check_status);
1826}
1827
1828static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
1829{
1830 u8 lr_buffer[OPAL_UID_LENGTH];
1831 struct opal_lock_unlock *lkul = data;
1832 u8 read_locked = 1, write_locked = 1;
1833 int err = 0;
1834
1835 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1836 lkul->session.opal_key.lr) < 0)
1837 return -ERANGE;
1838
1839 switch (lkul->l_state) {
1840 case OPAL_RO:
1841 read_locked = 0;
1842 write_locked = 1;
1843 break;
1844 case OPAL_RW:
1845 read_locked = 0;
1846 write_locked = 0;
1847 break;
1848 case OPAL_LK:
1849 /* vars are initialized to locked */
1850 break;
1851 default:
1852 pr_debug("Tried to set an invalid locking state... returning to uland\n");
1853 return OPAL_INVAL_PARAM;
1854 }
1855
1856 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1857
1858 add_token_u8(&err, dev, OPAL_STARTNAME);
1859 add_token_u8(&err, dev, OPAL_VALUES);
1860 add_token_u8(&err, dev, OPAL_STARTLIST);
1861
1862 add_token_u8(&err, dev, OPAL_STARTNAME);
1863 add_token_u8(&err, dev, OPAL_READLOCKED);
1864 add_token_u8(&err, dev, read_locked);
1865 add_token_u8(&err, dev, OPAL_ENDNAME);
1866
1867 add_token_u8(&err, dev, OPAL_STARTNAME);
1868 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1869 add_token_u8(&err, dev, write_locked);
1870 add_token_u8(&err, dev, OPAL_ENDNAME);
1871
1872 add_token_u8(&err, dev, OPAL_ENDLIST);
1873 add_token_u8(&err, dev, OPAL_ENDNAME);
1874
1875 if (err) {
1876 pr_debug("Error building SET command.\n");
1877 return err;
1878 }
1879
1880 return finalize_and_send(dev, parse_and_check_status);
1881}
1882
1883
1884static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
1885{
1886 u8 lr_buffer[OPAL_UID_LENGTH];
1887 u8 read_locked = 1, write_locked = 1;
1888 struct opal_lock_unlock *lkul = data;
1889 int ret;
1890
1891 clear_opal_cmd(dev);
1892 set_comid(dev, dev->comid);
1893
1894 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1895 lkul->session.opal_key.lr) < 0)
1896 return -ERANGE;
1897
1898 switch (lkul->l_state) {
1899 case OPAL_RO:
1900 read_locked = 0;
1901 write_locked = 1;
1902 break;
1903 case OPAL_RW:
1904 read_locked = 0;
1905 write_locked = 0;
1906 break;
1907 case OPAL_LK:
1908 /* vars are initialized to locked */
1909 break;
1910 default:
1911 pr_debug("Tried to set an invalid locking state.\n");
1912 return OPAL_INVAL_PARAM;
1913 }
1914 ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
1915 read_locked, write_locked);
1916
1917 if (ret < 0) {
1918 pr_debug("Error building SET command.\n");
1919 return ret;
1920 }
1921
1922 return finalize_and_send(dev, parse_and_check_status);
1923}
1924
1925static int activate_lsp(struct opal_dev *dev, void *data)
1926{
1927 struct opal_lr_act *opal_act = data;
1928 u8 user_lr[OPAL_UID_LENGTH];
1929 int err, i;
1930
1931 err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID],
1932 opalmethod[OPAL_ACTIVATE]);
1933
1934 if (opal_act->sum) {
1935 err = build_locking_range(user_lr, sizeof(user_lr),
1936 opal_act->lr[0]);
1937 if (err)
1938 return err;
1939
1940 add_token_u8(&err, dev, OPAL_STARTNAME);
1941 add_token_u64(&err, dev, OPAL_SUM_SET_LIST);
1942
1943 add_token_u8(&err, dev, OPAL_STARTLIST);
1944 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1945 for (i = 1; i < opal_act->num_lrs; i++) {
1946 user_lr[7] = opal_act->lr[i];
1947 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1948 }
1949 add_token_u8(&err, dev, OPAL_ENDLIST);
1950 add_token_u8(&err, dev, OPAL_ENDNAME);
1951 }
1952
1953 if (err) {
1954 pr_debug("Error building Activate LockingSP command.\n");
1955 return err;
1956 }
1957
1958 return finalize_and_send(dev, parse_and_check_status);
1959}
1960
1961/* Determine if we're in the Manufactured Inactive or Active state */
1962static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
1963{
1964 u8 lc_status;
1965 int err;
1966
1967 err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID],
1968 OPAL_LIFECYCLE);
1969 if (err)
1970 return err;
1971
1972 lc_status = response_get_u64(&dev->parsed, 4);
1973 /* 0x08 is Manufactured Inactive */
1974 /* 0x09 is Manufactured */
1975 if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
1976 pr_debug("Couldn't determine the status of the Lifecycle state\n");
1977 return -ENODEV;
1978 }
1979
1980 return 0;
1981}
1982
1983static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
1984{
1985 const char *msid_pin;
1986 size_t strlen;
1987 int err;
1988
1989 err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN);
1990 if (err)
1991 return err;
1992
1993 strlen = response_get_string(&dev->parsed, 4, &msid_pin);
1994 if (!msid_pin) {
1995 pr_debug("Couldn't extract MSID_CPIN from response\n");
1996 return OPAL_INVAL_PARAM;
1997 }
1998
1999 dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
2000 if (!dev->prev_data)
2001 return -ENOMEM;
2002
2003 dev->prev_d_len = strlen;
2004
2005 return 0;
2006}
2007
2008static int write_table_data(struct opal_dev *dev, void *data)
2009{
2010 struct opal_read_write_table *write_tbl = data;
2011
2012 return generic_table_write_data(dev, write_tbl->data, write_tbl->offset,
2013 write_tbl->size, write_tbl->table_uid);
2014}
2015
2016static int read_table_data_cont(struct opal_dev *dev)
2017{
2018 int err;
2019 const char *data_read;
2020
2021 err = parse_and_check_status(dev);
2022 if (err)
2023 return err;
2024
2025 dev->prev_d_len = response_get_string(&dev->parsed, 1, &data_read);
2026 dev->prev_data = (void *)data_read;
2027 if (!dev->prev_data) {
2028 pr_debug("%s: Couldn't read data from the table.\n", __func__);
2029 return OPAL_INVAL_PARAM;
2030 }
2031
2032 return 0;
2033}
2034
2035/*
2036 * IO_BUFFER_LENGTH = 2048
2037 * sizeof(header) = 56
2038 * No. of Token Bytes in the Response = 11
2039 * MAX size of data that can be carried in response buffer
2040 * at a time is : 2048 - (56 + 11) = 1981 = 0x7BD.
2041 */
2042#define OPAL_MAX_READ_TABLE (0x7BD)
2043
2044static int read_table_data(struct opal_dev *dev, void *data)
2045{
2046 struct opal_read_write_table *read_tbl = data;
2047 int err;
2048 size_t off = 0, max_read_size = OPAL_MAX_READ_TABLE;
2049 u64 table_len, len;
2050 u64 offset = read_tbl->offset, read_size = read_tbl->size - 1;
2051 u8 __user *dst;
2052
2053 err = generic_get_table_info(dev, read_tbl->table_uid, OPAL_TABLE_ROWS);
2054 if (err) {
2055 pr_debug("Couldn't get the table size\n");
2056 return err;
2057 }
2058
2059 table_len = response_get_u64(&dev->parsed, 4);
2060
2061 /* Check if the user is trying to read from the table limits */
2062 if (read_size > table_len || offset > table_len - read_size) {
2063 pr_debug("Read size exceeds the Table size limits (%llu vs. %llu)\n",
2064 offset + read_size, table_len);
2065 return -EINVAL;
2066 }
2067
2068 while (off < read_size) {
2069 err = cmd_start(dev, read_tbl->table_uid, opalmethod[OPAL_GET]);
2070
2071 add_token_u8(&err, dev, OPAL_STARTLIST);
2072 add_token_u8(&err, dev, OPAL_STARTNAME);
2073 add_token_u8(&err, dev, OPAL_STARTROW);
2074 add_token_u64(&err, dev, offset + off); /* start row value */
2075 add_token_u8(&err, dev, OPAL_ENDNAME);
2076
2077 add_token_u8(&err, dev, OPAL_STARTNAME);
2078 add_token_u8(&err, dev, OPAL_ENDROW);
2079
2080 len = min(max_read_size, (size_t)(read_size - off));
2081 add_token_u64(&err, dev, offset + off + len); /* end row value
2082 */
2083 add_token_u8(&err, dev, OPAL_ENDNAME);
2084 add_token_u8(&err, dev, OPAL_ENDLIST);
2085
2086 if (err) {
2087 pr_debug("Error building read table data command.\n");
2088 break;
2089 }
2090
2091 err = finalize_and_send(dev, read_table_data_cont);
2092 if (err)
2093 break;
2094
2095 /* len+1: This includes the NULL terminator at the end*/
2096 if (dev->prev_d_len > len + 1) {
2097 err = -EOVERFLOW;
2098 break;
2099 }
2100
2101 dst = (u8 __user *)(uintptr_t)read_tbl->data;
2102 if (copy_to_user(dst + off, dev->prev_data, dev->prev_d_len)) {
2103 pr_debug("Error copying data to userspace\n");
2104 err = -EFAULT;
2105 break;
2106 }
2107 dev->prev_data = NULL;
2108
2109 off += len;
2110 }
2111
2112 return err;
2113}
2114
2115static int end_opal_session(struct opal_dev *dev, void *data)
2116{
2117 int err = 0;
2118
2119 clear_opal_cmd(dev);
2120 set_comid(dev, dev->comid);
2121 add_token_u8(&err, dev, OPAL_ENDOFSESSION);
2122
2123 if (err < 0)
2124 return err;
2125
2126 return finalize_and_send(dev, end_session_cont);
2127}
2128
2129static int end_opal_session_error(struct opal_dev *dev)
2130{
2131 const struct opal_step error_end_session = {
2132 end_opal_session,
2133 };
2134
2135 return execute_step(dev, &error_end_session, 0);
2136}
2137
2138static inline void setup_opal_dev(struct opal_dev *dev)
2139{
2140 dev->tsn = 0;
2141 dev->hsn = 0;
2142 dev->prev_data = NULL;
2143}
2144
2145static int check_opal_support(struct opal_dev *dev)
2146{
2147 int ret;
2148
2149 mutex_lock(&dev->dev_lock);
2150 setup_opal_dev(dev);
2151 ret = opal_discovery0_step(dev);
2152 if (!ret)
2153 dev->flags |= OPAL_FL_SUPPORTED;
2154 mutex_unlock(&dev->dev_lock);
2155
2156 return ret;
2157}
2158
2159static void clean_opal_dev(struct opal_dev *dev)
2160{
2161
2162 struct opal_suspend_data *suspend, *next;
2163
2164 mutex_lock(&dev->dev_lock);
2165 list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
2166 list_del(&suspend->node);
2167 kfree(suspend);
2168 }
2169 mutex_unlock(&dev->dev_lock);
2170}
2171
2172void free_opal_dev(struct opal_dev *dev)
2173{
2174 if (!dev)
2175 return;
2176
2177 clean_opal_dev(dev);
2178 kfree(dev->resp);
2179 kfree(dev->cmd);
2180 kfree(dev);
2181}
2182EXPORT_SYMBOL(free_opal_dev);
2183
2184struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2185{
2186 struct opal_dev *dev;
2187
2188 dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2189 if (!dev)
2190 return NULL;
2191
2192 /*
2193 * Presumably DMA-able buffers must be cache-aligned. Kmalloc makes
2194 * sure the allocated buffer is DMA-safe in that regard.
2195 */
2196 dev->cmd = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2197 if (!dev->cmd)
2198 goto err_free_dev;
2199
2200 dev->resp = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2201 if (!dev->resp)
2202 goto err_free_cmd;
2203
2204 INIT_LIST_HEAD(&dev->unlk_lst);
2205 mutex_init(&dev->dev_lock);
2206 dev->flags = 0;
2207 dev->data = data;
2208 dev->send_recv = send_recv;
2209 if (check_opal_support(dev) != 0) {
2210 pr_debug("Opal is not supported on this device\n");
2211 goto err_free_resp;
2212 }
2213
2214 return dev;
2215
2216err_free_resp:
2217 kfree(dev->resp);
2218
2219err_free_cmd:
2220 kfree(dev->cmd);
2221
2222err_free_dev:
2223 kfree(dev);
2224
2225 return NULL;
2226}
2227EXPORT_SYMBOL(init_opal_dev);
2228
2229static int opal_secure_erase_locking_range(struct opal_dev *dev,
2230 struct opal_session_info *opal_session)
2231{
2232 const struct opal_step erase_steps[] = {
2233 { start_auth_opal_session, opal_session },
2234 { get_active_key, &opal_session->opal_key.lr },
2235 { gen_key, },
2236 { end_opal_session, }
2237 };
2238 int ret;
2239
2240 mutex_lock(&dev->dev_lock);
2241 setup_opal_dev(dev);
2242 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2243 mutex_unlock(&dev->dev_lock);
2244
2245 return ret;
2246}
2247
2248static int opal_erase_locking_range(struct opal_dev *dev,
2249 struct opal_session_info *opal_session)
2250{
2251 const struct opal_step erase_steps[] = {
2252 { start_auth_opal_session, opal_session },
2253 { erase_locking_range, opal_session },
2254 { end_opal_session, }
2255 };
2256 int ret;
2257
2258 mutex_lock(&dev->dev_lock);
2259 setup_opal_dev(dev);
2260 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2261 mutex_unlock(&dev->dev_lock);
2262
2263 return ret;
2264}
2265
2266static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2267 struct opal_mbr_data *opal_mbr)
2268{
2269 u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ?
2270 OPAL_TRUE : OPAL_FALSE;
2271
2272 const struct opal_step mbr_steps[] = {
2273 { start_admin1LSP_opal_session, &opal_mbr->key },
2274 { set_mbr_done, &enable_disable },
2275 { end_opal_session, },
2276 { start_admin1LSP_opal_session, &opal_mbr->key },
2277 { set_mbr_enable_disable, &enable_disable },
2278 { end_opal_session, }
2279 };
2280 int ret;
2281
2282 if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2283 opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2284 return -EINVAL;
2285
2286 mutex_lock(&dev->dev_lock);
2287 setup_opal_dev(dev);
2288 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2289 mutex_unlock(&dev->dev_lock);
2290
2291 return ret;
2292}
2293
2294static int opal_set_mbr_done(struct opal_dev *dev,
2295 struct opal_mbr_done *mbr_done)
2296{
2297 u8 mbr_done_tf = mbr_done->done_flag == OPAL_MBR_DONE ?
2298 OPAL_TRUE : OPAL_FALSE;
2299
2300 const struct opal_step mbr_steps[] = {
2301 { start_admin1LSP_opal_session, &mbr_done->key },
2302 { set_mbr_done, &mbr_done_tf },
2303 { end_opal_session, }
2304 };
2305 int ret;
2306
2307 if (mbr_done->done_flag != OPAL_MBR_DONE &&
2308 mbr_done->done_flag != OPAL_MBR_NOT_DONE)
2309 return -EINVAL;
2310
2311 mutex_lock(&dev->dev_lock);
2312 setup_opal_dev(dev);
2313 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2314 mutex_unlock(&dev->dev_lock);
2315
2316 return ret;
2317}
2318
2319static int opal_write_shadow_mbr(struct opal_dev *dev,
2320 struct opal_shadow_mbr *info)
2321{
2322 const struct opal_step mbr_steps[] = {
2323 { start_admin1LSP_opal_session, &info->key },
2324 { write_shadow_mbr, info },
2325 { end_opal_session, }
2326 };
2327 int ret;
2328
2329 if (info->size == 0)
2330 return 0;
2331
2332 mutex_lock(&dev->dev_lock);
2333 setup_opal_dev(dev);
2334 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2335 mutex_unlock(&dev->dev_lock);
2336
2337 return ret;
2338}
2339
2340static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2341{
2342 struct opal_suspend_data *suspend;
2343
2344 suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2345 if (!suspend)
2346 return -ENOMEM;
2347
2348 suspend->unlk = *lk_unlk;
2349 suspend->lr = lk_unlk->session.opal_key.lr;
2350
2351 mutex_lock(&dev->dev_lock);
2352 setup_opal_dev(dev);
2353 add_suspend_info(dev, suspend);
2354 mutex_unlock(&dev->dev_lock);
2355
2356 return 0;
2357}
2358
2359static int opal_add_user_to_lr(struct opal_dev *dev,
2360 struct opal_lock_unlock *lk_unlk)
2361{
2362 const struct opal_step steps[] = {
2363 { start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2364 { add_user_to_lr, lk_unlk },
2365 { end_opal_session, }
2366 };
2367 int ret;
2368
2369 if (lk_unlk->l_state != OPAL_RO &&
2370 lk_unlk->l_state != OPAL_RW) {
2371 pr_debug("Locking state was not RO or RW\n");
2372 return -EINVAL;
2373 }
2374
2375 if (lk_unlk->session.who < OPAL_USER1 ||
2376 lk_unlk->session.who > OPAL_USER9) {
2377 pr_debug("Authority was not within the range of users: %d\n",
2378 lk_unlk->session.who);
2379 return -EINVAL;
2380 }
2381
2382 if (lk_unlk->session.sum) {
2383 pr_debug("%s not supported in sum. Use setup locking range\n",
2384 __func__);
2385 return -EINVAL;
2386 }
2387
2388 mutex_lock(&dev->dev_lock);
2389 setup_opal_dev(dev);
2390 ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2391 mutex_unlock(&dev->dev_lock);
2392
2393 return ret;
2394}
2395
2396static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psid)
2397{
2398 /* controller will terminate session */
2399 const struct opal_step revert_steps[] = {
2400 { start_SIDASP_opal_session, opal },
2401 { revert_tper, }
2402 };
2403 const struct opal_step psid_revert_steps[] = {
2404 { start_PSID_opal_session, opal },
2405 { revert_tper, }
2406 };
2407
2408 int ret;
2409
2410 mutex_lock(&dev->dev_lock);
2411 setup_opal_dev(dev);
2412 if (psid)
2413 ret = execute_steps(dev, psid_revert_steps,
2414 ARRAY_SIZE(psid_revert_steps));
2415 else
2416 ret = execute_steps(dev, revert_steps,
2417 ARRAY_SIZE(revert_steps));
2418 mutex_unlock(&dev->dev_lock);
2419
2420 /*
2421 * If we successfully reverted lets clean
2422 * any saved locking ranges.
2423 */
2424 if (!ret)
2425 clean_opal_dev(dev);
2426
2427 return ret;
2428}
2429
2430static int __opal_lock_unlock(struct opal_dev *dev,
2431 struct opal_lock_unlock *lk_unlk)
2432{
2433 const struct opal_step unlock_steps[] = {
2434 { start_auth_opal_session, &lk_unlk->session },
2435 { lock_unlock_locking_range, lk_unlk },
2436 { end_opal_session, }
2437 };
2438 const struct opal_step unlock_sum_steps[] = {
2439 { start_auth_opal_session, &lk_unlk->session },
2440 { lock_unlock_locking_range_sum, lk_unlk },
2441 { end_opal_session, }
2442 };
2443
2444 if (lk_unlk->session.sum)
2445 return execute_steps(dev, unlock_sum_steps,
2446 ARRAY_SIZE(unlock_sum_steps));
2447 else
2448 return execute_steps(dev, unlock_steps,
2449 ARRAY_SIZE(unlock_steps));
2450}
2451
2452static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2453{
2454 u8 mbr_done_tf = OPAL_TRUE;
2455 const struct opal_step mbrdone_step[] = {
2456 { start_admin1LSP_opal_session, key },
2457 { set_mbr_done, &mbr_done_tf },
2458 { end_opal_session, }
2459 };
2460
2461 return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step));
2462}
2463
2464static void opal_lock_check_for_saved_key(struct opal_dev *dev,
2465 struct opal_lock_unlock *lk_unlk)
2466{
2467 struct opal_suspend_data *iter;
2468
2469 if (lk_unlk->l_state != OPAL_LK ||
2470 lk_unlk->session.opal_key.key_len > 0)
2471 return;
2472
2473 /*
2474 * Usually when closing a crypto device (eg: dm-crypt with LUKS) the
2475 * volume key is not required, as it requires root privileges anyway,
2476 * and root can deny access to a disk in many ways regardless.
2477 * Requiring the volume key to lock the device is a peculiarity of the
2478 * OPAL specification. Given we might already have saved the key if
2479 * the user requested it via the 'IOC_OPAL_SAVE' ioctl, we can use
2480 * that key to lock the device if no key was provided here, the
2481 * locking range matches and the appropriate flag was passed with
2482 * 'IOC_OPAL_SAVE'.
2483 * This allows integrating OPAL with tools and libraries that are used
2484 * to the common behaviour and do not ask for the volume key when
2485 * closing a device.
2486 */
2487 setup_opal_dev(dev);
2488 list_for_each_entry(iter, &dev->unlk_lst, node) {
2489 if ((iter->unlk.flags & OPAL_SAVE_FOR_LOCK) &&
2490 iter->lr == lk_unlk->session.opal_key.lr &&
2491 iter->unlk.session.opal_key.key_len > 0) {
2492 lk_unlk->session.opal_key.key_len =
2493 iter->unlk.session.opal_key.key_len;
2494 memcpy(lk_unlk->session.opal_key.key,
2495 iter->unlk.session.opal_key.key,
2496 iter->unlk.session.opal_key.key_len);
2497 break;
2498 }
2499 }
2500}
2501
2502static int opal_lock_unlock(struct opal_dev *dev,
2503 struct opal_lock_unlock *lk_unlk)
2504{
2505 int ret;
2506
2507 if (lk_unlk->session.who > OPAL_USER9)
2508 return -EINVAL;
2509
2510 mutex_lock(&dev->dev_lock);
2511 opal_lock_check_for_saved_key(dev, lk_unlk);
2512 ret = __opal_lock_unlock(dev, lk_unlk);
2513 mutex_unlock(&dev->dev_lock);
2514
2515 return ret;
2516}
2517
2518static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2519{
2520 const struct opal_step owner_steps[] = {
2521 { start_anybodyASP_opal_session, },
2522 { get_msid_cpin_pin, },
2523 { end_opal_session, },
2524 { start_SIDASP_opal_session, opal },
2525 { set_sid_cpin_pin, opal },
2526 { end_opal_session, }
2527 };
2528 int ret;
2529
2530 if (!dev)
2531 return -ENODEV;
2532
2533 mutex_lock(&dev->dev_lock);
2534 setup_opal_dev(dev);
2535 ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
2536 mutex_unlock(&dev->dev_lock);
2537
2538 return ret;
2539}
2540
2541static int opal_activate_lsp(struct opal_dev *dev,
2542 struct opal_lr_act *opal_lr_act)
2543{
2544 const struct opal_step active_steps[] = {
2545 { start_SIDASP_opal_session, &opal_lr_act->key },
2546 { get_lsp_lifecycle, },
2547 { activate_lsp, opal_lr_act },
2548 { end_opal_session, }
2549 };
2550 int ret;
2551
2552 if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2553 return -EINVAL;
2554
2555 mutex_lock(&dev->dev_lock);
2556 setup_opal_dev(dev);
2557 ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
2558 mutex_unlock(&dev->dev_lock);
2559
2560 return ret;
2561}
2562
2563static int opal_setup_locking_range(struct opal_dev *dev,
2564 struct opal_user_lr_setup *opal_lrs)
2565{
2566 const struct opal_step lr_steps[] = {
2567 { start_auth_opal_session, &opal_lrs->session },
2568 { setup_locking_range, opal_lrs },
2569 { end_opal_session, }
2570 };
2571 int ret;
2572
2573 mutex_lock(&dev->dev_lock);
2574 setup_opal_dev(dev);
2575 ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2576 mutex_unlock(&dev->dev_lock);
2577
2578 return ret;
2579}
2580
2581static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
2582{
2583 const struct opal_step pw_steps[] = {
2584 { start_auth_opal_session, &opal_pw->session },
2585 { set_new_pw, &opal_pw->new_user_pw },
2586 { end_opal_session, }
2587 };
2588 int ret;
2589
2590 if (opal_pw->session.who > OPAL_USER9 ||
2591 opal_pw->new_user_pw.who > OPAL_USER9)
2592 return -EINVAL;
2593
2594 mutex_lock(&dev->dev_lock);
2595 setup_opal_dev(dev);
2596 ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
2597 mutex_unlock(&dev->dev_lock);
2598
2599 return ret;
2600}
2601
2602static int opal_activate_user(struct opal_dev *dev,
2603 struct opal_session_info *opal_session)
2604{
2605 const struct opal_step act_steps[] = {
2606 { start_admin1LSP_opal_session, &opal_session->opal_key },
2607 { internal_activate_user, opal_session },
2608 { end_opal_session, }
2609 };
2610 int ret;
2611
2612 /* We can't activate Admin1 it's active as manufactured */
2613 if (opal_session->who < OPAL_USER1 ||
2614 opal_session->who > OPAL_USER9) {
2615 pr_debug("Who was not a valid user: %d\n", opal_session->who);
2616 return -EINVAL;
2617 }
2618
2619 mutex_lock(&dev->dev_lock);
2620 setup_opal_dev(dev);
2621 ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
2622 mutex_unlock(&dev->dev_lock);
2623
2624 return ret;
2625}
2626
2627bool opal_unlock_from_suspend(struct opal_dev *dev)
2628{
2629 struct opal_suspend_data *suspend;
2630 bool was_failure = false;
2631 int ret = 0;
2632
2633 if (!dev)
2634 return false;
2635
2636 if (!(dev->flags & OPAL_FL_SUPPORTED))
2637 return false;
2638
2639 mutex_lock(&dev->dev_lock);
2640 setup_opal_dev(dev);
2641
2642 list_for_each_entry(suspend, &dev->unlk_lst, node) {
2643 dev->tsn = 0;
2644 dev->hsn = 0;
2645
2646 ret = __opal_lock_unlock(dev, &suspend->unlk);
2647 if (ret) {
2648 pr_debug("Failed to unlock LR %hhu with sum %d\n",
2649 suspend->unlk.session.opal_key.lr,
2650 suspend->unlk.session.sum);
2651 was_failure = true;
2652 }
2653
2654 if (dev->flags & OPAL_FL_MBR_ENABLED) {
2655 ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
2656 if (ret)
2657 pr_debug("Failed to set MBR Done in S3 resume\n");
2658 }
2659 }
2660 mutex_unlock(&dev->dev_lock);
2661
2662 return was_failure;
2663}
2664EXPORT_SYMBOL(opal_unlock_from_suspend);
2665
2666static int opal_read_table(struct opal_dev *dev,
2667 struct opal_read_write_table *rw_tbl)
2668{
2669 const struct opal_step read_table_steps[] = {
2670 { start_admin1LSP_opal_session, &rw_tbl->key },
2671 { read_table_data, rw_tbl },
2672 { end_opal_session, }
2673 };
2674 int ret = 0;
2675
2676 if (!rw_tbl->size)
2677 return ret;
2678
2679 return execute_steps(dev, read_table_steps,
2680 ARRAY_SIZE(read_table_steps));
2681}
2682
2683static int opal_write_table(struct opal_dev *dev,
2684 struct opal_read_write_table *rw_tbl)
2685{
2686 const struct opal_step write_table_steps[] = {
2687 { start_admin1LSP_opal_session, &rw_tbl->key },
2688 { write_table_data, rw_tbl },
2689 { end_opal_session, }
2690 };
2691 int ret = 0;
2692
2693 if (!rw_tbl->size)
2694 return ret;
2695
2696 return execute_steps(dev, write_table_steps,
2697 ARRAY_SIZE(write_table_steps));
2698}
2699
2700static int opal_generic_read_write_table(struct opal_dev *dev,
2701 struct opal_read_write_table *rw_tbl)
2702{
2703 int ret, bit_set;
2704
2705 mutex_lock(&dev->dev_lock);
2706 setup_opal_dev(dev);
2707
2708 bit_set = fls64(rw_tbl->flags) - 1;
2709 switch (bit_set) {
2710 case OPAL_READ_TABLE:
2711 ret = opal_read_table(dev, rw_tbl);
2712 break;
2713 case OPAL_WRITE_TABLE:
2714 ret = opal_write_table(dev, rw_tbl);
2715 break;
2716 default:
2717 pr_debug("Invalid bit set in the flag (%016llx).\n",
2718 rw_tbl->flags);
2719 ret = -EINVAL;
2720 break;
2721 }
2722
2723 mutex_unlock(&dev->dev_lock);
2724
2725 return ret;
2726}
2727
2728static int opal_get_status(struct opal_dev *dev, void __user *data)
2729{
2730 struct opal_status sts = {0};
2731
2732 /*
2733 * check_opal_support() error is not fatal,
2734 * !dev->supported is a valid condition
2735 */
2736 if (!check_opal_support(dev))
2737 sts.flags = dev->flags;
2738 if (copy_to_user(data, &sts, sizeof(sts))) {
2739 pr_debug("Error copying status to userspace\n");
2740 return -EFAULT;
2741 }
2742 return 0;
2743}
2744
2745int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
2746{
2747 void *p;
2748 int ret = -ENOTTY;
2749
2750 if (!capable(CAP_SYS_ADMIN))
2751 return -EACCES;
2752 if (!dev)
2753 return -ENOTSUPP;
2754 if (!(dev->flags & OPAL_FL_SUPPORTED))
2755 return -ENOTSUPP;
2756
2757 if (cmd & IOC_IN) {
2758 p = memdup_user(arg, _IOC_SIZE(cmd));
2759 if (IS_ERR(p))
2760 return PTR_ERR(p);
2761 }
2762
2763 switch (cmd) {
2764 case IOC_OPAL_SAVE:
2765 ret = opal_save(dev, p);
2766 break;
2767 case IOC_OPAL_LOCK_UNLOCK:
2768 ret = opal_lock_unlock(dev, p);
2769 break;
2770 case IOC_OPAL_TAKE_OWNERSHIP:
2771 ret = opal_take_ownership(dev, p);
2772 break;
2773 case IOC_OPAL_ACTIVATE_LSP:
2774 ret = opal_activate_lsp(dev, p);
2775 break;
2776 case IOC_OPAL_SET_PW:
2777 ret = opal_set_new_pw(dev, p);
2778 break;
2779 case IOC_OPAL_ACTIVATE_USR:
2780 ret = opal_activate_user(dev, p);
2781 break;
2782 case IOC_OPAL_REVERT_TPR:
2783 ret = opal_reverttper(dev, p, false);
2784 break;
2785 case IOC_OPAL_LR_SETUP:
2786 ret = opal_setup_locking_range(dev, p);
2787 break;
2788 case IOC_OPAL_ADD_USR_TO_LR:
2789 ret = opal_add_user_to_lr(dev, p);
2790 break;
2791 case IOC_OPAL_ENABLE_DISABLE_MBR:
2792 ret = opal_enable_disable_shadow_mbr(dev, p);
2793 break;
2794 case IOC_OPAL_MBR_DONE:
2795 ret = opal_set_mbr_done(dev, p);
2796 break;
2797 case IOC_OPAL_WRITE_SHADOW_MBR:
2798 ret = opal_write_shadow_mbr(dev, p);
2799 break;
2800 case IOC_OPAL_ERASE_LR:
2801 ret = opal_erase_locking_range(dev, p);
2802 break;
2803 case IOC_OPAL_SECURE_ERASE_LR:
2804 ret = opal_secure_erase_locking_range(dev, p);
2805 break;
2806 case IOC_OPAL_PSID_REVERT_TPR:
2807 ret = opal_reverttper(dev, p, true);
2808 break;
2809 case IOC_OPAL_GENERIC_TABLE_RW:
2810 ret = opal_generic_read_write_table(dev, p);
2811 break;
2812 case IOC_OPAL_GET_STATUS:
2813 ret = opal_get_status(dev, arg);
2814 break;
2815 default:
2816 break;
2817 }
2818
2819 if (cmd & IOC_IN)
2820 kfree(p);
2821 return ret;
2822}
2823EXPORT_SYMBOL_GPL(sed_ioctl);
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright © 2016 Intel Corporation
4 *
5 * Authors:
6 * Scott Bauer <scott.bauer@intel.com>
7 * Rafael Antognolli <rafael.antognolli@intel.com>
8 */
9
10#define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
11
12#include <linux/delay.h>
13#include <linux/device.h>
14#include <linux/kernel.h>
15#include <linux/list.h>
16#include <linux/blkdev.h>
17#include <linux/slab.h>
18#include <linux/uaccess.h>
19#include <uapi/linux/sed-opal.h>
20#include <linux/sed-opal.h>
21#include <linux/sed-opal-key.h>
22#include <linux/string.h>
23#include <linux/kdev_t.h>
24#include <linux/key.h>
25#include <linux/key-type.h>
26#include <keys/user-type.h>
27
28#include "opal_proto.h"
29
30#define IO_BUFFER_LENGTH 2048
31#define MAX_TOKS 64
32
33/* Number of bytes needed by cmd_finalize. */
34#define CMD_FINALIZE_BYTES_NEEDED 7
35
36static struct key *sed_opal_keyring;
37
38struct opal_step {
39 int (*fn)(struct opal_dev *dev, void *data);
40 void *data;
41};
42typedef int (cont_fn)(struct opal_dev *dev);
43
44enum opal_atom_width {
45 OPAL_WIDTH_TINY,
46 OPAL_WIDTH_SHORT,
47 OPAL_WIDTH_MEDIUM,
48 OPAL_WIDTH_LONG,
49 OPAL_WIDTH_TOKEN
50};
51
52/*
53 * On the parsed response, we don't store again the toks that are already
54 * stored in the response buffer. Instead, for each token, we just store a
55 * pointer to the position in the buffer where the token starts, and the size
56 * of the token in bytes.
57 */
58struct opal_resp_tok {
59 const u8 *pos;
60 size_t len;
61 enum opal_response_token type;
62 enum opal_atom_width width;
63 union {
64 u64 u;
65 s64 s;
66 } stored;
67};
68
69/*
70 * From the response header it's not possible to know how many tokens there are
71 * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
72 * if we start dealing with messages that have more than that, we can increase
73 * this number. This is done to avoid having to make two passes through the
74 * response, the first one counting how many tokens we have and the second one
75 * actually storing the positions.
76 */
77struct parsed_resp {
78 int num;
79 struct opal_resp_tok toks[MAX_TOKS];
80};
81
82struct opal_dev {
83 u32 flags;
84
85 void *data;
86 sec_send_recv *send_recv;
87
88 struct mutex dev_lock;
89 u16 comid;
90 u32 hsn;
91 u32 tsn;
92 u64 align; /* alignment granularity */
93 u64 lowest_lba;
94 u32 logical_block_size;
95 u8 align_required; /* ALIGN: 0 or 1 */
96
97 size_t pos;
98 u8 *cmd;
99 u8 *resp;
100
101 struct parsed_resp parsed;
102 size_t prev_d_len;
103 void *prev_data;
104
105 struct list_head unlk_lst;
106};
107
108
109static const u8 opaluid[][OPAL_UID_LENGTH] = {
110 /* users */
111 [OPAL_SMUID_UID] =
112 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
113 [OPAL_THISSP_UID] =
114 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
115 [OPAL_ADMINSP_UID] =
116 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
117 [OPAL_LOCKINGSP_UID] =
118 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
119 [OPAL_ENTERPRISE_LOCKINGSP_UID] =
120 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
121 [OPAL_ANYBODY_UID] =
122 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
123 [OPAL_SID_UID] =
124 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
125 [OPAL_ADMIN1_UID] =
126 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
127 [OPAL_USER1_UID] =
128 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
129 [OPAL_USER2_UID] =
130 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
131 [OPAL_PSID_UID] =
132 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
133 [OPAL_ENTERPRISE_BANDMASTER0_UID] =
134 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
135 [OPAL_ENTERPRISE_ERASEMASTER_UID] =
136 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
137
138 /* tables */
139 [OPAL_TABLE_TABLE] =
140 { 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01 },
141 [OPAL_LOCKINGRANGE_GLOBAL] =
142 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
143 [OPAL_LOCKINGRANGE_ACE_START_TO_KEY] =
144 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xD0, 0x01 },
145 [OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
146 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
147 [OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
148 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
149 [OPAL_MBRCONTROL] =
150 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
151 [OPAL_MBR] =
152 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
153 [OPAL_AUTHORITY_TABLE] =
154 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
155 [OPAL_C_PIN_TABLE] =
156 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
157 [OPAL_LOCKING_INFO_TABLE] =
158 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
159 [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
160 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
161 [OPAL_DATASTORE] =
162 { 0x00, 0x00, 0x10, 0x01, 0x00, 0x00, 0x00, 0x00 },
163
164 /* C_PIN_TABLE object ID's */
165 [OPAL_C_PIN_MSID] =
166 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
167 [OPAL_C_PIN_SID] =
168 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
169 [OPAL_C_PIN_ADMIN1] =
170 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
171
172 /* half UID's (only first 4 bytes used) */
173 [OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
174 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
175 [OPAL_HALF_UID_BOOLEAN_ACE] =
176 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
177
178 /* special value for omitted optional parameter */
179 [OPAL_UID_HEXFF] =
180 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
181};
182
183/*
184 * TCG Storage SSC Methods.
185 * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
186 * Section: 6.3 Assigned UIDs
187 */
188static const u8 opalmethod[][OPAL_METHOD_LENGTH] = {
189 [OPAL_PROPERTIES] =
190 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
191 [OPAL_STARTSESSION] =
192 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
193 [OPAL_REVERT] =
194 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
195 [OPAL_ACTIVATE] =
196 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
197 [OPAL_EGET] =
198 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
199 [OPAL_ESET] =
200 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
201 [OPAL_NEXT] =
202 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
203 [OPAL_EAUTHENTICATE] =
204 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
205 [OPAL_GETACL] =
206 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
207 [OPAL_GENKEY] =
208 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
209 [OPAL_REVERTSP] =
210 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
211 [OPAL_GET] =
212 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
213 [OPAL_SET] =
214 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
215 [OPAL_AUTHENTICATE] =
216 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
217 [OPAL_RANDOM] =
218 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
219 [OPAL_ERASE] =
220 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
221};
222
223static int end_opal_session_error(struct opal_dev *dev);
224static int opal_discovery0_step(struct opal_dev *dev);
225
226struct opal_suspend_data {
227 struct opal_lock_unlock unlk;
228 u8 lr;
229 struct list_head node;
230};
231
232/*
233 * Derived from:
234 * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
235 * Section: 5.1.5 Method Status Codes
236 */
237static const char * const opal_errors[] = {
238 "Success",
239 "Not Authorized",
240 "Unknown Error",
241 "SP Busy",
242 "SP Failed",
243 "SP Disabled",
244 "SP Frozen",
245 "No Sessions Available",
246 "Uniqueness Conflict",
247 "Insufficient Space",
248 "Insufficient Rows",
249 "Invalid Function",
250 "Invalid Parameter",
251 "Invalid Reference",
252 "Unknown Error",
253 "TPER Malfunction",
254 "Transaction Failure",
255 "Response Overflow",
256 "Authority Locked Out",
257};
258
259static const char *opal_error_to_human(int error)
260{
261 if (error == 0x3f)
262 return "Failed";
263
264 if (error >= ARRAY_SIZE(opal_errors) || error < 0)
265 return "Unknown Error";
266
267 return opal_errors[error];
268}
269
270static void print_buffer(const u8 *ptr, u32 length)
271{
272#ifdef DEBUG
273 print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
274 pr_debug("\n");
275#endif
276}
277
278/*
279 * Allocate/update a SED Opal key and add it to the SED Opal keyring.
280 */
281static int update_sed_opal_key(const char *desc, u_char *key_data, int keylen)
282{
283 key_ref_t kr;
284
285 if (!sed_opal_keyring)
286 return -ENOKEY;
287
288 kr = key_create_or_update(make_key_ref(sed_opal_keyring, true), "user",
289 desc, (const void *)key_data, keylen,
290 KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_WRITE,
291 KEY_ALLOC_NOT_IN_QUOTA | KEY_ALLOC_BUILT_IN |
292 KEY_ALLOC_BYPASS_RESTRICTION);
293 if (IS_ERR(kr)) {
294 pr_err("Error adding SED key (%ld)\n", PTR_ERR(kr));
295 return PTR_ERR(kr);
296 }
297
298 return 0;
299}
300
301/*
302 * Read a SED Opal key from the SED Opal keyring.
303 */
304static int read_sed_opal_key(const char *key_name, u_char *buffer, int buflen)
305{
306 int ret;
307 key_ref_t kref;
308 struct key *key;
309
310 if (!sed_opal_keyring)
311 return -ENOKEY;
312
313 kref = keyring_search(make_key_ref(sed_opal_keyring, true),
314 &key_type_user, key_name, true);
315
316 if (IS_ERR(kref))
317 ret = PTR_ERR(kref);
318
319 key = key_ref_to_ptr(kref);
320 down_read(&key->sem);
321 ret = key_validate(key);
322 if (ret == 0) {
323 if (buflen > key->datalen)
324 buflen = key->datalen;
325
326 ret = key->type->read(key, (char *)buffer, buflen);
327 }
328 up_read(&key->sem);
329
330 key_ref_put(kref);
331
332 return ret;
333}
334
335static int opal_get_key(struct opal_dev *dev, struct opal_key *key)
336{
337 int ret = 0;
338
339 switch (key->key_type) {
340 case OPAL_INCLUDED:
341 /* the key is ready to use */
342 break;
343 case OPAL_KEYRING:
344 /* the key is in the keyring */
345 ret = read_sed_opal_key(OPAL_AUTH_KEY, key->key, OPAL_KEY_MAX);
346 if (ret > 0) {
347 if (ret > U8_MAX) {
348 ret = -ENOSPC;
349 goto error;
350 }
351 key->key_len = ret;
352 key->key_type = OPAL_INCLUDED;
353 }
354 break;
355 default:
356 ret = -EINVAL;
357 break;
358 }
359 if (ret < 0)
360 goto error;
361
362 /* must have a PEK by now or it's an error */
363 if (key->key_type != OPAL_INCLUDED || key->key_len == 0) {
364 ret = -EINVAL;
365 goto error;
366 }
367 return 0;
368error:
369 pr_debug("Error getting password: %d\n", ret);
370 return ret;
371}
372
373static bool check_tper(const void *data)
374{
375 const struct d0_tper_features *tper = data;
376 u8 flags = tper->supported_features;
377
378 if (!(flags & TPER_SYNC_SUPPORTED)) {
379 pr_debug("TPer sync not supported. flags = %d\n",
380 tper->supported_features);
381 return false;
382 }
383
384 return true;
385}
386
387static bool check_lcksuppt(const void *data)
388{
389 const struct d0_locking_features *lfeat = data;
390 u8 sup_feat = lfeat->supported_features;
391
392 return !!(sup_feat & LOCKING_SUPPORTED_MASK);
393}
394
395static bool check_lckenabled(const void *data)
396{
397 const struct d0_locking_features *lfeat = data;
398 u8 sup_feat = lfeat->supported_features;
399
400 return !!(sup_feat & LOCKING_ENABLED_MASK);
401}
402
403static bool check_locked(const void *data)
404{
405 const struct d0_locking_features *lfeat = data;
406 u8 sup_feat = lfeat->supported_features;
407
408 return !!(sup_feat & LOCKED_MASK);
409}
410
411static bool check_mbrenabled(const void *data)
412{
413 const struct d0_locking_features *lfeat = data;
414 u8 sup_feat = lfeat->supported_features;
415
416 return !!(sup_feat & MBR_ENABLED_MASK);
417}
418
419static bool check_mbrdone(const void *data)
420{
421 const struct d0_locking_features *lfeat = data;
422 u8 sup_feat = lfeat->supported_features;
423
424 return !!(sup_feat & MBR_DONE_MASK);
425}
426
427static bool check_sum(const void *data)
428{
429 const struct d0_single_user_mode *sum = data;
430 u32 nlo = be32_to_cpu(sum->num_locking_objects);
431
432 if (nlo == 0) {
433 pr_debug("Need at least one locking object.\n");
434 return false;
435 }
436
437 pr_debug("Number of locking objects: %d\n", nlo);
438
439 return true;
440}
441
442static u16 get_comid_v100(const void *data)
443{
444 const struct d0_opal_v100 *v100 = data;
445
446 return be16_to_cpu(v100->baseComID);
447}
448
449static u16 get_comid_v200(const void *data)
450{
451 const struct d0_opal_v200 *v200 = data;
452
453 return be16_to_cpu(v200->baseComID);
454}
455
456static int opal_send_cmd(struct opal_dev *dev)
457{
458 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
459 dev->cmd, IO_BUFFER_LENGTH,
460 true);
461}
462
463static int opal_recv_cmd(struct opal_dev *dev)
464{
465 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
466 dev->resp, IO_BUFFER_LENGTH,
467 false);
468}
469
470static int opal_recv_check(struct opal_dev *dev)
471{
472 size_t buflen = IO_BUFFER_LENGTH;
473 void *buffer = dev->resp;
474 struct opal_header *hdr = buffer;
475 int ret;
476
477 do {
478 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
479 hdr->cp.outstandingData,
480 hdr->cp.minTransfer);
481
482 if (hdr->cp.outstandingData == 0 ||
483 hdr->cp.minTransfer != 0)
484 return 0;
485
486 memset(buffer, 0, buflen);
487 ret = opal_recv_cmd(dev);
488 } while (!ret);
489
490 return ret;
491}
492
493static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
494{
495 int ret;
496
497 ret = opal_send_cmd(dev);
498 if (ret)
499 return ret;
500 ret = opal_recv_cmd(dev);
501 if (ret)
502 return ret;
503 ret = opal_recv_check(dev);
504 if (ret)
505 return ret;
506 return cont(dev);
507}
508
509static void check_geometry(struct opal_dev *dev, const void *data)
510{
511 const struct d0_geometry_features *geo = data;
512
513 dev->align = be64_to_cpu(geo->alignment_granularity);
514 dev->lowest_lba = be64_to_cpu(geo->lowest_aligned_lba);
515 dev->logical_block_size = be32_to_cpu(geo->logical_block_size);
516 dev->align_required = geo->reserved01 & 1;
517}
518
519static int execute_step(struct opal_dev *dev,
520 const struct opal_step *step, size_t stepIndex)
521{
522 int error = step->fn(dev, step->data);
523
524 if (error) {
525 pr_debug("Step %zu (%pS) failed with error %d: %s\n",
526 stepIndex, step->fn, error,
527 opal_error_to_human(error));
528 }
529
530 return error;
531}
532
533static int execute_steps(struct opal_dev *dev,
534 const struct opal_step *steps, size_t n_steps)
535{
536 size_t state = 0;
537 int error;
538
539 /* first do a discovery0 */
540 error = opal_discovery0_step(dev);
541 if (error)
542 return error;
543
544 for (state = 0; state < n_steps; state++) {
545 error = execute_step(dev, &steps[state], state);
546 if (error)
547 goto out_error;
548 }
549
550 return 0;
551
552out_error:
553 /*
554 * For each OPAL command the first step in steps starts some sort of
555 * session. If an error occurred in the initial discovery0 or if an
556 * error occurred in the first step (and thus stopping the loop with
557 * state == 0) then there was an error before or during the attempt to
558 * start a session. Therefore we shouldn't attempt to terminate a
559 * session, as one has not yet been created.
560 */
561 if (state > 0)
562 end_opal_session_error(dev);
563
564 return error;
565}
566
567static int opal_discovery0_end(struct opal_dev *dev, void *data)
568{
569 struct opal_discovery *discv_out = data; /* may be NULL */
570 u8 __user *buf_out;
571 u64 len_out;
572 bool found_com_id = false, supported = true, single_user = false;
573 const struct d0_header *hdr = (struct d0_header *)dev->resp;
574 const u8 *epos = dev->resp, *cpos = dev->resp;
575 u16 comid = 0;
576 u32 hlen = be32_to_cpu(hdr->length);
577
578 print_buffer(dev->resp, hlen);
579 dev->flags &= OPAL_FL_SUPPORTED;
580
581 if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
582 pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
583 sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
584 return -EFAULT;
585 }
586
587 if (discv_out) {
588 buf_out = (u8 __user *)(uintptr_t)discv_out->data;
589 len_out = min_t(u64, discv_out->size, hlen);
590 if (buf_out && copy_to_user(buf_out, dev->resp, len_out))
591 return -EFAULT;
592
593 discv_out->size = hlen; /* actual size of data */
594 }
595
596 epos += hlen; /* end of buffer */
597 cpos += sizeof(*hdr); /* current position on buffer */
598
599 while (cpos < epos && supported) {
600 const struct d0_features *body =
601 (const struct d0_features *)cpos;
602
603 switch (be16_to_cpu(body->code)) {
604 case FC_TPER:
605 supported = check_tper(body->features);
606 break;
607 case FC_SINGLEUSER:
608 single_user = check_sum(body->features);
609 if (single_user)
610 dev->flags |= OPAL_FL_SUM_SUPPORTED;
611 break;
612 case FC_GEOMETRY:
613 check_geometry(dev, body);
614 break;
615 case FC_LOCKING:
616 if (check_lcksuppt(body->features))
617 dev->flags |= OPAL_FL_LOCKING_SUPPORTED;
618 if (check_lckenabled(body->features))
619 dev->flags |= OPAL_FL_LOCKING_ENABLED;
620 if (check_locked(body->features))
621 dev->flags |= OPAL_FL_LOCKED;
622 if (check_mbrenabled(body->features))
623 dev->flags |= OPAL_FL_MBR_ENABLED;
624 if (check_mbrdone(body->features))
625 dev->flags |= OPAL_FL_MBR_DONE;
626 break;
627 case FC_ENTERPRISE:
628 case FC_DATASTORE:
629 /* some ignored properties */
630 pr_debug("Found OPAL feature description: %d\n",
631 be16_to_cpu(body->code));
632 break;
633 case FC_OPALV100:
634 comid = get_comid_v100(body->features);
635 found_com_id = true;
636 break;
637 case FC_OPALV200:
638 comid = get_comid_v200(body->features);
639 found_com_id = true;
640 break;
641 case 0xbfff ... 0xffff:
642 /* vendor specific, just ignore */
643 break;
644 default:
645 pr_debug("OPAL Unknown feature: %d\n",
646 be16_to_cpu(body->code));
647
648 }
649 cpos += body->length + 4;
650 }
651
652 if (!supported) {
653 pr_debug("This device is not Opal enabled. Not Supported!\n");
654 return -EOPNOTSUPP;
655 }
656
657 if (!single_user)
658 pr_debug("Device doesn't support single user mode\n");
659
660
661 if (!found_com_id) {
662 pr_debug("Could not find OPAL comid for device. Returning early\n");
663 return -EOPNOTSUPP;
664 }
665
666 dev->comid = comid;
667
668 return 0;
669}
670
671static int opal_discovery0(struct opal_dev *dev, void *data)
672{
673 int ret;
674
675 memset(dev->resp, 0, IO_BUFFER_LENGTH);
676 dev->comid = OPAL_DISCOVERY_COMID;
677 ret = opal_recv_cmd(dev);
678 if (ret)
679 return ret;
680
681 return opal_discovery0_end(dev, data);
682}
683
684static int opal_discovery0_step(struct opal_dev *dev)
685{
686 const struct opal_step discovery0_step = {
687 opal_discovery0, NULL
688 };
689
690 return execute_step(dev, &discovery0_step, 0);
691}
692
693static size_t remaining_size(struct opal_dev *cmd)
694{
695 return IO_BUFFER_LENGTH - cmd->pos;
696}
697
698static bool can_add(int *err, struct opal_dev *cmd, size_t len)
699{
700 if (*err)
701 return false;
702
703 if (remaining_size(cmd) < len) {
704 pr_debug("Error adding %zu bytes: end of buffer.\n", len);
705 *err = -ERANGE;
706 return false;
707 }
708
709 return true;
710}
711
712static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
713{
714 if (!can_add(err, cmd, 1))
715 return;
716
717 cmd->cmd[cmd->pos++] = tok;
718}
719
720static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
721 bool has_sign, int len)
722{
723 u8 atom;
724 int err = 0;
725
726 atom = SHORT_ATOM_ID;
727 atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
728 atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
729 atom |= len & SHORT_ATOM_LEN_MASK;
730
731 add_token_u8(&err, cmd, atom);
732}
733
734static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
735 bool has_sign, int len)
736{
737 u8 header0;
738
739 header0 = MEDIUM_ATOM_ID;
740 header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
741 header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
742 header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
743
744 cmd->cmd[cmd->pos++] = header0;
745 cmd->cmd[cmd->pos++] = len;
746}
747
748static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
749{
750 size_t len;
751 int msb;
752
753 if (!(number & ~TINY_ATOM_DATA_MASK)) {
754 add_token_u8(err, cmd, number);
755 return;
756 }
757
758 msb = fls64(number);
759 len = DIV_ROUND_UP(msb, 8);
760
761 if (!can_add(err, cmd, len + 1)) {
762 pr_debug("Error adding u64: end of buffer.\n");
763 return;
764 }
765 add_short_atom_header(cmd, false, false, len);
766 while (len--)
767 add_token_u8(err, cmd, number >> (len * 8));
768}
769
770static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len)
771{
772 size_t header_len = 1;
773 bool is_short_atom = true;
774
775 if (len & ~SHORT_ATOM_LEN_MASK) {
776 header_len = 2;
777 is_short_atom = false;
778 }
779
780 if (!can_add(err, cmd, header_len + len)) {
781 pr_debug("Error adding bytestring: end of buffer.\n");
782 return NULL;
783 }
784
785 if (is_short_atom)
786 add_short_atom_header(cmd, true, false, len);
787 else
788 add_medium_atom_header(cmd, true, false, len);
789
790 return &cmd->cmd[cmd->pos];
791}
792
793static void add_token_bytestring(int *err, struct opal_dev *cmd,
794 const u8 *bytestring, size_t len)
795{
796 u8 *start;
797
798 start = add_bytestring_header(err, cmd, len);
799 if (!start)
800 return;
801 memcpy(start, bytestring, len);
802 cmd->pos += len;
803}
804
805static int build_locking_range(u8 *buffer, size_t length, u8 lr)
806{
807 if (length > OPAL_UID_LENGTH) {
808 pr_debug("Can't build locking range. Length OOB\n");
809 return -ERANGE;
810 }
811
812 memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
813
814 if (lr == 0)
815 return 0;
816
817 buffer[5] = LOCKING_RANGE_NON_GLOBAL;
818 buffer[7] = lr;
819
820 return 0;
821}
822
823static int build_locking_user(u8 *buffer, size_t length, u8 lr)
824{
825 if (length > OPAL_UID_LENGTH) {
826 pr_debug("Can't build locking range user. Length OOB\n");
827 return -ERANGE;
828 }
829
830 memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
831
832 buffer[7] = lr + 1;
833
834 return 0;
835}
836
837static void set_comid(struct opal_dev *cmd, u16 comid)
838{
839 struct opal_header *hdr = (struct opal_header *)cmd->cmd;
840
841 hdr->cp.extendedComID[0] = comid >> 8;
842 hdr->cp.extendedComID[1] = comid;
843 hdr->cp.extendedComID[2] = 0;
844 hdr->cp.extendedComID[3] = 0;
845}
846
847static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
848{
849 struct opal_header *hdr;
850 int err = 0;
851
852 /*
853 * Close the parameter list opened from cmd_start.
854 * The number of bytes added must be equal to
855 * CMD_FINALIZE_BYTES_NEEDED.
856 */
857 add_token_u8(&err, cmd, OPAL_ENDLIST);
858
859 add_token_u8(&err, cmd, OPAL_ENDOFDATA);
860 add_token_u8(&err, cmd, OPAL_STARTLIST);
861 add_token_u8(&err, cmd, 0);
862 add_token_u8(&err, cmd, 0);
863 add_token_u8(&err, cmd, 0);
864 add_token_u8(&err, cmd, OPAL_ENDLIST);
865
866 if (err) {
867 pr_debug("Error finalizing command.\n");
868 return -EFAULT;
869 }
870
871 hdr = (struct opal_header *) cmd->cmd;
872
873 hdr->pkt.tsn = cpu_to_be32(tsn);
874 hdr->pkt.hsn = cpu_to_be32(hsn);
875
876 hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
877 while (cmd->pos % 4) {
878 if (cmd->pos >= IO_BUFFER_LENGTH) {
879 pr_debug("Error: Buffer overrun\n");
880 return -ERANGE;
881 }
882 cmd->cmd[cmd->pos++] = 0;
883 }
884 hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
885 sizeof(hdr->pkt));
886 hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
887
888 return 0;
889}
890
891static const struct opal_resp_tok *response_get_token(
892 const struct parsed_resp *resp,
893 int n)
894{
895 const struct opal_resp_tok *tok;
896
897 if (!resp) {
898 pr_debug("Response is NULL\n");
899 return ERR_PTR(-EINVAL);
900 }
901
902 if (n >= resp->num) {
903 pr_debug("Token number doesn't exist: %d, resp: %d\n",
904 n, resp->num);
905 return ERR_PTR(-EINVAL);
906 }
907
908 tok = &resp->toks[n];
909 if (tok->len == 0) {
910 pr_debug("Token length must be non-zero\n");
911 return ERR_PTR(-EINVAL);
912 }
913
914 return tok;
915}
916
917static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
918 const u8 *pos)
919{
920 tok->pos = pos;
921 tok->len = 1;
922 tok->width = OPAL_WIDTH_TINY;
923
924 if (pos[0] & TINY_ATOM_SIGNED) {
925 tok->type = OPAL_DTA_TOKENID_SINT;
926 } else {
927 tok->type = OPAL_DTA_TOKENID_UINT;
928 tok->stored.u = pos[0] & 0x3f;
929 }
930
931 return tok->len;
932}
933
934static ssize_t response_parse_short(struct opal_resp_tok *tok,
935 const u8 *pos)
936{
937 tok->pos = pos;
938 tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
939 tok->width = OPAL_WIDTH_SHORT;
940
941 if (pos[0] & SHORT_ATOM_BYTESTRING) {
942 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
943 } else if (pos[0] & SHORT_ATOM_SIGNED) {
944 tok->type = OPAL_DTA_TOKENID_SINT;
945 } else {
946 u64 u_integer = 0;
947 ssize_t i, b = 0;
948
949 tok->type = OPAL_DTA_TOKENID_UINT;
950 if (tok->len > 9) {
951 pr_debug("uint64 with more than 8 bytes\n");
952 return -EINVAL;
953 }
954 for (i = tok->len - 1; i > 0; i--) {
955 u_integer |= ((u64)pos[i] << (8 * b));
956 b++;
957 }
958 tok->stored.u = u_integer;
959 }
960
961 return tok->len;
962}
963
964static ssize_t response_parse_medium(struct opal_resp_tok *tok,
965 const u8 *pos)
966{
967 tok->pos = pos;
968 tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
969 tok->width = OPAL_WIDTH_MEDIUM;
970
971 if (pos[0] & MEDIUM_ATOM_BYTESTRING)
972 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
973 else if (pos[0] & MEDIUM_ATOM_SIGNED)
974 tok->type = OPAL_DTA_TOKENID_SINT;
975 else
976 tok->type = OPAL_DTA_TOKENID_UINT;
977
978 return tok->len;
979}
980
981static ssize_t response_parse_long(struct opal_resp_tok *tok,
982 const u8 *pos)
983{
984 tok->pos = pos;
985 tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
986 tok->width = OPAL_WIDTH_LONG;
987
988 if (pos[0] & LONG_ATOM_BYTESTRING)
989 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
990 else if (pos[0] & LONG_ATOM_SIGNED)
991 tok->type = OPAL_DTA_TOKENID_SINT;
992 else
993 tok->type = OPAL_DTA_TOKENID_UINT;
994
995 return tok->len;
996}
997
998static ssize_t response_parse_token(struct opal_resp_tok *tok,
999 const u8 *pos)
1000{
1001 tok->pos = pos;
1002 tok->len = 1;
1003 tok->type = OPAL_DTA_TOKENID_TOKEN;
1004 tok->width = OPAL_WIDTH_TOKEN;
1005
1006 return tok->len;
1007}
1008
1009static int response_parse(const u8 *buf, size_t length,
1010 struct parsed_resp *resp)
1011{
1012 const struct opal_header *hdr;
1013 struct opal_resp_tok *iter;
1014 int num_entries = 0;
1015 int total;
1016 ssize_t token_length;
1017 const u8 *pos;
1018 u32 clen, plen, slen;
1019
1020 if (!buf)
1021 return -EFAULT;
1022
1023 if (!resp)
1024 return -EFAULT;
1025
1026 hdr = (struct opal_header *)buf;
1027 pos = buf;
1028 pos += sizeof(*hdr);
1029
1030 clen = be32_to_cpu(hdr->cp.length);
1031 plen = be32_to_cpu(hdr->pkt.length);
1032 slen = be32_to_cpu(hdr->subpkt.length);
1033 pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
1034 clen, plen, slen);
1035
1036 if (clen == 0 || plen == 0 || slen == 0 ||
1037 slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
1038 pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
1039 clen, plen, slen);
1040 print_buffer(pos, sizeof(*hdr));
1041 return -EINVAL;
1042 }
1043
1044 if (pos > buf + length)
1045 return -EFAULT;
1046
1047 iter = resp->toks;
1048 total = slen;
1049 print_buffer(pos, total);
1050 while (total > 0) {
1051 if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
1052 token_length = response_parse_tiny(iter, pos);
1053 else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
1054 token_length = response_parse_short(iter, pos);
1055 else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
1056 token_length = response_parse_medium(iter, pos);
1057 else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
1058 token_length = response_parse_long(iter, pos);
1059 else if (pos[0] == EMPTY_ATOM_BYTE) /* empty atom */
1060 token_length = 1;
1061 else /* TOKEN */
1062 token_length = response_parse_token(iter, pos);
1063
1064 if (token_length < 0)
1065 return token_length;
1066
1067 if (pos[0] != EMPTY_ATOM_BYTE)
1068 num_entries++;
1069
1070 pos += token_length;
1071 total -= token_length;
1072 iter++;
1073 }
1074
1075 resp->num = num_entries;
1076
1077 return 0;
1078}
1079
1080static size_t response_get_string(const struct parsed_resp *resp, int n,
1081 const char **store)
1082{
1083 u8 skip;
1084 const struct opal_resp_tok *tok;
1085
1086 *store = NULL;
1087 tok = response_get_token(resp, n);
1088 if (IS_ERR(tok))
1089 return 0;
1090
1091 if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) {
1092 pr_debug("Token is not a byte string!\n");
1093 return 0;
1094 }
1095
1096 switch (tok->width) {
1097 case OPAL_WIDTH_TINY:
1098 case OPAL_WIDTH_SHORT:
1099 skip = 1;
1100 break;
1101 case OPAL_WIDTH_MEDIUM:
1102 skip = 2;
1103 break;
1104 case OPAL_WIDTH_LONG:
1105 skip = 4;
1106 break;
1107 default:
1108 pr_debug("Token has invalid width!\n");
1109 return 0;
1110 }
1111
1112 *store = tok->pos + skip;
1113
1114 return tok->len - skip;
1115}
1116
1117static u64 response_get_u64(const struct parsed_resp *resp, int n)
1118{
1119 const struct opal_resp_tok *tok;
1120
1121 tok = response_get_token(resp, n);
1122 if (IS_ERR(tok))
1123 return 0;
1124
1125 if (tok->type != OPAL_DTA_TOKENID_UINT) {
1126 pr_debug("Token is not unsigned int: %d\n", tok->type);
1127 return 0;
1128 }
1129
1130 if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) {
1131 pr_debug("Atom is not short or tiny: %d\n", tok->width);
1132 return 0;
1133 }
1134
1135 return tok->stored.u;
1136}
1137
1138static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
1139{
1140 if (IS_ERR(token) ||
1141 token->type != OPAL_DTA_TOKENID_TOKEN ||
1142 token->pos[0] != match)
1143 return false;
1144 return true;
1145}
1146
1147static u8 response_status(const struct parsed_resp *resp)
1148{
1149 const struct opal_resp_tok *tok;
1150
1151 tok = response_get_token(resp, 0);
1152 if (response_token_matches(tok, OPAL_ENDOFSESSION))
1153 return 0;
1154
1155 if (resp->num < 5)
1156 return DTAERROR_NO_METHOD_STATUS;
1157
1158 tok = response_get_token(resp, resp->num - 5);
1159 if (!response_token_matches(tok, OPAL_STARTLIST))
1160 return DTAERROR_NO_METHOD_STATUS;
1161
1162 tok = response_get_token(resp, resp->num - 1);
1163 if (!response_token_matches(tok, OPAL_ENDLIST))
1164 return DTAERROR_NO_METHOD_STATUS;
1165
1166 return response_get_u64(resp, resp->num - 4);
1167}
1168
1169/* Parses and checks for errors */
1170static int parse_and_check_status(struct opal_dev *dev)
1171{
1172 int error;
1173
1174 print_buffer(dev->cmd, dev->pos);
1175
1176 error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
1177 if (error) {
1178 pr_debug("Couldn't parse response.\n");
1179 return error;
1180 }
1181
1182 return response_status(&dev->parsed);
1183}
1184
1185static void clear_opal_cmd(struct opal_dev *dev)
1186{
1187 dev->pos = sizeof(struct opal_header);
1188 memset(dev->cmd, 0, IO_BUFFER_LENGTH);
1189}
1190
1191static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method)
1192{
1193 int err = 0;
1194
1195 clear_opal_cmd(dev);
1196 set_comid(dev, dev->comid);
1197
1198 add_token_u8(&err, dev, OPAL_CALL);
1199 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1200 add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH);
1201
1202 /*
1203 * Every method call is followed by its parameters enclosed within
1204 * OPAL_STARTLIST and OPAL_ENDLIST tokens. We automatically open the
1205 * parameter list here and close it later in cmd_finalize.
1206 */
1207 add_token_u8(&err, dev, OPAL_STARTLIST);
1208
1209 return err;
1210}
1211
1212static int start_opal_session_cont(struct opal_dev *dev)
1213{
1214 u32 hsn, tsn;
1215 int error = 0;
1216
1217 error = parse_and_check_status(dev);
1218 if (error)
1219 return error;
1220
1221 hsn = response_get_u64(&dev->parsed, 4);
1222 tsn = response_get_u64(&dev->parsed, 5);
1223
1224 if (hsn != GENERIC_HOST_SESSION_NUM || tsn < FIRST_TPER_SESSION_NUM) {
1225 pr_debug("Couldn't authenticate session\n");
1226 return -EPERM;
1227 }
1228
1229 dev->hsn = hsn;
1230 dev->tsn = tsn;
1231
1232 return 0;
1233}
1234
1235static void add_suspend_info(struct opal_dev *dev,
1236 struct opal_suspend_data *sus)
1237{
1238 struct opal_suspend_data *iter;
1239
1240 list_for_each_entry(iter, &dev->unlk_lst, node) {
1241 if (iter->lr == sus->lr) {
1242 list_del(&iter->node);
1243 kfree(iter);
1244 break;
1245 }
1246 }
1247 list_add_tail(&sus->node, &dev->unlk_lst);
1248}
1249
1250static int end_session_cont(struct opal_dev *dev)
1251{
1252 dev->hsn = 0;
1253 dev->tsn = 0;
1254
1255 return parse_and_check_status(dev);
1256}
1257
1258static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1259{
1260 int ret;
1261
1262 ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1263 if (ret) {
1264 pr_debug("Error finalizing command buffer: %d\n", ret);
1265 return ret;
1266 }
1267
1268 print_buffer(dev->cmd, dev->pos);
1269
1270 return opal_send_recv(dev, cont);
1271}
1272
1273static int generic_get_columns(struct opal_dev *dev, const u8 *table,
1274 u64 start_column, u64 end_column)
1275{
1276 int err;
1277
1278 err = cmd_start(dev, table, opalmethod[OPAL_GET]);
1279
1280 add_token_u8(&err, dev, OPAL_STARTLIST);
1281
1282 add_token_u8(&err, dev, OPAL_STARTNAME);
1283 add_token_u8(&err, dev, OPAL_STARTCOLUMN);
1284 add_token_u64(&err, dev, start_column);
1285 add_token_u8(&err, dev, OPAL_ENDNAME);
1286
1287 add_token_u8(&err, dev, OPAL_STARTNAME);
1288 add_token_u8(&err, dev, OPAL_ENDCOLUMN);
1289 add_token_u64(&err, dev, end_column);
1290 add_token_u8(&err, dev, OPAL_ENDNAME);
1291
1292 add_token_u8(&err, dev, OPAL_ENDLIST);
1293
1294 if (err)
1295 return err;
1296
1297 return finalize_and_send(dev, parse_and_check_status);
1298}
1299
1300/*
1301 * request @column from table @table on device @dev. On success, the column
1302 * data will be available in dev->resp->tok[4]
1303 */
1304static int generic_get_column(struct opal_dev *dev, const u8 *table,
1305 u64 column)
1306{
1307 return generic_get_columns(dev, table, column, column);
1308}
1309
1310/*
1311 * see TCG SAS 5.3.2.3 for a description of the available columns
1312 *
1313 * the result is provided in dev->resp->tok[4]
1314 */
1315static int generic_get_table_info(struct opal_dev *dev, const u8 *table_uid,
1316 u64 column)
1317{
1318 u8 uid[OPAL_UID_LENGTH];
1319 const unsigned int half = OPAL_UID_LENGTH_HALF;
1320
1321 /* sed-opal UIDs can be split in two halves:
1322 * first: actual table index
1323 * second: relative index in the table
1324 * so we have to get the first half of the OPAL_TABLE_TABLE and use the
1325 * first part of the target table as relative index into that table
1326 */
1327 memcpy(uid, opaluid[OPAL_TABLE_TABLE], half);
1328 memcpy(uid + half, table_uid, half);
1329
1330 return generic_get_column(dev, uid, column);
1331}
1332
1333static int gen_key(struct opal_dev *dev, void *data)
1334{
1335 u8 uid[OPAL_UID_LENGTH];
1336 int err;
1337
1338 memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1339 kfree(dev->prev_data);
1340 dev->prev_data = NULL;
1341
1342 err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]);
1343
1344 if (err) {
1345 pr_debug("Error building gen key command\n");
1346 return err;
1347
1348 }
1349
1350 return finalize_and_send(dev, parse_and_check_status);
1351}
1352
1353static int get_active_key_cont(struct opal_dev *dev)
1354{
1355 const char *activekey;
1356 size_t keylen;
1357 int error = 0;
1358
1359 error = parse_and_check_status(dev);
1360 if (error)
1361 return error;
1362
1363 keylen = response_get_string(&dev->parsed, 4, &activekey);
1364 if (!activekey) {
1365 pr_debug("%s: Couldn't extract the Activekey from the response\n",
1366 __func__);
1367 return OPAL_INVAL_PARAM;
1368 }
1369
1370 dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1371
1372 if (!dev->prev_data)
1373 return -ENOMEM;
1374
1375 dev->prev_d_len = keylen;
1376
1377 return 0;
1378}
1379
1380static int get_active_key(struct opal_dev *dev, void *data)
1381{
1382 u8 uid[OPAL_UID_LENGTH];
1383 int err;
1384 u8 *lr = data;
1385
1386 err = build_locking_range(uid, sizeof(uid), *lr);
1387 if (err)
1388 return err;
1389
1390 err = generic_get_column(dev, uid, OPAL_ACTIVEKEY);
1391 if (err)
1392 return err;
1393
1394 return get_active_key_cont(dev);
1395}
1396
1397static int generic_table_write_data(struct opal_dev *dev, const u64 data,
1398 u64 offset, u64 size, const u8 *uid)
1399{
1400 const u8 __user *src = (u8 __user *)(uintptr_t)data;
1401 u8 *dst;
1402 u64 len;
1403 size_t off = 0;
1404 int err;
1405
1406 /* do we fit in the available space? */
1407 err = generic_get_table_info(dev, uid, OPAL_TABLE_ROWS);
1408 if (err) {
1409 pr_debug("Couldn't get the table size\n");
1410 return err;
1411 }
1412
1413 len = response_get_u64(&dev->parsed, 4);
1414 if (size > len || offset > len - size) {
1415 pr_debug("Does not fit in the table (%llu vs. %llu)\n",
1416 offset + size, len);
1417 return -ENOSPC;
1418 }
1419
1420 /* do the actual transmission(s) */
1421 while (off < size) {
1422 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1423 add_token_u8(&err, dev, OPAL_STARTNAME);
1424 add_token_u8(&err, dev, OPAL_WHERE);
1425 add_token_u64(&err, dev, offset + off);
1426 add_token_u8(&err, dev, OPAL_ENDNAME);
1427
1428 add_token_u8(&err, dev, OPAL_STARTNAME);
1429 add_token_u8(&err, dev, OPAL_VALUES);
1430
1431 /*
1432 * The bytestring header is either 1 or 2 bytes, so assume 2.
1433 * There also needs to be enough space to accommodate the
1434 * trailing OPAL_ENDNAME (1 byte) and tokens added by
1435 * cmd_finalize.
1436 */
1437 len = min(remaining_size(dev) - (2+1+CMD_FINALIZE_BYTES_NEEDED),
1438 (size_t)(size - off));
1439 pr_debug("Write bytes %zu+%llu/%llu\n", off, len, size);
1440
1441 dst = add_bytestring_header(&err, dev, len);
1442 if (!dst)
1443 break;
1444
1445 if (copy_from_user(dst, src + off, len)) {
1446 err = -EFAULT;
1447 break;
1448 }
1449
1450 dev->pos += len;
1451
1452 add_token_u8(&err, dev, OPAL_ENDNAME);
1453 if (err)
1454 break;
1455
1456 err = finalize_and_send(dev, parse_and_check_status);
1457 if (err)
1458 break;
1459
1460 off += len;
1461 }
1462
1463 return err;
1464}
1465
1466static int generic_lr_enable_disable(struct opal_dev *dev,
1467 u8 *uid, bool rle, bool wle,
1468 bool rl, bool wl)
1469{
1470 int err;
1471
1472 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1473
1474 add_token_u8(&err, dev, OPAL_STARTNAME);
1475 add_token_u8(&err, dev, OPAL_VALUES);
1476 add_token_u8(&err, dev, OPAL_STARTLIST);
1477
1478 add_token_u8(&err, dev, OPAL_STARTNAME);
1479 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1480 add_token_u8(&err, dev, rle);
1481 add_token_u8(&err, dev, OPAL_ENDNAME);
1482
1483 add_token_u8(&err, dev, OPAL_STARTNAME);
1484 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1485 add_token_u8(&err, dev, wle);
1486 add_token_u8(&err, dev, OPAL_ENDNAME);
1487
1488 add_token_u8(&err, dev, OPAL_STARTNAME);
1489 add_token_u8(&err, dev, OPAL_READLOCKED);
1490 add_token_u8(&err, dev, rl);
1491 add_token_u8(&err, dev, OPAL_ENDNAME);
1492
1493 add_token_u8(&err, dev, OPAL_STARTNAME);
1494 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1495 add_token_u8(&err, dev, wl);
1496 add_token_u8(&err, dev, OPAL_ENDNAME);
1497
1498 add_token_u8(&err, dev, OPAL_ENDLIST);
1499 add_token_u8(&err, dev, OPAL_ENDNAME);
1500
1501 return err;
1502}
1503
1504static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1505 struct opal_user_lr_setup *setup)
1506{
1507 int err;
1508
1509 err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1510 0, 0);
1511 if (err)
1512 pr_debug("Failed to create enable global lr command\n");
1513
1514 return err;
1515}
1516
1517static int setup_locking_range(struct opal_dev *dev, void *data)
1518{
1519 u8 uid[OPAL_UID_LENGTH];
1520 struct opal_user_lr_setup *setup = data;
1521 u8 lr;
1522 int err;
1523
1524 lr = setup->session.opal_key.lr;
1525 err = build_locking_range(uid, sizeof(uid), lr);
1526 if (err)
1527 return err;
1528
1529 if (lr == 0)
1530 err = enable_global_lr(dev, uid, setup);
1531 else {
1532 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1533
1534 add_token_u8(&err, dev, OPAL_STARTNAME);
1535 add_token_u8(&err, dev, OPAL_VALUES);
1536 add_token_u8(&err, dev, OPAL_STARTLIST);
1537
1538 add_token_u8(&err, dev, OPAL_STARTNAME);
1539 add_token_u8(&err, dev, OPAL_RANGESTART);
1540 add_token_u64(&err, dev, setup->range_start);
1541 add_token_u8(&err, dev, OPAL_ENDNAME);
1542
1543 add_token_u8(&err, dev, OPAL_STARTNAME);
1544 add_token_u8(&err, dev, OPAL_RANGELENGTH);
1545 add_token_u64(&err, dev, setup->range_length);
1546 add_token_u8(&err, dev, OPAL_ENDNAME);
1547
1548 add_token_u8(&err, dev, OPAL_STARTNAME);
1549 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1550 add_token_u64(&err, dev, !!setup->RLE);
1551 add_token_u8(&err, dev, OPAL_ENDNAME);
1552
1553 add_token_u8(&err, dev, OPAL_STARTNAME);
1554 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1555 add_token_u64(&err, dev, !!setup->WLE);
1556 add_token_u8(&err, dev, OPAL_ENDNAME);
1557
1558 add_token_u8(&err, dev, OPAL_ENDLIST);
1559 add_token_u8(&err, dev, OPAL_ENDNAME);
1560 }
1561 if (err) {
1562 pr_debug("Error building Setup Locking range command.\n");
1563 return err;
1564 }
1565
1566 return finalize_and_send(dev, parse_and_check_status);
1567}
1568
1569static int response_get_column(const struct parsed_resp *resp,
1570 int *iter,
1571 u8 column,
1572 u64 *value)
1573{
1574 const struct opal_resp_tok *tok;
1575 int n = *iter;
1576 u64 val;
1577
1578 tok = response_get_token(resp, n);
1579 if (IS_ERR(tok))
1580 return PTR_ERR(tok);
1581
1582 if (!response_token_matches(tok, OPAL_STARTNAME)) {
1583 pr_debug("Unexpected response token type %d.\n", n);
1584 return OPAL_INVAL_PARAM;
1585 }
1586 n++;
1587
1588 if (response_get_u64(resp, n) != column) {
1589 pr_debug("Token %d does not match expected column %u.\n",
1590 n, column);
1591 return OPAL_INVAL_PARAM;
1592 }
1593 n++;
1594
1595 val = response_get_u64(resp, n);
1596 n++;
1597
1598 tok = response_get_token(resp, n);
1599 if (IS_ERR(tok))
1600 return PTR_ERR(tok);
1601
1602 if (!response_token_matches(tok, OPAL_ENDNAME)) {
1603 pr_debug("Unexpected response token type %d.\n", n);
1604 return OPAL_INVAL_PARAM;
1605 }
1606 n++;
1607
1608 *value = val;
1609 *iter = n;
1610
1611 return 0;
1612}
1613
1614static int locking_range_status(struct opal_dev *dev, void *data)
1615{
1616 u8 lr_buffer[OPAL_UID_LENGTH];
1617 u64 resp;
1618 bool rlocked, wlocked;
1619 int err, tok_n = 2;
1620 struct opal_lr_status *lrst = data;
1621
1622 err = build_locking_range(lr_buffer, sizeof(lr_buffer),
1623 lrst->session.opal_key.lr);
1624 if (err)
1625 return err;
1626
1627 err = generic_get_columns(dev, lr_buffer, OPAL_RANGESTART,
1628 OPAL_WRITELOCKED);
1629 if (err) {
1630 pr_debug("Couldn't get lr %u table columns %d to %d.\n",
1631 lrst->session.opal_key.lr, OPAL_RANGESTART,
1632 OPAL_WRITELOCKED);
1633 return err;
1634 }
1635
1636 /* range start */
1637 err = response_get_column(&dev->parsed, &tok_n, OPAL_RANGESTART,
1638 &lrst->range_start);
1639 if (err)
1640 return err;
1641
1642 /* range length */
1643 err = response_get_column(&dev->parsed, &tok_n, OPAL_RANGELENGTH,
1644 &lrst->range_length);
1645 if (err)
1646 return err;
1647
1648 /* RLE */
1649 err = response_get_column(&dev->parsed, &tok_n, OPAL_READLOCKENABLED,
1650 &resp);
1651 if (err)
1652 return err;
1653
1654 lrst->RLE = !!resp;
1655
1656 /* WLE */
1657 err = response_get_column(&dev->parsed, &tok_n, OPAL_WRITELOCKENABLED,
1658 &resp);
1659 if (err)
1660 return err;
1661
1662 lrst->WLE = !!resp;
1663
1664 /* read locked */
1665 err = response_get_column(&dev->parsed, &tok_n, OPAL_READLOCKED, &resp);
1666 if (err)
1667 return err;
1668
1669 rlocked = !!resp;
1670
1671 /* write locked */
1672 err = response_get_column(&dev->parsed, &tok_n, OPAL_WRITELOCKED, &resp);
1673 if (err)
1674 return err;
1675
1676 wlocked = !!resp;
1677
1678 /* opal_lock_state can not map 'read locked' only state. */
1679 lrst->l_state = OPAL_RW;
1680 if (rlocked && wlocked)
1681 lrst->l_state = OPAL_LK;
1682 else if (wlocked)
1683 lrst->l_state = OPAL_RO;
1684 else if (rlocked) {
1685 pr_debug("Can not report read locked only state.\n");
1686 return -EINVAL;
1687 }
1688
1689 return 0;
1690}
1691
1692static int start_generic_opal_session(struct opal_dev *dev,
1693 enum opal_uid auth,
1694 enum opal_uid sp_type,
1695 const char *key,
1696 u8 key_len)
1697{
1698 u32 hsn;
1699 int err;
1700
1701 if (key == NULL && auth != OPAL_ANYBODY_UID)
1702 return OPAL_INVAL_PARAM;
1703
1704 hsn = GENERIC_HOST_SESSION_NUM;
1705 err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1706 opalmethod[OPAL_STARTSESSION]);
1707
1708 add_token_u64(&err, dev, hsn);
1709 add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1710 add_token_u8(&err, dev, 1);
1711
1712 switch (auth) {
1713 case OPAL_ANYBODY_UID:
1714 break;
1715 case OPAL_ADMIN1_UID:
1716 case OPAL_SID_UID:
1717 case OPAL_PSID_UID:
1718 add_token_u8(&err, dev, OPAL_STARTNAME);
1719 add_token_u8(&err, dev, 0); /* HostChallenge */
1720 add_token_bytestring(&err, dev, key, key_len);
1721 add_token_u8(&err, dev, OPAL_ENDNAME);
1722 add_token_u8(&err, dev, OPAL_STARTNAME);
1723 add_token_u8(&err, dev, 3); /* HostSignAuth */
1724 add_token_bytestring(&err, dev, opaluid[auth],
1725 OPAL_UID_LENGTH);
1726 add_token_u8(&err, dev, OPAL_ENDNAME);
1727 break;
1728 default:
1729 pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1730 return OPAL_INVAL_PARAM;
1731 }
1732
1733 if (err) {
1734 pr_debug("Error building start adminsp session command.\n");
1735 return err;
1736 }
1737
1738 return finalize_and_send(dev, start_opal_session_cont);
1739}
1740
1741static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1742{
1743 return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1744 OPAL_ADMINSP_UID, NULL, 0);
1745}
1746
1747static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1748{
1749 int ret;
1750 const u8 *key = dev->prev_data;
1751
1752 if (!key) {
1753 const struct opal_key *okey = data;
1754
1755 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1756 OPAL_ADMINSP_UID,
1757 okey->key,
1758 okey->key_len);
1759 } else {
1760 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1761 OPAL_ADMINSP_UID,
1762 key, dev->prev_d_len);
1763 kfree(key);
1764 dev->prev_data = NULL;
1765 }
1766
1767 return ret;
1768}
1769
1770static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1771{
1772 struct opal_key *key = data;
1773
1774 return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1775 OPAL_LOCKINGSP_UID,
1776 key->key, key->key_len);
1777}
1778
1779static int start_PSID_opal_session(struct opal_dev *dev, void *data)
1780{
1781 const struct opal_key *okey = data;
1782
1783 return start_generic_opal_session(dev, OPAL_PSID_UID,
1784 OPAL_ADMINSP_UID,
1785 okey->key,
1786 okey->key_len);
1787}
1788
1789static int start_auth_opal_session(struct opal_dev *dev, void *data)
1790{
1791 struct opal_session_info *session = data;
1792 u8 lk_ul_user[OPAL_UID_LENGTH];
1793 size_t keylen = session->opal_key.key_len;
1794 int err = 0;
1795
1796 u8 *key = session->opal_key.key;
1797 u32 hsn = GENERIC_HOST_SESSION_NUM;
1798
1799 if (session->sum)
1800 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1801 session->opal_key.lr);
1802 else if (session->who != OPAL_ADMIN1 && !session->sum)
1803 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1804 session->who - 1);
1805 else
1806 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1807
1808 if (err)
1809 return err;
1810
1811 err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1812 opalmethod[OPAL_STARTSESSION]);
1813
1814 add_token_u64(&err, dev, hsn);
1815 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1816 OPAL_UID_LENGTH);
1817 add_token_u8(&err, dev, 1);
1818 add_token_u8(&err, dev, OPAL_STARTNAME);
1819 add_token_u8(&err, dev, 0);
1820 add_token_bytestring(&err, dev, key, keylen);
1821 add_token_u8(&err, dev, OPAL_ENDNAME);
1822 add_token_u8(&err, dev, OPAL_STARTNAME);
1823 add_token_u8(&err, dev, 3);
1824 add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1825 add_token_u8(&err, dev, OPAL_ENDNAME);
1826
1827 if (err) {
1828 pr_debug("Error building STARTSESSION command.\n");
1829 return err;
1830 }
1831
1832 return finalize_and_send(dev, start_opal_session_cont);
1833}
1834
1835static int revert_tper(struct opal_dev *dev, void *data)
1836{
1837 int err;
1838
1839 err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID],
1840 opalmethod[OPAL_REVERT]);
1841 if (err) {
1842 pr_debug("Error building REVERT TPER command.\n");
1843 return err;
1844 }
1845
1846 return finalize_and_send(dev, parse_and_check_status);
1847}
1848
1849static int internal_activate_user(struct opal_dev *dev, void *data)
1850{
1851 struct opal_session_info *session = data;
1852 u8 uid[OPAL_UID_LENGTH];
1853 int err;
1854
1855 memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1856 uid[7] = session->who;
1857
1858 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1859 add_token_u8(&err, dev, OPAL_STARTNAME);
1860 add_token_u8(&err, dev, OPAL_VALUES);
1861 add_token_u8(&err, dev, OPAL_STARTLIST);
1862 add_token_u8(&err, dev, OPAL_STARTNAME);
1863 add_token_u8(&err, dev, 5); /* Enabled */
1864 add_token_u8(&err, dev, OPAL_TRUE);
1865 add_token_u8(&err, dev, OPAL_ENDNAME);
1866 add_token_u8(&err, dev, OPAL_ENDLIST);
1867 add_token_u8(&err, dev, OPAL_ENDNAME);
1868
1869 if (err) {
1870 pr_debug("Error building Activate UserN command.\n");
1871 return err;
1872 }
1873
1874 return finalize_and_send(dev, parse_and_check_status);
1875}
1876
1877static int revert_lsp(struct opal_dev *dev, void *data)
1878{
1879 struct opal_revert_lsp *rev = data;
1880 int err;
1881
1882 err = cmd_start(dev, opaluid[OPAL_THISSP_UID],
1883 opalmethod[OPAL_REVERTSP]);
1884 add_token_u8(&err, dev, OPAL_STARTNAME);
1885 add_token_u64(&err, dev, OPAL_KEEP_GLOBAL_RANGE_KEY);
1886 add_token_u8(&err, dev, (rev->options & OPAL_PRESERVE) ?
1887 OPAL_TRUE : OPAL_FALSE);
1888 add_token_u8(&err, dev, OPAL_ENDNAME);
1889 if (err) {
1890 pr_debug("Error building REVERT SP command.\n");
1891 return err;
1892 }
1893
1894 return finalize_and_send(dev, parse_and_check_status);
1895}
1896
1897static int erase_locking_range(struct opal_dev *dev, void *data)
1898{
1899 struct opal_session_info *session = data;
1900 u8 uid[OPAL_UID_LENGTH];
1901 int err;
1902
1903 if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1904 return -ERANGE;
1905
1906 err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]);
1907
1908 if (err) {
1909 pr_debug("Error building Erase Locking Range Command.\n");
1910 return err;
1911 }
1912
1913 return finalize_and_send(dev, parse_and_check_status);
1914}
1915
1916static int set_mbr_done(struct opal_dev *dev, void *data)
1917{
1918 u8 *mbr_done_tf = data;
1919 int err;
1920
1921 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1922 opalmethod[OPAL_SET]);
1923
1924 add_token_u8(&err, dev, OPAL_STARTNAME);
1925 add_token_u8(&err, dev, OPAL_VALUES);
1926 add_token_u8(&err, dev, OPAL_STARTLIST);
1927 add_token_u8(&err, dev, OPAL_STARTNAME);
1928 add_token_u8(&err, dev, OPAL_MBRDONE);
1929 add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */
1930 add_token_u8(&err, dev, OPAL_ENDNAME);
1931 add_token_u8(&err, dev, OPAL_ENDLIST);
1932 add_token_u8(&err, dev, OPAL_ENDNAME);
1933
1934 if (err) {
1935 pr_debug("Error Building set MBR Done command\n");
1936 return err;
1937 }
1938
1939 return finalize_and_send(dev, parse_and_check_status);
1940}
1941
1942static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1943{
1944 u8 *mbr_en_dis = data;
1945 int err;
1946
1947 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1948 opalmethod[OPAL_SET]);
1949
1950 add_token_u8(&err, dev, OPAL_STARTNAME);
1951 add_token_u8(&err, dev, OPAL_VALUES);
1952 add_token_u8(&err, dev, OPAL_STARTLIST);
1953 add_token_u8(&err, dev, OPAL_STARTNAME);
1954 add_token_u8(&err, dev, OPAL_MBRENABLE);
1955 add_token_u8(&err, dev, *mbr_en_dis);
1956 add_token_u8(&err, dev, OPAL_ENDNAME);
1957 add_token_u8(&err, dev, OPAL_ENDLIST);
1958 add_token_u8(&err, dev, OPAL_ENDNAME);
1959
1960 if (err) {
1961 pr_debug("Error Building set MBR done command\n");
1962 return err;
1963 }
1964
1965 return finalize_and_send(dev, parse_and_check_status);
1966}
1967
1968static int write_shadow_mbr(struct opal_dev *dev, void *data)
1969{
1970 struct opal_shadow_mbr *shadow = data;
1971
1972 return generic_table_write_data(dev, shadow->data, shadow->offset,
1973 shadow->size, opaluid[OPAL_MBR]);
1974}
1975
1976static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1977 struct opal_dev *dev)
1978{
1979 int err;
1980
1981 err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]);
1982
1983 add_token_u8(&err, dev, OPAL_STARTNAME);
1984 add_token_u8(&err, dev, OPAL_VALUES);
1985 add_token_u8(&err, dev, OPAL_STARTLIST);
1986 add_token_u8(&err, dev, OPAL_STARTNAME);
1987 add_token_u8(&err, dev, OPAL_PIN);
1988 add_token_bytestring(&err, dev, key, key_len);
1989 add_token_u8(&err, dev, OPAL_ENDNAME);
1990 add_token_u8(&err, dev, OPAL_ENDLIST);
1991 add_token_u8(&err, dev, OPAL_ENDNAME);
1992
1993 return err;
1994}
1995
1996static int set_new_pw(struct opal_dev *dev, void *data)
1997{
1998 u8 cpin_uid[OPAL_UID_LENGTH];
1999 struct opal_session_info *usr = data;
2000
2001 memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
2002
2003 if (usr->who != OPAL_ADMIN1) {
2004 cpin_uid[5] = 0x03;
2005 if (usr->sum)
2006 cpin_uid[7] = usr->opal_key.lr + 1;
2007 else
2008 cpin_uid[7] = usr->who;
2009 }
2010
2011 if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
2012 cpin_uid, dev)) {
2013 pr_debug("Error building set password command.\n");
2014 return -ERANGE;
2015 }
2016
2017 return finalize_and_send(dev, parse_and_check_status);
2018}
2019
2020static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
2021{
2022 u8 cpin_uid[OPAL_UID_LENGTH];
2023 struct opal_key *key = data;
2024
2025 memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
2026
2027 if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
2028 pr_debug("Error building Set SID cpin\n");
2029 return -ERANGE;
2030 }
2031 return finalize_and_send(dev, parse_and_check_status);
2032}
2033
2034static void add_authority_object_ref(int *err,
2035 struct opal_dev *dev,
2036 const u8 *uid,
2037 size_t uid_len)
2038{
2039 add_token_u8(err, dev, OPAL_STARTNAME);
2040 add_token_bytestring(err, dev,
2041 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
2042 OPAL_UID_LENGTH/2);
2043 add_token_bytestring(err, dev, uid, uid_len);
2044 add_token_u8(err, dev, OPAL_ENDNAME);
2045}
2046
2047static void add_boolean_object_ref(int *err,
2048 struct opal_dev *dev,
2049 u8 boolean_op)
2050{
2051 add_token_u8(err, dev, OPAL_STARTNAME);
2052 add_token_bytestring(err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
2053 OPAL_UID_LENGTH/2);
2054 add_token_u8(err, dev, boolean_op);
2055 add_token_u8(err, dev, OPAL_ENDNAME);
2056}
2057
2058static int set_lr_boolean_ace(struct opal_dev *dev,
2059 unsigned int opal_uid,
2060 u8 lr,
2061 const u8 *users,
2062 size_t users_len)
2063{
2064 u8 lr_buffer[OPAL_UID_LENGTH];
2065 u8 user_uid[OPAL_UID_LENGTH];
2066 u8 u;
2067 int err;
2068
2069 memcpy(lr_buffer, opaluid[opal_uid], OPAL_UID_LENGTH);
2070 lr_buffer[7] = lr;
2071
2072 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
2073
2074 add_token_u8(&err, dev, OPAL_STARTNAME);
2075 add_token_u8(&err, dev, OPAL_VALUES);
2076
2077 add_token_u8(&err, dev, OPAL_STARTLIST);
2078 add_token_u8(&err, dev, OPAL_STARTNAME);
2079 add_token_u8(&err, dev, 3);
2080
2081 add_token_u8(&err, dev, OPAL_STARTLIST);
2082
2083 for (u = 0; u < users_len; u++) {
2084 if (users[u] == OPAL_ADMIN1)
2085 memcpy(user_uid, opaluid[OPAL_ADMIN1_UID],
2086 OPAL_UID_LENGTH);
2087 else {
2088 memcpy(user_uid, opaluid[OPAL_USER1_UID],
2089 OPAL_UID_LENGTH);
2090 user_uid[7] = users[u];
2091 }
2092
2093 add_authority_object_ref(&err, dev, user_uid, sizeof(user_uid));
2094
2095 /*
2096 * Add boolean operator in postfix only with
2097 * two or more authorities being added in ACE
2098 * expresion.
2099 * */
2100 if (u > 0)
2101 add_boolean_object_ref(&err, dev, OPAL_BOOLEAN_OR);
2102 }
2103
2104 add_token_u8(&err, dev, OPAL_ENDLIST);
2105 add_token_u8(&err, dev, OPAL_ENDNAME);
2106 add_token_u8(&err, dev, OPAL_ENDLIST);
2107 add_token_u8(&err, dev, OPAL_ENDNAME);
2108
2109 return err;
2110}
2111
2112static int add_user_to_lr(struct opal_dev *dev, void *data)
2113{
2114 int err;
2115 struct opal_lock_unlock *lkul = data;
2116 const u8 users[] = {
2117 lkul->session.who
2118 };
2119
2120 err = set_lr_boolean_ace(dev,
2121 lkul->l_state == OPAL_RW ?
2122 OPAL_LOCKINGRANGE_ACE_WRLOCKED :
2123 OPAL_LOCKINGRANGE_ACE_RDLOCKED,
2124 lkul->session.opal_key.lr, users,
2125 ARRAY_SIZE(users));
2126 if (err) {
2127 pr_debug("Error building add user to locking range command.\n");
2128 return err;
2129 }
2130
2131 return finalize_and_send(dev, parse_and_check_status);
2132}
2133
2134static int add_user_to_lr_ace(struct opal_dev *dev, void *data)
2135{
2136 int err;
2137 struct opal_lock_unlock *lkul = data;
2138 const u8 users[] = {
2139 OPAL_ADMIN1,
2140 lkul->session.who
2141 };
2142
2143 err = set_lr_boolean_ace(dev, OPAL_LOCKINGRANGE_ACE_START_TO_KEY,
2144 lkul->session.opal_key.lr, users,
2145 ARRAY_SIZE(users));
2146
2147 if (err) {
2148 pr_debug("Error building add user to locking ranges ACEs.\n");
2149 return err;
2150 }
2151
2152 return finalize_and_send(dev, parse_and_check_status);
2153}
2154
2155static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
2156{
2157 u8 lr_buffer[OPAL_UID_LENGTH];
2158 struct opal_lock_unlock *lkul = data;
2159 u8 read_locked = 1, write_locked = 1;
2160 int err = 0;
2161
2162 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
2163 lkul->session.opal_key.lr) < 0)
2164 return -ERANGE;
2165
2166 switch (lkul->l_state) {
2167 case OPAL_RO:
2168 read_locked = 0;
2169 write_locked = 1;
2170 break;
2171 case OPAL_RW:
2172 read_locked = 0;
2173 write_locked = 0;
2174 break;
2175 case OPAL_LK:
2176 /* vars are initialized to locked */
2177 break;
2178 default:
2179 pr_debug("Tried to set an invalid locking state... returning to uland\n");
2180 return OPAL_INVAL_PARAM;
2181 }
2182
2183 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
2184
2185 add_token_u8(&err, dev, OPAL_STARTNAME);
2186 add_token_u8(&err, dev, OPAL_VALUES);
2187 add_token_u8(&err, dev, OPAL_STARTLIST);
2188
2189 add_token_u8(&err, dev, OPAL_STARTNAME);
2190 add_token_u8(&err, dev, OPAL_READLOCKED);
2191 add_token_u8(&err, dev, read_locked);
2192 add_token_u8(&err, dev, OPAL_ENDNAME);
2193
2194 add_token_u8(&err, dev, OPAL_STARTNAME);
2195 add_token_u8(&err, dev, OPAL_WRITELOCKED);
2196 add_token_u8(&err, dev, write_locked);
2197 add_token_u8(&err, dev, OPAL_ENDNAME);
2198
2199 add_token_u8(&err, dev, OPAL_ENDLIST);
2200 add_token_u8(&err, dev, OPAL_ENDNAME);
2201
2202 if (err) {
2203 pr_debug("Error building SET command.\n");
2204 return err;
2205 }
2206
2207 return finalize_and_send(dev, parse_and_check_status);
2208}
2209
2210
2211static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
2212{
2213 u8 lr_buffer[OPAL_UID_LENGTH];
2214 u8 read_locked = 1, write_locked = 1;
2215 struct opal_lock_unlock *lkul = data;
2216 int ret;
2217
2218 clear_opal_cmd(dev);
2219 set_comid(dev, dev->comid);
2220
2221 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
2222 lkul->session.opal_key.lr) < 0)
2223 return -ERANGE;
2224
2225 switch (lkul->l_state) {
2226 case OPAL_RO:
2227 read_locked = 0;
2228 write_locked = 1;
2229 break;
2230 case OPAL_RW:
2231 read_locked = 0;
2232 write_locked = 0;
2233 break;
2234 case OPAL_LK:
2235 /* vars are initialized to locked */
2236 break;
2237 default:
2238 pr_debug("Tried to set an invalid locking state.\n");
2239 return OPAL_INVAL_PARAM;
2240 }
2241 ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
2242 read_locked, write_locked);
2243
2244 if (ret < 0) {
2245 pr_debug("Error building SET command.\n");
2246 return ret;
2247 }
2248
2249 return finalize_and_send(dev, parse_and_check_status);
2250}
2251
2252static int activate_lsp(struct opal_dev *dev, void *data)
2253{
2254 struct opal_lr_act *opal_act = data;
2255 u8 user_lr[OPAL_UID_LENGTH];
2256 int err, i;
2257
2258 err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID],
2259 opalmethod[OPAL_ACTIVATE]);
2260
2261 if (opal_act->sum) {
2262 err = build_locking_range(user_lr, sizeof(user_lr),
2263 opal_act->lr[0]);
2264 if (err)
2265 return err;
2266
2267 add_token_u8(&err, dev, OPAL_STARTNAME);
2268 add_token_u64(&err, dev, OPAL_SUM_SET_LIST);
2269
2270 add_token_u8(&err, dev, OPAL_STARTLIST);
2271 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
2272 for (i = 1; i < opal_act->num_lrs; i++) {
2273 user_lr[7] = opal_act->lr[i];
2274 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
2275 }
2276 add_token_u8(&err, dev, OPAL_ENDLIST);
2277 add_token_u8(&err, dev, OPAL_ENDNAME);
2278 }
2279
2280 if (err) {
2281 pr_debug("Error building Activate LockingSP command.\n");
2282 return err;
2283 }
2284
2285 return finalize_and_send(dev, parse_and_check_status);
2286}
2287
2288/* Determine if we're in the Manufactured Inactive or Active state */
2289static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
2290{
2291 u8 lc_status;
2292 int err;
2293
2294 err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID],
2295 OPAL_LIFECYCLE);
2296 if (err)
2297 return err;
2298
2299 lc_status = response_get_u64(&dev->parsed, 4);
2300 /* 0x08 is Manufactured Inactive */
2301 /* 0x09 is Manufactured */
2302 if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
2303 pr_debug("Couldn't determine the status of the Lifecycle state\n");
2304 return -ENODEV;
2305 }
2306
2307 return 0;
2308}
2309
2310static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
2311{
2312 const char *msid_pin;
2313 size_t strlen;
2314 int err;
2315
2316 err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN);
2317 if (err)
2318 return err;
2319
2320 strlen = response_get_string(&dev->parsed, 4, &msid_pin);
2321 if (!msid_pin) {
2322 pr_debug("Couldn't extract MSID_CPIN from response\n");
2323 return OPAL_INVAL_PARAM;
2324 }
2325
2326 dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
2327 if (!dev->prev_data)
2328 return -ENOMEM;
2329
2330 dev->prev_d_len = strlen;
2331
2332 return 0;
2333}
2334
2335static int write_table_data(struct opal_dev *dev, void *data)
2336{
2337 struct opal_read_write_table *write_tbl = data;
2338
2339 return generic_table_write_data(dev, write_tbl->data, write_tbl->offset,
2340 write_tbl->size, write_tbl->table_uid);
2341}
2342
2343static int read_table_data_cont(struct opal_dev *dev)
2344{
2345 int err;
2346 const char *data_read;
2347
2348 err = parse_and_check_status(dev);
2349 if (err)
2350 return err;
2351
2352 dev->prev_d_len = response_get_string(&dev->parsed, 1, &data_read);
2353 dev->prev_data = (void *)data_read;
2354 if (!dev->prev_data) {
2355 pr_debug("%s: Couldn't read data from the table.\n", __func__);
2356 return OPAL_INVAL_PARAM;
2357 }
2358
2359 return 0;
2360}
2361
2362/*
2363 * IO_BUFFER_LENGTH = 2048
2364 * sizeof(header) = 56
2365 * No. of Token Bytes in the Response = 11
2366 * MAX size of data that can be carried in response buffer
2367 * at a time is : 2048 - (56 + 11) = 1981 = 0x7BD.
2368 */
2369#define OPAL_MAX_READ_TABLE (0x7BD)
2370
2371static int read_table_data(struct opal_dev *dev, void *data)
2372{
2373 struct opal_read_write_table *read_tbl = data;
2374 int err;
2375 size_t off = 0, max_read_size = OPAL_MAX_READ_TABLE;
2376 u64 table_len, len;
2377 u64 offset = read_tbl->offset, read_size = read_tbl->size - 1;
2378 u8 __user *dst;
2379
2380 err = generic_get_table_info(dev, read_tbl->table_uid, OPAL_TABLE_ROWS);
2381 if (err) {
2382 pr_debug("Couldn't get the table size\n");
2383 return err;
2384 }
2385
2386 table_len = response_get_u64(&dev->parsed, 4);
2387
2388 /* Check if the user is trying to read from the table limits */
2389 if (read_size > table_len || offset > table_len - read_size) {
2390 pr_debug("Read size exceeds the Table size limits (%llu vs. %llu)\n",
2391 offset + read_size, table_len);
2392 return -EINVAL;
2393 }
2394
2395 while (off < read_size) {
2396 err = cmd_start(dev, read_tbl->table_uid, opalmethod[OPAL_GET]);
2397
2398 add_token_u8(&err, dev, OPAL_STARTLIST);
2399 add_token_u8(&err, dev, OPAL_STARTNAME);
2400 add_token_u8(&err, dev, OPAL_STARTROW);
2401 add_token_u64(&err, dev, offset + off); /* start row value */
2402 add_token_u8(&err, dev, OPAL_ENDNAME);
2403
2404 add_token_u8(&err, dev, OPAL_STARTNAME);
2405 add_token_u8(&err, dev, OPAL_ENDROW);
2406
2407 len = min(max_read_size, (size_t)(read_size - off));
2408 add_token_u64(&err, dev, offset + off + len); /* end row value
2409 */
2410 add_token_u8(&err, dev, OPAL_ENDNAME);
2411 add_token_u8(&err, dev, OPAL_ENDLIST);
2412
2413 if (err) {
2414 pr_debug("Error building read table data command.\n");
2415 break;
2416 }
2417
2418 err = finalize_and_send(dev, read_table_data_cont);
2419 if (err)
2420 break;
2421
2422 /* len+1: This includes the NULL terminator at the end*/
2423 if (dev->prev_d_len > len + 1) {
2424 err = -EOVERFLOW;
2425 break;
2426 }
2427
2428 dst = (u8 __user *)(uintptr_t)read_tbl->data;
2429 if (copy_to_user(dst + off, dev->prev_data, dev->prev_d_len)) {
2430 pr_debug("Error copying data to userspace\n");
2431 err = -EFAULT;
2432 break;
2433 }
2434 dev->prev_data = NULL;
2435
2436 off += len;
2437 }
2438
2439 return err;
2440}
2441
2442static int end_opal_session(struct opal_dev *dev, void *data)
2443{
2444 int err = 0;
2445
2446 clear_opal_cmd(dev);
2447 set_comid(dev, dev->comid);
2448 add_token_u8(&err, dev, OPAL_ENDOFSESSION);
2449
2450 if (err < 0)
2451 return err;
2452
2453 return finalize_and_send(dev, end_session_cont);
2454}
2455
2456static int end_opal_session_error(struct opal_dev *dev)
2457{
2458 const struct opal_step error_end_session = {
2459 end_opal_session,
2460 };
2461
2462 return execute_step(dev, &error_end_session, 0);
2463}
2464
2465static inline void setup_opal_dev(struct opal_dev *dev)
2466{
2467 dev->tsn = 0;
2468 dev->hsn = 0;
2469 dev->prev_data = NULL;
2470}
2471
2472static int check_opal_support(struct opal_dev *dev)
2473{
2474 int ret;
2475
2476 mutex_lock(&dev->dev_lock);
2477 setup_opal_dev(dev);
2478 ret = opal_discovery0_step(dev);
2479 if (!ret)
2480 dev->flags |= OPAL_FL_SUPPORTED;
2481 mutex_unlock(&dev->dev_lock);
2482
2483 return ret;
2484}
2485
2486static void clean_opal_dev(struct opal_dev *dev)
2487{
2488
2489 struct opal_suspend_data *suspend, *next;
2490
2491 mutex_lock(&dev->dev_lock);
2492 list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
2493 list_del(&suspend->node);
2494 kfree(suspend);
2495 }
2496 mutex_unlock(&dev->dev_lock);
2497}
2498
2499void free_opal_dev(struct opal_dev *dev)
2500{
2501 if (!dev)
2502 return;
2503
2504 clean_opal_dev(dev);
2505 kfree(dev->resp);
2506 kfree(dev->cmd);
2507 kfree(dev);
2508}
2509EXPORT_SYMBOL(free_opal_dev);
2510
2511struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2512{
2513 struct opal_dev *dev;
2514
2515 dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2516 if (!dev)
2517 return NULL;
2518
2519 /*
2520 * Presumably DMA-able buffers must be cache-aligned. Kmalloc makes
2521 * sure the allocated buffer is DMA-safe in that regard.
2522 */
2523 dev->cmd = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2524 if (!dev->cmd)
2525 goto err_free_dev;
2526
2527 dev->resp = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2528 if (!dev->resp)
2529 goto err_free_cmd;
2530
2531 INIT_LIST_HEAD(&dev->unlk_lst);
2532 mutex_init(&dev->dev_lock);
2533 dev->flags = 0;
2534 dev->data = data;
2535 dev->send_recv = send_recv;
2536 if (check_opal_support(dev) != 0) {
2537 pr_debug("Opal is not supported on this device\n");
2538 goto err_free_resp;
2539 }
2540
2541 return dev;
2542
2543err_free_resp:
2544 kfree(dev->resp);
2545
2546err_free_cmd:
2547 kfree(dev->cmd);
2548
2549err_free_dev:
2550 kfree(dev);
2551
2552 return NULL;
2553}
2554EXPORT_SYMBOL(init_opal_dev);
2555
2556static int opal_secure_erase_locking_range(struct opal_dev *dev,
2557 struct opal_session_info *opal_session)
2558{
2559 const struct opal_step erase_steps[] = {
2560 { start_auth_opal_session, opal_session },
2561 { get_active_key, &opal_session->opal_key.lr },
2562 { gen_key, },
2563 { end_opal_session, }
2564 };
2565 int ret;
2566
2567 ret = opal_get_key(dev, &opal_session->opal_key);
2568 if (ret)
2569 return ret;
2570 mutex_lock(&dev->dev_lock);
2571 setup_opal_dev(dev);
2572 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2573 mutex_unlock(&dev->dev_lock);
2574
2575 return ret;
2576}
2577
2578static int opal_get_discv(struct opal_dev *dev, struct opal_discovery *discv)
2579{
2580 const struct opal_step discovery0_step = {
2581 opal_discovery0, discv
2582 };
2583 int ret = 0;
2584
2585 mutex_lock(&dev->dev_lock);
2586 setup_opal_dev(dev);
2587 ret = execute_step(dev, &discovery0_step, 0);
2588 mutex_unlock(&dev->dev_lock);
2589 if (ret)
2590 return ret;
2591 return discv->size; /* modified to actual length of data */
2592}
2593
2594static int opal_revertlsp(struct opal_dev *dev, struct opal_revert_lsp *rev)
2595{
2596 /* controller will terminate session */
2597 const struct opal_step steps[] = {
2598 { start_admin1LSP_opal_session, &rev->key },
2599 { revert_lsp, rev }
2600 };
2601 int ret;
2602
2603 ret = opal_get_key(dev, &rev->key);
2604 if (ret)
2605 return ret;
2606 mutex_lock(&dev->dev_lock);
2607 setup_opal_dev(dev);
2608 ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2609 mutex_unlock(&dev->dev_lock);
2610
2611 return ret;
2612}
2613
2614static int opal_erase_locking_range(struct opal_dev *dev,
2615 struct opal_session_info *opal_session)
2616{
2617 const struct opal_step erase_steps[] = {
2618 { start_auth_opal_session, opal_session },
2619 { erase_locking_range, opal_session },
2620 { end_opal_session, }
2621 };
2622 int ret;
2623
2624 ret = opal_get_key(dev, &opal_session->opal_key);
2625 if (ret)
2626 return ret;
2627 mutex_lock(&dev->dev_lock);
2628 setup_opal_dev(dev);
2629 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2630 mutex_unlock(&dev->dev_lock);
2631
2632 return ret;
2633}
2634
2635static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2636 struct opal_mbr_data *opal_mbr)
2637{
2638 u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ?
2639 OPAL_TRUE : OPAL_FALSE;
2640
2641 const struct opal_step mbr_steps[] = {
2642 { start_admin1LSP_opal_session, &opal_mbr->key },
2643 { set_mbr_done, &enable_disable },
2644 { end_opal_session, },
2645 { start_admin1LSP_opal_session, &opal_mbr->key },
2646 { set_mbr_enable_disable, &enable_disable },
2647 { end_opal_session, }
2648 };
2649 int ret;
2650
2651 if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2652 opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2653 return -EINVAL;
2654
2655 ret = opal_get_key(dev, &opal_mbr->key);
2656 if (ret)
2657 return ret;
2658 mutex_lock(&dev->dev_lock);
2659 setup_opal_dev(dev);
2660 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2661 mutex_unlock(&dev->dev_lock);
2662
2663 return ret;
2664}
2665
2666static int opal_set_mbr_done(struct opal_dev *dev,
2667 struct opal_mbr_done *mbr_done)
2668{
2669 u8 mbr_done_tf = mbr_done->done_flag == OPAL_MBR_DONE ?
2670 OPAL_TRUE : OPAL_FALSE;
2671
2672 const struct opal_step mbr_steps[] = {
2673 { start_admin1LSP_opal_session, &mbr_done->key },
2674 { set_mbr_done, &mbr_done_tf },
2675 { end_opal_session, }
2676 };
2677 int ret;
2678
2679 if (mbr_done->done_flag != OPAL_MBR_DONE &&
2680 mbr_done->done_flag != OPAL_MBR_NOT_DONE)
2681 return -EINVAL;
2682
2683 ret = opal_get_key(dev, &mbr_done->key);
2684 if (ret)
2685 return ret;
2686 mutex_lock(&dev->dev_lock);
2687 setup_opal_dev(dev);
2688 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2689 mutex_unlock(&dev->dev_lock);
2690
2691 return ret;
2692}
2693
2694static int opal_write_shadow_mbr(struct opal_dev *dev,
2695 struct opal_shadow_mbr *info)
2696{
2697 const struct opal_step mbr_steps[] = {
2698 { start_admin1LSP_opal_session, &info->key },
2699 { write_shadow_mbr, info },
2700 { end_opal_session, }
2701 };
2702 int ret;
2703
2704 if (info->size == 0)
2705 return 0;
2706
2707 ret = opal_get_key(dev, &info->key);
2708 if (ret)
2709 return ret;
2710 mutex_lock(&dev->dev_lock);
2711 setup_opal_dev(dev);
2712 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2713 mutex_unlock(&dev->dev_lock);
2714
2715 return ret;
2716}
2717
2718static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2719{
2720 struct opal_suspend_data *suspend;
2721
2722 suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2723 if (!suspend)
2724 return -ENOMEM;
2725
2726 suspend->unlk = *lk_unlk;
2727 suspend->lr = lk_unlk->session.opal_key.lr;
2728
2729 mutex_lock(&dev->dev_lock);
2730 setup_opal_dev(dev);
2731 add_suspend_info(dev, suspend);
2732 mutex_unlock(&dev->dev_lock);
2733
2734 return 0;
2735}
2736
2737static int opal_add_user_to_lr(struct opal_dev *dev,
2738 struct opal_lock_unlock *lk_unlk)
2739{
2740 const struct opal_step steps[] = {
2741 { start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2742 { add_user_to_lr, lk_unlk },
2743 { add_user_to_lr_ace, lk_unlk },
2744 { end_opal_session, }
2745 };
2746 int ret;
2747
2748 if (lk_unlk->l_state != OPAL_RO &&
2749 lk_unlk->l_state != OPAL_RW) {
2750 pr_debug("Locking state was not RO or RW\n");
2751 return -EINVAL;
2752 }
2753
2754 if (lk_unlk->session.who < OPAL_USER1 ||
2755 lk_unlk->session.who > OPAL_USER9) {
2756 pr_debug("Authority was not within the range of users: %d\n",
2757 lk_unlk->session.who);
2758 return -EINVAL;
2759 }
2760
2761 if (lk_unlk->session.sum) {
2762 pr_debug("%s not supported in sum. Use setup locking range\n",
2763 __func__);
2764 return -EINVAL;
2765 }
2766
2767 ret = opal_get_key(dev, &lk_unlk->session.opal_key);
2768 if (ret)
2769 return ret;
2770 mutex_lock(&dev->dev_lock);
2771 setup_opal_dev(dev);
2772 ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2773 mutex_unlock(&dev->dev_lock);
2774
2775 return ret;
2776}
2777
2778static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psid)
2779{
2780 /* controller will terminate session */
2781 const struct opal_step revert_steps[] = {
2782 { start_SIDASP_opal_session, opal },
2783 { revert_tper, }
2784 };
2785 const struct opal_step psid_revert_steps[] = {
2786 { start_PSID_opal_session, opal },
2787 { revert_tper, }
2788 };
2789
2790 int ret;
2791
2792 ret = opal_get_key(dev, opal);
2793
2794 if (ret)
2795 return ret;
2796 mutex_lock(&dev->dev_lock);
2797 setup_opal_dev(dev);
2798 if (psid)
2799 ret = execute_steps(dev, psid_revert_steps,
2800 ARRAY_SIZE(psid_revert_steps));
2801 else
2802 ret = execute_steps(dev, revert_steps,
2803 ARRAY_SIZE(revert_steps));
2804 mutex_unlock(&dev->dev_lock);
2805
2806 /*
2807 * If we successfully reverted lets clean
2808 * any saved locking ranges.
2809 */
2810 if (!ret)
2811 clean_opal_dev(dev);
2812
2813 return ret;
2814}
2815
2816static int __opal_lock_unlock(struct opal_dev *dev,
2817 struct opal_lock_unlock *lk_unlk)
2818{
2819 const struct opal_step unlock_steps[] = {
2820 { start_auth_opal_session, &lk_unlk->session },
2821 { lock_unlock_locking_range, lk_unlk },
2822 { end_opal_session, }
2823 };
2824 const struct opal_step unlock_sum_steps[] = {
2825 { start_auth_opal_session, &lk_unlk->session },
2826 { lock_unlock_locking_range_sum, lk_unlk },
2827 { end_opal_session, }
2828 };
2829
2830 if (lk_unlk->session.sum)
2831 return execute_steps(dev, unlock_sum_steps,
2832 ARRAY_SIZE(unlock_sum_steps));
2833 else
2834 return execute_steps(dev, unlock_steps,
2835 ARRAY_SIZE(unlock_steps));
2836}
2837
2838static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2839{
2840 u8 mbr_done_tf = OPAL_TRUE;
2841 const struct opal_step mbrdone_step[] = {
2842 { start_admin1LSP_opal_session, key },
2843 { set_mbr_done, &mbr_done_tf },
2844 { end_opal_session, }
2845 };
2846
2847 return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step));
2848}
2849
2850static void opal_lock_check_for_saved_key(struct opal_dev *dev,
2851 struct opal_lock_unlock *lk_unlk)
2852{
2853 struct opal_suspend_data *iter;
2854
2855 if (lk_unlk->l_state != OPAL_LK ||
2856 lk_unlk->session.opal_key.key_len > 0)
2857 return;
2858
2859 /*
2860 * Usually when closing a crypto device (eg: dm-crypt with LUKS) the
2861 * volume key is not required, as it requires root privileges anyway,
2862 * and root can deny access to a disk in many ways regardless.
2863 * Requiring the volume key to lock the device is a peculiarity of the
2864 * OPAL specification. Given we might already have saved the key if
2865 * the user requested it via the 'IOC_OPAL_SAVE' ioctl, we can use
2866 * that key to lock the device if no key was provided here, the
2867 * locking range matches and the appropriate flag was passed with
2868 * 'IOC_OPAL_SAVE'.
2869 * This allows integrating OPAL with tools and libraries that are used
2870 * to the common behaviour and do not ask for the volume key when
2871 * closing a device.
2872 */
2873 setup_opal_dev(dev);
2874 list_for_each_entry(iter, &dev->unlk_lst, node) {
2875 if ((iter->unlk.flags & OPAL_SAVE_FOR_LOCK) &&
2876 iter->lr == lk_unlk->session.opal_key.lr &&
2877 iter->unlk.session.opal_key.key_len > 0) {
2878 lk_unlk->session.opal_key.key_len =
2879 iter->unlk.session.opal_key.key_len;
2880 memcpy(lk_unlk->session.opal_key.key,
2881 iter->unlk.session.opal_key.key,
2882 iter->unlk.session.opal_key.key_len);
2883 break;
2884 }
2885 }
2886}
2887
2888static int opal_lock_unlock(struct opal_dev *dev,
2889 struct opal_lock_unlock *lk_unlk)
2890{
2891 int ret;
2892
2893 if (lk_unlk->session.who > OPAL_USER9)
2894 return -EINVAL;
2895
2896 mutex_lock(&dev->dev_lock);
2897 opal_lock_check_for_saved_key(dev, lk_unlk);
2898 ret = opal_get_key(dev, &lk_unlk->session.opal_key);
2899 if (!ret)
2900 ret = __opal_lock_unlock(dev, lk_unlk);
2901 mutex_unlock(&dev->dev_lock);
2902
2903 return ret;
2904}
2905
2906static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2907{
2908 const struct opal_step owner_steps[] = {
2909 { start_anybodyASP_opal_session, },
2910 { get_msid_cpin_pin, },
2911 { end_opal_session, },
2912 { start_SIDASP_opal_session, opal },
2913 { set_sid_cpin_pin, opal },
2914 { end_opal_session, }
2915 };
2916 int ret;
2917
2918 if (!dev)
2919 return -ENODEV;
2920
2921 ret = opal_get_key(dev, opal);
2922 if (ret)
2923 return ret;
2924 mutex_lock(&dev->dev_lock);
2925 setup_opal_dev(dev);
2926 ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
2927 mutex_unlock(&dev->dev_lock);
2928
2929 return ret;
2930}
2931
2932static int opal_activate_lsp(struct opal_dev *dev,
2933 struct opal_lr_act *opal_lr_act)
2934{
2935 const struct opal_step active_steps[] = {
2936 { start_SIDASP_opal_session, &opal_lr_act->key },
2937 { get_lsp_lifecycle, },
2938 { activate_lsp, opal_lr_act },
2939 { end_opal_session, }
2940 };
2941 int ret;
2942
2943 if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2944 return -EINVAL;
2945
2946 ret = opal_get_key(dev, &opal_lr_act->key);
2947 if (ret)
2948 return ret;
2949 mutex_lock(&dev->dev_lock);
2950 setup_opal_dev(dev);
2951 ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
2952 mutex_unlock(&dev->dev_lock);
2953
2954 return ret;
2955}
2956
2957static int opal_setup_locking_range(struct opal_dev *dev,
2958 struct opal_user_lr_setup *opal_lrs)
2959{
2960 const struct opal_step lr_steps[] = {
2961 { start_auth_opal_session, &opal_lrs->session },
2962 { setup_locking_range, opal_lrs },
2963 { end_opal_session, }
2964 };
2965 int ret;
2966
2967 ret = opal_get_key(dev, &opal_lrs->session.opal_key);
2968 if (ret)
2969 return ret;
2970 mutex_lock(&dev->dev_lock);
2971 setup_opal_dev(dev);
2972 ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2973 mutex_unlock(&dev->dev_lock);
2974
2975 return ret;
2976}
2977
2978static int opal_locking_range_status(struct opal_dev *dev,
2979 struct opal_lr_status *opal_lrst,
2980 void __user *data)
2981{
2982 const struct opal_step lr_steps[] = {
2983 { start_auth_opal_session, &opal_lrst->session },
2984 { locking_range_status, opal_lrst },
2985 { end_opal_session, }
2986 };
2987 int ret;
2988
2989 mutex_lock(&dev->dev_lock);
2990 setup_opal_dev(dev);
2991 ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2992 mutex_unlock(&dev->dev_lock);
2993
2994 /* skip session info when copying back to uspace */
2995 if (!ret && copy_to_user(data + offsetof(struct opal_lr_status, range_start),
2996 (void *)opal_lrst + offsetof(struct opal_lr_status, range_start),
2997 sizeof(*opal_lrst) - offsetof(struct opal_lr_status, range_start))) {
2998 pr_debug("Error copying status to userspace\n");
2999 return -EFAULT;
3000 }
3001
3002 return ret;
3003}
3004
3005static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
3006{
3007 const struct opal_step pw_steps[] = {
3008 { start_auth_opal_session, &opal_pw->session },
3009 { set_new_pw, &opal_pw->new_user_pw },
3010 { end_opal_session, }
3011 };
3012 int ret;
3013
3014 if (opal_pw->session.who > OPAL_USER9 ||
3015 opal_pw->new_user_pw.who > OPAL_USER9)
3016 return -EINVAL;
3017
3018 mutex_lock(&dev->dev_lock);
3019 setup_opal_dev(dev);
3020 ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
3021 mutex_unlock(&dev->dev_lock);
3022
3023 if (ret)
3024 return ret;
3025
3026 /* update keyring and key store with new password */
3027 ret = sed_write_key(OPAL_AUTH_KEY,
3028 opal_pw->new_user_pw.opal_key.key,
3029 opal_pw->new_user_pw.opal_key.key_len);
3030 if (ret != -EOPNOTSUPP)
3031 pr_warn("error updating SED key: %d\n", ret);
3032
3033 ret = update_sed_opal_key(OPAL_AUTH_KEY,
3034 opal_pw->new_user_pw.opal_key.key,
3035 opal_pw->new_user_pw.opal_key.key_len);
3036
3037 return ret;
3038}
3039
3040static int opal_activate_user(struct opal_dev *dev,
3041 struct opal_session_info *opal_session)
3042{
3043 const struct opal_step act_steps[] = {
3044 { start_admin1LSP_opal_session, &opal_session->opal_key },
3045 { internal_activate_user, opal_session },
3046 { end_opal_session, }
3047 };
3048 int ret;
3049
3050 /* We can't activate Admin1 it's active as manufactured */
3051 if (opal_session->who < OPAL_USER1 ||
3052 opal_session->who > OPAL_USER9) {
3053 pr_debug("Who was not a valid user: %d\n", opal_session->who);
3054 return -EINVAL;
3055 }
3056
3057 ret = opal_get_key(dev, &opal_session->opal_key);
3058 if (ret)
3059 return ret;
3060 mutex_lock(&dev->dev_lock);
3061 setup_opal_dev(dev);
3062 ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
3063 mutex_unlock(&dev->dev_lock);
3064
3065 return ret;
3066}
3067
3068bool opal_unlock_from_suspend(struct opal_dev *dev)
3069{
3070 struct opal_suspend_data *suspend;
3071 bool was_failure = false;
3072 int ret = 0;
3073
3074 if (!dev)
3075 return false;
3076
3077 if (!(dev->flags & OPAL_FL_SUPPORTED))
3078 return false;
3079
3080 mutex_lock(&dev->dev_lock);
3081 setup_opal_dev(dev);
3082
3083 list_for_each_entry(suspend, &dev->unlk_lst, node) {
3084 dev->tsn = 0;
3085 dev->hsn = 0;
3086
3087 ret = __opal_lock_unlock(dev, &suspend->unlk);
3088 if (ret) {
3089 pr_debug("Failed to unlock LR %hhu with sum %d\n",
3090 suspend->unlk.session.opal_key.lr,
3091 suspend->unlk.session.sum);
3092 was_failure = true;
3093 }
3094
3095 if (dev->flags & OPAL_FL_MBR_ENABLED) {
3096 ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
3097 if (ret)
3098 pr_debug("Failed to set MBR Done in S3 resume\n");
3099 }
3100 }
3101 mutex_unlock(&dev->dev_lock);
3102
3103 return was_failure;
3104}
3105EXPORT_SYMBOL(opal_unlock_from_suspend);
3106
3107static int opal_read_table(struct opal_dev *dev,
3108 struct opal_read_write_table *rw_tbl)
3109{
3110 const struct opal_step read_table_steps[] = {
3111 { start_admin1LSP_opal_session, &rw_tbl->key },
3112 { read_table_data, rw_tbl },
3113 { end_opal_session, }
3114 };
3115 int ret = 0;
3116
3117 if (!rw_tbl->size)
3118 return ret;
3119
3120 return execute_steps(dev, read_table_steps,
3121 ARRAY_SIZE(read_table_steps));
3122}
3123
3124static int opal_write_table(struct opal_dev *dev,
3125 struct opal_read_write_table *rw_tbl)
3126{
3127 const struct opal_step write_table_steps[] = {
3128 { start_admin1LSP_opal_session, &rw_tbl->key },
3129 { write_table_data, rw_tbl },
3130 { end_opal_session, }
3131 };
3132 int ret = 0;
3133
3134 if (!rw_tbl->size)
3135 return ret;
3136
3137 return execute_steps(dev, write_table_steps,
3138 ARRAY_SIZE(write_table_steps));
3139}
3140
3141static int opal_generic_read_write_table(struct opal_dev *dev,
3142 struct opal_read_write_table *rw_tbl)
3143{
3144 int ret, bit_set;
3145
3146 ret = opal_get_key(dev, &rw_tbl->key);
3147 if (ret)
3148 return ret;
3149 mutex_lock(&dev->dev_lock);
3150 setup_opal_dev(dev);
3151
3152 bit_set = fls64(rw_tbl->flags) - 1;
3153 switch (bit_set) {
3154 case OPAL_READ_TABLE:
3155 ret = opal_read_table(dev, rw_tbl);
3156 break;
3157 case OPAL_WRITE_TABLE:
3158 ret = opal_write_table(dev, rw_tbl);
3159 break;
3160 default:
3161 pr_debug("Invalid bit set in the flag (%016llx).\n",
3162 rw_tbl->flags);
3163 ret = -EINVAL;
3164 break;
3165 }
3166
3167 mutex_unlock(&dev->dev_lock);
3168
3169 return ret;
3170}
3171
3172static int opal_get_status(struct opal_dev *dev, void __user *data)
3173{
3174 struct opal_status sts = {0};
3175
3176 /*
3177 * check_opal_support() error is not fatal,
3178 * !dev->supported is a valid condition
3179 */
3180 if (!check_opal_support(dev))
3181 sts.flags = dev->flags;
3182 if (copy_to_user(data, &sts, sizeof(sts))) {
3183 pr_debug("Error copying status to userspace\n");
3184 return -EFAULT;
3185 }
3186 return 0;
3187}
3188
3189static int opal_get_geometry(struct opal_dev *dev, void __user *data)
3190{
3191 struct opal_geometry geo = {0};
3192
3193 if (check_opal_support(dev))
3194 return -EINVAL;
3195
3196 geo.align = dev->align_required;
3197 geo.logical_block_size = dev->logical_block_size;
3198 geo.alignment_granularity = dev->align;
3199 geo.lowest_aligned_lba = dev->lowest_lba;
3200
3201 if (copy_to_user(data, &geo, sizeof(geo))) {
3202 pr_debug("Error copying geometry data to userspace\n");
3203 return -EFAULT;
3204 }
3205
3206 return 0;
3207}
3208
3209int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
3210{
3211 void *p;
3212 int ret = -ENOTTY;
3213
3214 if (!capable(CAP_SYS_ADMIN))
3215 return -EACCES;
3216 if (!dev)
3217 return -EOPNOTSUPP;
3218 if (!(dev->flags & OPAL_FL_SUPPORTED))
3219 return -EOPNOTSUPP;
3220
3221 if (cmd & IOC_IN) {
3222 p = memdup_user(arg, _IOC_SIZE(cmd));
3223 if (IS_ERR(p))
3224 return PTR_ERR(p);
3225 }
3226
3227 switch (cmd) {
3228 case IOC_OPAL_SAVE:
3229 ret = opal_save(dev, p);
3230 break;
3231 case IOC_OPAL_LOCK_UNLOCK:
3232 ret = opal_lock_unlock(dev, p);
3233 break;
3234 case IOC_OPAL_TAKE_OWNERSHIP:
3235 ret = opal_take_ownership(dev, p);
3236 break;
3237 case IOC_OPAL_ACTIVATE_LSP:
3238 ret = opal_activate_lsp(dev, p);
3239 break;
3240 case IOC_OPAL_SET_PW:
3241 ret = opal_set_new_pw(dev, p);
3242 break;
3243 case IOC_OPAL_ACTIVATE_USR:
3244 ret = opal_activate_user(dev, p);
3245 break;
3246 case IOC_OPAL_REVERT_TPR:
3247 ret = opal_reverttper(dev, p, false);
3248 break;
3249 case IOC_OPAL_LR_SETUP:
3250 ret = opal_setup_locking_range(dev, p);
3251 break;
3252 case IOC_OPAL_ADD_USR_TO_LR:
3253 ret = opal_add_user_to_lr(dev, p);
3254 break;
3255 case IOC_OPAL_ENABLE_DISABLE_MBR:
3256 ret = opal_enable_disable_shadow_mbr(dev, p);
3257 break;
3258 case IOC_OPAL_MBR_DONE:
3259 ret = opal_set_mbr_done(dev, p);
3260 break;
3261 case IOC_OPAL_WRITE_SHADOW_MBR:
3262 ret = opal_write_shadow_mbr(dev, p);
3263 break;
3264 case IOC_OPAL_ERASE_LR:
3265 ret = opal_erase_locking_range(dev, p);
3266 break;
3267 case IOC_OPAL_SECURE_ERASE_LR:
3268 ret = opal_secure_erase_locking_range(dev, p);
3269 break;
3270 case IOC_OPAL_PSID_REVERT_TPR:
3271 ret = opal_reverttper(dev, p, true);
3272 break;
3273 case IOC_OPAL_GENERIC_TABLE_RW:
3274 ret = opal_generic_read_write_table(dev, p);
3275 break;
3276 case IOC_OPAL_GET_STATUS:
3277 ret = opal_get_status(dev, arg);
3278 break;
3279 case IOC_OPAL_GET_LR_STATUS:
3280 ret = opal_locking_range_status(dev, p, arg);
3281 break;
3282 case IOC_OPAL_GET_GEOMETRY:
3283 ret = opal_get_geometry(dev, arg);
3284 break;
3285 case IOC_OPAL_REVERT_LSP:
3286 ret = opal_revertlsp(dev, p);
3287 break;
3288 case IOC_OPAL_DISCOVERY:
3289 ret = opal_get_discv(dev, p);
3290 break;
3291
3292 default:
3293 break;
3294 }
3295
3296 if (cmd & IOC_IN)
3297 kfree(p);
3298 return ret;
3299}
3300EXPORT_SYMBOL_GPL(sed_ioctl);
3301
3302static int __init sed_opal_init(void)
3303{
3304 struct key *kr;
3305 char init_sed_key[OPAL_KEY_MAX];
3306 int keylen = OPAL_KEY_MAX - 1;
3307
3308 kr = keyring_alloc(".sed_opal",
3309 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
3310 (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW |
3311 KEY_USR_READ | KEY_USR_SEARCH | KEY_USR_WRITE,
3312 KEY_ALLOC_NOT_IN_QUOTA,
3313 NULL, NULL);
3314 if (IS_ERR(kr))
3315 return PTR_ERR(kr);
3316
3317 sed_opal_keyring = kr;
3318
3319 if (sed_read_key(OPAL_AUTH_KEY, init_sed_key, &keylen) < 0) {
3320 memset(init_sed_key, '\0', sizeof(init_sed_key));
3321 keylen = OPAL_KEY_MAX - 1;
3322 }
3323
3324 return update_sed_opal_key(OPAL_AUTH_KEY, init_sed_key, keylen);
3325}
3326late_initcall(sed_opal_init);