This source file includes following definitions.
- opal_error_to_human
- print_buffer
- check_tper
- check_mbrenabled
- check_sum
- get_comid_v100
- get_comid_v200
- opal_send_cmd
- opal_recv_cmd
- opal_recv_check
- opal_send_recv
- check_geometry
- execute_step
- execute_steps
- opal_discovery0_end
- opal_discovery0
- opal_discovery0_step
- remaining_size
- can_add
- add_token_u8
- add_short_atom_header
- add_medium_atom_header
- add_token_u64
- add_bytestring_header
- add_token_bytestring
- build_locking_range
- build_locking_user
- set_comid
- cmd_finalize
- response_get_token
- response_parse_tiny
- response_parse_short
- response_parse_medium
- response_parse_long
- response_parse_token
- response_parse
- response_get_string
- response_get_u64
- response_token_matches
- response_status
- parse_and_check_status
- clear_opal_cmd
- cmd_start
- start_opal_session_cont
- add_suspend_info
- end_session_cont
- finalize_and_send
- generic_get_column
- generic_get_table_info
- gen_key
- get_active_key_cont
- get_active_key
- generic_lr_enable_disable
- enable_global_lr
- setup_locking_range
- start_generic_opal_session
- start_anybodyASP_opal_session
- start_SIDASP_opal_session
- start_admin1LSP_opal_session
- start_PSID_opal_session
- start_auth_opal_session
- revert_tper
- internal_activate_user
- erase_locking_range
- set_mbr_done
- set_mbr_enable_disable
- write_shadow_mbr
- generic_pw_cmd
- set_new_pw
- set_sid_cpin_pin
- add_user_to_lr
- lock_unlock_locking_range
- lock_unlock_locking_range_sum
- activate_lsp
- get_lsp_lifecycle
- get_msid_cpin_pin
- end_opal_session
- end_opal_session_error
- setup_opal_dev
- check_opal_support
- clean_opal_dev
- free_opal_dev
- init_opal_dev
- opal_secure_erase_locking_range
- opal_erase_locking_range
- opal_enable_disable_shadow_mbr
- opal_set_mbr_done
- opal_write_shadow_mbr
- opal_save
- opal_add_user_to_lr
- opal_reverttper
- __opal_lock_unlock
- __opal_set_mbr_done
- opal_lock_unlock
- opal_take_ownership
- opal_activate_lsp
- opal_setup_locking_range
- opal_set_new_pw
- opal_activate_user
- opal_unlock_from_suspend
- sed_ioctl
1
2
3
4
5
6
7
8
9
10 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
11
12 #include <linux/delay.h>
13 #include <linux/device.h>
14 #include <linux/kernel.h>
15 #include <linux/list.h>
16 #include <linux/genhd.h>
17 #include <linux/slab.h>
18 #include <linux/uaccess.h>
19 #include <uapi/linux/sed-opal.h>
20 #include <linux/sed-opal.h>
21 #include <linux/string.h>
22 #include <linux/kdev_t.h>
23
24 #include "opal_proto.h"
25
26 #define IO_BUFFER_LENGTH 2048
27 #define MAX_TOKS 64
28
29
30 #define CMD_FINALIZE_BYTES_NEEDED 7
31
32 struct opal_step {
33 int (*fn)(struct opal_dev *dev, void *data);
34 void *data;
35 };
36 typedef int (cont_fn)(struct opal_dev *dev);
37
38 enum opal_atom_width {
39 OPAL_WIDTH_TINY,
40 OPAL_WIDTH_SHORT,
41 OPAL_WIDTH_MEDIUM,
42 OPAL_WIDTH_LONG,
43 OPAL_WIDTH_TOKEN
44 };
45
46
47
48
49
50
51
52 struct opal_resp_tok {
53 const u8 *pos;
54 size_t len;
55 enum opal_response_token type;
56 enum opal_atom_width width;
57 union {
58 u64 u;
59 s64 s;
60 } stored;
61 };
62
63
64
65
66
67
68
69
70
71 struct parsed_resp {
72 int num;
73 struct opal_resp_tok toks[MAX_TOKS];
74 };
75
76 struct opal_dev {
77 bool supported;
78 bool mbr_enabled;
79
80 void *data;
81 sec_send_recv *send_recv;
82
83 struct mutex dev_lock;
84 u16 comid;
85 u32 hsn;
86 u32 tsn;
87 u64 align;
88 u64 lowest_lba;
89
90 size_t pos;
91 u8 cmd[IO_BUFFER_LENGTH];
92 u8 resp[IO_BUFFER_LENGTH];
93
94 struct parsed_resp parsed;
95 size_t prev_d_len;
96 void *prev_data;
97
98 struct list_head unlk_lst;
99 };
100
101
102 static const u8 opaluid[][OPAL_UID_LENGTH] = {
103
104 [OPAL_SMUID_UID] =
105 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
106 [OPAL_THISSP_UID] =
107 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
108 [OPAL_ADMINSP_UID] =
109 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
110 [OPAL_LOCKINGSP_UID] =
111 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
112 [OPAL_ENTERPRISE_LOCKINGSP_UID] =
113 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
114 [OPAL_ANYBODY_UID] =
115 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
116 [OPAL_SID_UID] =
117 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
118 [OPAL_ADMIN1_UID] =
119 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
120 [OPAL_USER1_UID] =
121 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
122 [OPAL_USER2_UID] =
123 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
124 [OPAL_PSID_UID] =
125 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
126 [OPAL_ENTERPRISE_BANDMASTER0_UID] =
127 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
128 [OPAL_ENTERPRISE_ERASEMASTER_UID] =
129 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
130
131
132 [OPAL_TABLE_TABLE] =
133 { 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01 },
134 [OPAL_LOCKINGRANGE_GLOBAL] =
135 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
136 [OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
137 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
138 [OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
139 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
140 [OPAL_MBRCONTROL] =
141 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
142 [OPAL_MBR] =
143 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
144 [OPAL_AUTHORITY_TABLE] =
145 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
146 [OPAL_C_PIN_TABLE] =
147 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
148 [OPAL_LOCKING_INFO_TABLE] =
149 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
150 [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
151 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
152
153
154 [OPAL_C_PIN_MSID] =
155 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
156 [OPAL_C_PIN_SID] =
157 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
158 [OPAL_C_PIN_ADMIN1] =
159 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
160
161
162 [OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
163 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
164 [OPAL_HALF_UID_BOOLEAN_ACE] =
165 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
166
167
168 [OPAL_UID_HEXFF] =
169 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
170 };
171
172
173
174
175
176
177 static const u8 opalmethod[][OPAL_METHOD_LENGTH] = {
178 [OPAL_PROPERTIES] =
179 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
180 [OPAL_STARTSESSION] =
181 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
182 [OPAL_REVERT] =
183 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
184 [OPAL_ACTIVATE] =
185 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
186 [OPAL_EGET] =
187 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
188 [OPAL_ESET] =
189 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
190 [OPAL_NEXT] =
191 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
192 [OPAL_EAUTHENTICATE] =
193 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
194 [OPAL_GETACL] =
195 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
196 [OPAL_GENKEY] =
197 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
198 [OPAL_REVERTSP] =
199 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
200 [OPAL_GET] =
201 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
202 [OPAL_SET] =
203 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
204 [OPAL_AUTHENTICATE] =
205 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
206 [OPAL_RANDOM] =
207 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
208 [OPAL_ERASE] =
209 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
210 };
211
212 static int end_opal_session_error(struct opal_dev *dev);
213 static int opal_discovery0_step(struct opal_dev *dev);
214
215 struct opal_suspend_data {
216 struct opal_lock_unlock unlk;
217 u8 lr;
218 struct list_head node;
219 };
220
221
222
223
224
225
226 static const char * const opal_errors[] = {
227 "Success",
228 "Not Authorized",
229 "Unknown Error",
230 "SP Busy",
231 "SP Failed",
232 "SP Disabled",
233 "SP Frozen",
234 "No Sessions Available",
235 "Uniqueness Conflict",
236 "Insufficient Space",
237 "Insufficient Rows",
238 "Invalid Function",
239 "Invalid Parameter",
240 "Invalid Reference",
241 "Unknown Error",
242 "TPER Malfunction",
243 "Transaction Failure",
244 "Response Overflow",
245 "Authority Locked Out",
246 };
247
248 static const char *opal_error_to_human(int error)
249 {
250 if (error == 0x3f)
251 return "Failed";
252
253 if (error >= ARRAY_SIZE(opal_errors) || error < 0)
254 return "Unknown Error";
255
256 return opal_errors[error];
257 }
258
259 static void print_buffer(const u8 *ptr, u32 length)
260 {
261 #ifdef DEBUG
262 print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
263 pr_debug("\n");
264 #endif
265 }
266
267 static bool check_tper(const void *data)
268 {
269 const struct d0_tper_features *tper = data;
270 u8 flags = tper->supported_features;
271
272 if (!(flags & TPER_SYNC_SUPPORTED)) {
273 pr_debug("TPer sync not supported. flags = %d\n",
274 tper->supported_features);
275 return false;
276 }
277
278 return true;
279 }
280
281 static bool check_mbrenabled(const void *data)
282 {
283 const struct d0_locking_features *lfeat = data;
284 u8 sup_feat = lfeat->supported_features;
285
286 return !!(sup_feat & MBR_ENABLED_MASK);
287 }
288
289 static bool check_sum(const void *data)
290 {
291 const struct d0_single_user_mode *sum = data;
292 u32 nlo = be32_to_cpu(sum->num_locking_objects);
293
294 if (nlo == 0) {
295 pr_debug("Need at least one locking object.\n");
296 return false;
297 }
298
299 pr_debug("Number of locking objects: %d\n", nlo);
300
301 return true;
302 }
303
304 static u16 get_comid_v100(const void *data)
305 {
306 const struct d0_opal_v100 *v100 = data;
307
308 return be16_to_cpu(v100->baseComID);
309 }
310
311 static u16 get_comid_v200(const void *data)
312 {
313 const struct d0_opal_v200 *v200 = data;
314
315 return be16_to_cpu(v200->baseComID);
316 }
317
318 static int opal_send_cmd(struct opal_dev *dev)
319 {
320 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
321 dev->cmd, IO_BUFFER_LENGTH,
322 true);
323 }
324
325 static int opal_recv_cmd(struct opal_dev *dev)
326 {
327 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
328 dev->resp, IO_BUFFER_LENGTH,
329 false);
330 }
331
332 static int opal_recv_check(struct opal_dev *dev)
333 {
334 size_t buflen = IO_BUFFER_LENGTH;
335 void *buffer = dev->resp;
336 struct opal_header *hdr = buffer;
337 int ret;
338
339 do {
340 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
341 hdr->cp.outstandingData,
342 hdr->cp.minTransfer);
343
344 if (hdr->cp.outstandingData == 0 ||
345 hdr->cp.minTransfer != 0)
346 return 0;
347
348 memset(buffer, 0, buflen);
349 ret = opal_recv_cmd(dev);
350 } while (!ret);
351
352 return ret;
353 }
354
355 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
356 {
357 int ret;
358
359 ret = opal_send_cmd(dev);
360 if (ret)
361 return ret;
362 ret = opal_recv_cmd(dev);
363 if (ret)
364 return ret;
365 ret = opal_recv_check(dev);
366 if (ret)
367 return ret;
368 return cont(dev);
369 }
370
371 static void check_geometry(struct opal_dev *dev, const void *data)
372 {
373 const struct d0_geometry_features *geo = data;
374
375 dev->align = be64_to_cpu(geo->alignment_granularity);
376 dev->lowest_lba = be64_to_cpu(geo->lowest_aligned_lba);
377 }
378
379 static int execute_step(struct opal_dev *dev,
380 const struct opal_step *step, size_t stepIndex)
381 {
382 int error = step->fn(dev, step->data);
383
384 if (error) {
385 pr_debug("Step %zu (%pS) failed with error %d: %s\n",
386 stepIndex, step->fn, error,
387 opal_error_to_human(error));
388 }
389
390 return error;
391 }
392
393 static int execute_steps(struct opal_dev *dev,
394 const struct opal_step *steps, size_t n_steps)
395 {
396 size_t state = 0;
397 int error;
398
399
400 error = opal_discovery0_step(dev);
401 if (error)
402 return error;
403
404 for (state = 0; state < n_steps; state++) {
405 error = execute_step(dev, &steps[state], state);
406 if (error)
407 goto out_error;
408 }
409
410 return 0;
411
412 out_error:
413
414
415
416
417
418
419
420
421 if (state > 0)
422 end_opal_session_error(dev);
423
424 return error;
425 }
426
427 static int opal_discovery0_end(struct opal_dev *dev)
428 {
429 bool found_com_id = false, supported = true, single_user = false;
430 const struct d0_header *hdr = (struct d0_header *)dev->resp;
431 const u8 *epos = dev->resp, *cpos = dev->resp;
432 u16 comid = 0;
433 u32 hlen = be32_to_cpu(hdr->length);
434
435 print_buffer(dev->resp, hlen);
436 dev->mbr_enabled = false;
437
438 if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
439 pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
440 sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
441 return -EFAULT;
442 }
443
444 epos += hlen;
445 cpos += sizeof(*hdr);
446
447 while (cpos < epos && supported) {
448 const struct d0_features *body =
449 (const struct d0_features *)cpos;
450
451 switch (be16_to_cpu(body->code)) {
452 case FC_TPER:
453 supported = check_tper(body->features);
454 break;
455 case FC_SINGLEUSER:
456 single_user = check_sum(body->features);
457 break;
458 case FC_GEOMETRY:
459 check_geometry(dev, body);
460 break;
461 case FC_LOCKING:
462 dev->mbr_enabled = check_mbrenabled(body->features);
463 break;
464 case FC_ENTERPRISE:
465 case FC_DATASTORE:
466
467 pr_debug("Found OPAL feature description: %d\n",
468 be16_to_cpu(body->code));
469 break;
470 case FC_OPALV100:
471 comid = get_comid_v100(body->features);
472 found_com_id = true;
473 break;
474 case FC_OPALV200:
475 comid = get_comid_v200(body->features);
476 found_com_id = true;
477 break;
478 case 0xbfff ... 0xffff:
479
480 break;
481 default:
482 pr_debug("OPAL Unknown feature: %d\n",
483 be16_to_cpu(body->code));
484
485 }
486 cpos += body->length + 4;
487 }
488
489 if (!supported) {
490 pr_debug("This device is not Opal enabled. Not Supported!\n");
491 return -EOPNOTSUPP;
492 }
493
494 if (!single_user)
495 pr_debug("Device doesn't support single user mode\n");
496
497
498 if (!found_com_id) {
499 pr_debug("Could not find OPAL comid for device. Returning early\n");
500 return -EOPNOTSUPP;
501 }
502
503 dev->comid = comid;
504
505 return 0;
506 }
507
508 static int opal_discovery0(struct opal_dev *dev, void *data)
509 {
510 int ret;
511
512 memset(dev->resp, 0, IO_BUFFER_LENGTH);
513 dev->comid = OPAL_DISCOVERY_COMID;
514 ret = opal_recv_cmd(dev);
515 if (ret)
516 return ret;
517
518 return opal_discovery0_end(dev);
519 }
520
521 static int opal_discovery0_step(struct opal_dev *dev)
522 {
523 const struct opal_step discovery0_step = {
524 opal_discovery0,
525 };
526
527 return execute_step(dev, &discovery0_step, 0);
528 }
529
530 static size_t remaining_size(struct opal_dev *cmd)
531 {
532 return IO_BUFFER_LENGTH - cmd->pos;
533 }
534
535 static bool can_add(int *err, struct opal_dev *cmd, size_t len)
536 {
537 if (*err)
538 return false;
539
540 if (remaining_size(cmd) < len) {
541 pr_debug("Error adding %zu bytes: end of buffer.\n", len);
542 *err = -ERANGE;
543 return false;
544 }
545
546 return true;
547 }
548
549 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
550 {
551 if (!can_add(err, cmd, 1))
552 return;
553
554 cmd->cmd[cmd->pos++] = tok;
555 }
556
557 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
558 bool has_sign, int len)
559 {
560 u8 atom;
561 int err = 0;
562
563 atom = SHORT_ATOM_ID;
564 atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
565 atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
566 atom |= len & SHORT_ATOM_LEN_MASK;
567
568 add_token_u8(&err, cmd, atom);
569 }
570
571 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
572 bool has_sign, int len)
573 {
574 u8 header0;
575
576 header0 = MEDIUM_ATOM_ID;
577 header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
578 header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
579 header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
580
581 cmd->cmd[cmd->pos++] = header0;
582 cmd->cmd[cmd->pos++] = len;
583 }
584
585 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
586 {
587 size_t len;
588 int msb;
589
590 if (!(number & ~TINY_ATOM_DATA_MASK)) {
591 add_token_u8(err, cmd, number);
592 return;
593 }
594
595 msb = fls64(number);
596 len = DIV_ROUND_UP(msb, 8);
597
598 if (!can_add(err, cmd, len + 1)) {
599 pr_debug("Error adding u64: end of buffer.\n");
600 return;
601 }
602 add_short_atom_header(cmd, false, false, len);
603 while (len--)
604 add_token_u8(err, cmd, number >> (len * 8));
605 }
606
607 static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len)
608 {
609 size_t header_len = 1;
610 bool is_short_atom = true;
611
612 if (len & ~SHORT_ATOM_LEN_MASK) {
613 header_len = 2;
614 is_short_atom = false;
615 }
616
617 if (!can_add(err, cmd, header_len + len)) {
618 pr_debug("Error adding bytestring: end of buffer.\n");
619 return NULL;
620 }
621
622 if (is_short_atom)
623 add_short_atom_header(cmd, true, false, len);
624 else
625 add_medium_atom_header(cmd, true, false, len);
626
627 return &cmd->cmd[cmd->pos];
628 }
629
630 static void add_token_bytestring(int *err, struct opal_dev *cmd,
631 const u8 *bytestring, size_t len)
632 {
633 u8 *start;
634
635 start = add_bytestring_header(err, cmd, len);
636 if (!start)
637 return;
638 memcpy(start, bytestring, len);
639 cmd->pos += len;
640 }
641
642 static int build_locking_range(u8 *buffer, size_t length, u8 lr)
643 {
644 if (length > OPAL_UID_LENGTH) {
645 pr_debug("Can't build locking range. Length OOB\n");
646 return -ERANGE;
647 }
648
649 memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
650
651 if (lr == 0)
652 return 0;
653
654 buffer[5] = LOCKING_RANGE_NON_GLOBAL;
655 buffer[7] = lr;
656
657 return 0;
658 }
659
660 static int build_locking_user(u8 *buffer, size_t length, u8 lr)
661 {
662 if (length > OPAL_UID_LENGTH) {
663 pr_debug("Can't build locking range user. Length OOB\n");
664 return -ERANGE;
665 }
666
667 memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
668
669 buffer[7] = lr + 1;
670
671 return 0;
672 }
673
674 static void set_comid(struct opal_dev *cmd, u16 comid)
675 {
676 struct opal_header *hdr = (struct opal_header *)cmd->cmd;
677
678 hdr->cp.extendedComID[0] = comid >> 8;
679 hdr->cp.extendedComID[1] = comid;
680 hdr->cp.extendedComID[2] = 0;
681 hdr->cp.extendedComID[3] = 0;
682 }
683
684 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
685 {
686 struct opal_header *hdr;
687 int err = 0;
688
689
690
691
692
693
694 add_token_u8(&err, cmd, OPAL_ENDLIST);
695
696 add_token_u8(&err, cmd, OPAL_ENDOFDATA);
697 add_token_u8(&err, cmd, OPAL_STARTLIST);
698 add_token_u8(&err, cmd, 0);
699 add_token_u8(&err, cmd, 0);
700 add_token_u8(&err, cmd, 0);
701 add_token_u8(&err, cmd, OPAL_ENDLIST);
702
703 if (err) {
704 pr_debug("Error finalizing command.\n");
705 return -EFAULT;
706 }
707
708 hdr = (struct opal_header *) cmd->cmd;
709
710 hdr->pkt.tsn = cpu_to_be32(tsn);
711 hdr->pkt.hsn = cpu_to_be32(hsn);
712
713 hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
714 while (cmd->pos % 4) {
715 if (cmd->pos >= IO_BUFFER_LENGTH) {
716 pr_debug("Error: Buffer overrun\n");
717 return -ERANGE;
718 }
719 cmd->cmd[cmd->pos++] = 0;
720 }
721 hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
722 sizeof(hdr->pkt));
723 hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
724
725 return 0;
726 }
727
728 static const struct opal_resp_tok *response_get_token(
729 const struct parsed_resp *resp,
730 int n)
731 {
732 const struct opal_resp_tok *tok;
733
734 if (!resp) {
735 pr_debug("Response is NULL\n");
736 return ERR_PTR(-EINVAL);
737 }
738
739 if (n >= resp->num) {
740 pr_debug("Token number doesn't exist: %d, resp: %d\n",
741 n, resp->num);
742 return ERR_PTR(-EINVAL);
743 }
744
745 tok = &resp->toks[n];
746 if (tok->len == 0) {
747 pr_debug("Token length must be non-zero\n");
748 return ERR_PTR(-EINVAL);
749 }
750
751 return tok;
752 }
753
754 static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
755 const u8 *pos)
756 {
757 tok->pos = pos;
758 tok->len = 1;
759 tok->width = OPAL_WIDTH_TINY;
760
761 if (pos[0] & TINY_ATOM_SIGNED) {
762 tok->type = OPAL_DTA_TOKENID_SINT;
763 } else {
764 tok->type = OPAL_DTA_TOKENID_UINT;
765 tok->stored.u = pos[0] & 0x3f;
766 }
767
768 return tok->len;
769 }
770
771 static ssize_t response_parse_short(struct opal_resp_tok *tok,
772 const u8 *pos)
773 {
774 tok->pos = pos;
775 tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
776 tok->width = OPAL_WIDTH_SHORT;
777
778 if (pos[0] & SHORT_ATOM_BYTESTRING) {
779 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
780 } else if (pos[0] & SHORT_ATOM_SIGNED) {
781 tok->type = OPAL_DTA_TOKENID_SINT;
782 } else {
783 u64 u_integer = 0;
784 ssize_t i, b = 0;
785
786 tok->type = OPAL_DTA_TOKENID_UINT;
787 if (tok->len > 9) {
788 pr_debug("uint64 with more than 8 bytes\n");
789 return -EINVAL;
790 }
791 for (i = tok->len - 1; i > 0; i--) {
792 u_integer |= ((u64)pos[i] << (8 * b));
793 b++;
794 }
795 tok->stored.u = u_integer;
796 }
797
798 return tok->len;
799 }
800
801 static ssize_t response_parse_medium(struct opal_resp_tok *tok,
802 const u8 *pos)
803 {
804 tok->pos = pos;
805 tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
806 tok->width = OPAL_WIDTH_MEDIUM;
807
808 if (pos[0] & MEDIUM_ATOM_BYTESTRING)
809 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
810 else if (pos[0] & MEDIUM_ATOM_SIGNED)
811 tok->type = OPAL_DTA_TOKENID_SINT;
812 else
813 tok->type = OPAL_DTA_TOKENID_UINT;
814
815 return tok->len;
816 }
817
818 static ssize_t response_parse_long(struct opal_resp_tok *tok,
819 const u8 *pos)
820 {
821 tok->pos = pos;
822 tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
823 tok->width = OPAL_WIDTH_LONG;
824
825 if (pos[0] & LONG_ATOM_BYTESTRING)
826 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
827 else if (pos[0] & LONG_ATOM_SIGNED)
828 tok->type = OPAL_DTA_TOKENID_SINT;
829 else
830 tok->type = OPAL_DTA_TOKENID_UINT;
831
832 return tok->len;
833 }
834
835 static ssize_t response_parse_token(struct opal_resp_tok *tok,
836 const u8 *pos)
837 {
838 tok->pos = pos;
839 tok->len = 1;
840 tok->type = OPAL_DTA_TOKENID_TOKEN;
841 tok->width = OPAL_WIDTH_TOKEN;
842
843 return tok->len;
844 }
845
846 static int response_parse(const u8 *buf, size_t length,
847 struct parsed_resp *resp)
848 {
849 const struct opal_header *hdr;
850 struct opal_resp_tok *iter;
851 int num_entries = 0;
852 int total;
853 ssize_t token_length;
854 const u8 *pos;
855 u32 clen, plen, slen;
856
857 if (!buf)
858 return -EFAULT;
859
860 if (!resp)
861 return -EFAULT;
862
863 hdr = (struct opal_header *)buf;
864 pos = buf;
865 pos += sizeof(*hdr);
866
867 clen = be32_to_cpu(hdr->cp.length);
868 plen = be32_to_cpu(hdr->pkt.length);
869 slen = be32_to_cpu(hdr->subpkt.length);
870 pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
871 clen, plen, slen);
872
873 if (clen == 0 || plen == 0 || slen == 0 ||
874 slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
875 pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
876 clen, plen, slen);
877 print_buffer(pos, sizeof(*hdr));
878 return -EINVAL;
879 }
880
881 if (pos > buf + length)
882 return -EFAULT;
883
884 iter = resp->toks;
885 total = slen;
886 print_buffer(pos, total);
887 while (total > 0) {
888 if (pos[0] <= TINY_ATOM_BYTE)
889 token_length = response_parse_tiny(iter, pos);
890 else if (pos[0] <= SHORT_ATOM_BYTE)
891 token_length = response_parse_short(iter, pos);
892 else if (pos[0] <= MEDIUM_ATOM_BYTE)
893 token_length = response_parse_medium(iter, pos);
894 else if (pos[0] <= LONG_ATOM_BYTE)
895 token_length = response_parse_long(iter, pos);
896 else
897 token_length = response_parse_token(iter, pos);
898
899 if (token_length < 0)
900 return token_length;
901
902 pos += token_length;
903 total -= token_length;
904 iter++;
905 num_entries++;
906 }
907
908 resp->num = num_entries;
909
910 return 0;
911 }
912
913 static size_t response_get_string(const struct parsed_resp *resp, int n,
914 const char **store)
915 {
916 u8 skip;
917 const struct opal_resp_tok *tok;
918
919 *store = NULL;
920 tok = response_get_token(resp, n);
921 if (IS_ERR(tok))
922 return 0;
923
924 if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) {
925 pr_debug("Token is not a byte string!\n");
926 return 0;
927 }
928
929 switch (tok->width) {
930 case OPAL_WIDTH_TINY:
931 case OPAL_WIDTH_SHORT:
932 skip = 1;
933 break;
934 case OPAL_WIDTH_MEDIUM:
935 skip = 2;
936 break;
937 case OPAL_WIDTH_LONG:
938 skip = 4;
939 break;
940 default:
941 pr_debug("Token has invalid width!\n");
942 return 0;
943 }
944
945 *store = tok->pos + skip;
946
947 return tok->len - skip;
948 }
949
950 static u64 response_get_u64(const struct parsed_resp *resp, int n)
951 {
952 const struct opal_resp_tok *tok;
953
954 tok = response_get_token(resp, n);
955 if (IS_ERR(tok))
956 return 0;
957
958 if (tok->type != OPAL_DTA_TOKENID_UINT) {
959 pr_debug("Token is not unsigned int: %d\n", tok->type);
960 return 0;
961 }
962
963 if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) {
964 pr_debug("Atom is not short or tiny: %d\n", tok->width);
965 return 0;
966 }
967
968 return tok->stored.u;
969 }
970
971 static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
972 {
973 if (IS_ERR(token) ||
974 token->type != OPAL_DTA_TOKENID_TOKEN ||
975 token->pos[0] != match)
976 return false;
977 return true;
978 }
979
980 static u8 response_status(const struct parsed_resp *resp)
981 {
982 const struct opal_resp_tok *tok;
983
984 tok = response_get_token(resp, 0);
985 if (response_token_matches(tok, OPAL_ENDOFSESSION))
986 return 0;
987
988 if (resp->num < 5)
989 return DTAERROR_NO_METHOD_STATUS;
990
991 tok = response_get_token(resp, resp->num - 5);
992 if (!response_token_matches(tok, OPAL_STARTLIST))
993 return DTAERROR_NO_METHOD_STATUS;
994
995 tok = response_get_token(resp, resp->num - 1);
996 if (!response_token_matches(tok, OPAL_ENDLIST))
997 return DTAERROR_NO_METHOD_STATUS;
998
999 return response_get_u64(resp, resp->num - 4);
1000 }
1001
1002
1003 static int parse_and_check_status(struct opal_dev *dev)
1004 {
1005 int error;
1006
1007 print_buffer(dev->cmd, dev->pos);
1008
1009 error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
1010 if (error) {
1011 pr_debug("Couldn't parse response.\n");
1012 return error;
1013 }
1014
1015 return response_status(&dev->parsed);
1016 }
1017
1018 static void clear_opal_cmd(struct opal_dev *dev)
1019 {
1020 dev->pos = sizeof(struct opal_header);
1021 memset(dev->cmd, 0, IO_BUFFER_LENGTH);
1022 }
1023
1024 static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method)
1025 {
1026 int err = 0;
1027
1028 clear_opal_cmd(dev);
1029 set_comid(dev, dev->comid);
1030
1031 add_token_u8(&err, dev, OPAL_CALL);
1032 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1033 add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH);
1034
1035
1036
1037
1038
1039
1040 add_token_u8(&err, dev, OPAL_STARTLIST);
1041
1042 return err;
1043 }
1044
1045 static int start_opal_session_cont(struct opal_dev *dev)
1046 {
1047 u32 hsn, tsn;
1048 int error = 0;
1049
1050 error = parse_and_check_status(dev);
1051 if (error)
1052 return error;
1053
1054 hsn = response_get_u64(&dev->parsed, 4);
1055 tsn = response_get_u64(&dev->parsed, 5);
1056
1057 if (hsn == 0 && tsn == 0) {
1058 pr_debug("Couldn't authenticate session\n");
1059 return -EPERM;
1060 }
1061
1062 dev->hsn = hsn;
1063 dev->tsn = tsn;
1064
1065 return 0;
1066 }
1067
1068 static void add_suspend_info(struct opal_dev *dev,
1069 struct opal_suspend_data *sus)
1070 {
1071 struct opal_suspend_data *iter;
1072
1073 list_for_each_entry(iter, &dev->unlk_lst, node) {
1074 if (iter->lr == sus->lr) {
1075 list_del(&iter->node);
1076 kfree(iter);
1077 break;
1078 }
1079 }
1080 list_add_tail(&sus->node, &dev->unlk_lst);
1081 }
1082
1083 static int end_session_cont(struct opal_dev *dev)
1084 {
1085 dev->hsn = 0;
1086 dev->tsn = 0;
1087
1088 return parse_and_check_status(dev);
1089 }
1090
1091 static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1092 {
1093 int ret;
1094
1095 ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1096 if (ret) {
1097 pr_debug("Error finalizing command buffer: %d\n", ret);
1098 return ret;
1099 }
1100
1101 print_buffer(dev->cmd, dev->pos);
1102
1103 return opal_send_recv(dev, cont);
1104 }
1105
1106
1107
1108
1109
1110 static int generic_get_column(struct opal_dev *dev, const u8 *table,
1111 u64 column)
1112 {
1113 int err;
1114
1115 err = cmd_start(dev, table, opalmethod[OPAL_GET]);
1116
1117 add_token_u8(&err, dev, OPAL_STARTLIST);
1118
1119 add_token_u8(&err, dev, OPAL_STARTNAME);
1120 add_token_u8(&err, dev, OPAL_STARTCOLUMN);
1121 add_token_u64(&err, dev, column);
1122 add_token_u8(&err, dev, OPAL_ENDNAME);
1123
1124 add_token_u8(&err, dev, OPAL_STARTNAME);
1125 add_token_u8(&err, dev, OPAL_ENDCOLUMN);
1126 add_token_u64(&err, dev, column);
1127 add_token_u8(&err, dev, OPAL_ENDNAME);
1128
1129 add_token_u8(&err, dev, OPAL_ENDLIST);
1130
1131 if (err)
1132 return err;
1133
1134 return finalize_and_send(dev, parse_and_check_status);
1135 }
1136
1137
1138
1139
1140
1141
1142 static int generic_get_table_info(struct opal_dev *dev, enum opal_uid table,
1143 u64 column)
1144 {
1145 u8 uid[OPAL_UID_LENGTH];
1146 const unsigned int half = OPAL_UID_LENGTH/2;
1147
1148
1149
1150
1151
1152
1153
1154 memcpy(uid, opaluid[OPAL_TABLE_TABLE], half);
1155 memcpy(uid+half, opaluid[table], half);
1156
1157 return generic_get_column(dev, uid, column);
1158 }
1159
1160 static int gen_key(struct opal_dev *dev, void *data)
1161 {
1162 u8 uid[OPAL_UID_LENGTH];
1163 int err;
1164
1165 memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1166 kfree(dev->prev_data);
1167 dev->prev_data = NULL;
1168
1169 err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]);
1170
1171 if (err) {
1172 pr_debug("Error building gen key command\n");
1173 return err;
1174
1175 }
1176
1177 return finalize_and_send(dev, parse_and_check_status);
1178 }
1179
1180 static int get_active_key_cont(struct opal_dev *dev)
1181 {
1182 const char *activekey;
1183 size_t keylen;
1184 int error = 0;
1185
1186 error = parse_and_check_status(dev);
1187 if (error)
1188 return error;
1189
1190 keylen = response_get_string(&dev->parsed, 4, &activekey);
1191 if (!activekey) {
1192 pr_debug("%s: Couldn't extract the Activekey from the response\n",
1193 __func__);
1194 return OPAL_INVAL_PARAM;
1195 }
1196
1197 dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1198
1199 if (!dev->prev_data)
1200 return -ENOMEM;
1201
1202 dev->prev_d_len = keylen;
1203
1204 return 0;
1205 }
1206
1207 static int get_active_key(struct opal_dev *dev, void *data)
1208 {
1209 u8 uid[OPAL_UID_LENGTH];
1210 int err;
1211 u8 *lr = data;
1212
1213 err = build_locking_range(uid, sizeof(uid), *lr);
1214 if (err)
1215 return err;
1216
1217 err = generic_get_column(dev, uid, OPAL_ACTIVEKEY);
1218 if (err)
1219 return err;
1220
1221 return get_active_key_cont(dev);
1222 }
1223
1224 static int generic_lr_enable_disable(struct opal_dev *dev,
1225 u8 *uid, bool rle, bool wle,
1226 bool rl, bool wl)
1227 {
1228 int err;
1229
1230 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1231
1232 add_token_u8(&err, dev, OPAL_STARTNAME);
1233 add_token_u8(&err, dev, OPAL_VALUES);
1234 add_token_u8(&err, dev, OPAL_STARTLIST);
1235
1236 add_token_u8(&err, dev, OPAL_STARTNAME);
1237 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1238 add_token_u8(&err, dev, rle);
1239 add_token_u8(&err, dev, OPAL_ENDNAME);
1240
1241 add_token_u8(&err, dev, OPAL_STARTNAME);
1242 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1243 add_token_u8(&err, dev, wle);
1244 add_token_u8(&err, dev, OPAL_ENDNAME);
1245
1246 add_token_u8(&err, dev, OPAL_STARTNAME);
1247 add_token_u8(&err, dev, OPAL_READLOCKED);
1248 add_token_u8(&err, dev, rl);
1249 add_token_u8(&err, dev, OPAL_ENDNAME);
1250
1251 add_token_u8(&err, dev, OPAL_STARTNAME);
1252 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1253 add_token_u8(&err, dev, wl);
1254 add_token_u8(&err, dev, OPAL_ENDNAME);
1255
1256 add_token_u8(&err, dev, OPAL_ENDLIST);
1257 add_token_u8(&err, dev, OPAL_ENDNAME);
1258
1259 return err;
1260 }
1261
1262 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1263 struct opal_user_lr_setup *setup)
1264 {
1265 int err;
1266
1267 err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1268 0, 0);
1269 if (err)
1270 pr_debug("Failed to create enable global lr command\n");
1271
1272 return err;
1273 }
1274
1275 static int setup_locking_range(struct opal_dev *dev, void *data)
1276 {
1277 u8 uid[OPAL_UID_LENGTH];
1278 struct opal_user_lr_setup *setup = data;
1279 u8 lr;
1280 int err;
1281
1282 lr = setup->session.opal_key.lr;
1283 err = build_locking_range(uid, sizeof(uid), lr);
1284 if (err)
1285 return err;
1286
1287 if (lr == 0)
1288 err = enable_global_lr(dev, uid, setup);
1289 else {
1290 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1291
1292 add_token_u8(&err, dev, OPAL_STARTNAME);
1293 add_token_u8(&err, dev, OPAL_VALUES);
1294 add_token_u8(&err, dev, OPAL_STARTLIST);
1295
1296 add_token_u8(&err, dev, OPAL_STARTNAME);
1297 add_token_u8(&err, dev, OPAL_RANGESTART);
1298 add_token_u64(&err, dev, setup->range_start);
1299 add_token_u8(&err, dev, OPAL_ENDNAME);
1300
1301 add_token_u8(&err, dev, OPAL_STARTNAME);
1302 add_token_u8(&err, dev, OPAL_RANGELENGTH);
1303 add_token_u64(&err, dev, setup->range_length);
1304 add_token_u8(&err, dev, OPAL_ENDNAME);
1305
1306 add_token_u8(&err, dev, OPAL_STARTNAME);
1307 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1308 add_token_u64(&err, dev, !!setup->RLE);
1309 add_token_u8(&err, dev, OPAL_ENDNAME);
1310
1311 add_token_u8(&err, dev, OPAL_STARTNAME);
1312 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1313 add_token_u64(&err, dev, !!setup->WLE);
1314 add_token_u8(&err, dev, OPAL_ENDNAME);
1315
1316 add_token_u8(&err, dev, OPAL_ENDLIST);
1317 add_token_u8(&err, dev, OPAL_ENDNAME);
1318 }
1319 if (err) {
1320 pr_debug("Error building Setup Locking range command.\n");
1321 return err;
1322 }
1323
1324 return finalize_and_send(dev, parse_and_check_status);
1325 }
1326
1327 static int start_generic_opal_session(struct opal_dev *dev,
1328 enum opal_uid auth,
1329 enum opal_uid sp_type,
1330 const char *key,
1331 u8 key_len)
1332 {
1333 u32 hsn;
1334 int err;
1335
1336 if (key == NULL && auth != OPAL_ANYBODY_UID)
1337 return OPAL_INVAL_PARAM;
1338
1339 hsn = GENERIC_HOST_SESSION_NUM;
1340 err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1341 opalmethod[OPAL_STARTSESSION]);
1342
1343 add_token_u64(&err, dev, hsn);
1344 add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1345 add_token_u8(&err, dev, 1);
1346
1347 switch (auth) {
1348 case OPAL_ANYBODY_UID:
1349 break;
1350 case OPAL_ADMIN1_UID:
1351 case OPAL_SID_UID:
1352 case OPAL_PSID_UID:
1353 add_token_u8(&err, dev, OPAL_STARTNAME);
1354 add_token_u8(&err, dev, 0);
1355 add_token_bytestring(&err, dev, key, key_len);
1356 add_token_u8(&err, dev, OPAL_ENDNAME);
1357 add_token_u8(&err, dev, OPAL_STARTNAME);
1358 add_token_u8(&err, dev, 3);
1359 add_token_bytestring(&err, dev, opaluid[auth],
1360 OPAL_UID_LENGTH);
1361 add_token_u8(&err, dev, OPAL_ENDNAME);
1362 break;
1363 default:
1364 pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1365 return OPAL_INVAL_PARAM;
1366 }
1367
1368 if (err) {
1369 pr_debug("Error building start adminsp session command.\n");
1370 return err;
1371 }
1372
1373 return finalize_and_send(dev, start_opal_session_cont);
1374 }
1375
1376 static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1377 {
1378 return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1379 OPAL_ADMINSP_UID, NULL, 0);
1380 }
1381
1382 static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1383 {
1384 int ret;
1385 const u8 *key = dev->prev_data;
1386
1387 if (!key) {
1388 const struct opal_key *okey = data;
1389
1390 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1391 OPAL_ADMINSP_UID,
1392 okey->key,
1393 okey->key_len);
1394 } else {
1395 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1396 OPAL_ADMINSP_UID,
1397 key, dev->prev_d_len);
1398 kfree(key);
1399 dev->prev_data = NULL;
1400 }
1401
1402 return ret;
1403 }
1404
1405 static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1406 {
1407 struct opal_key *key = data;
1408
1409 return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1410 OPAL_LOCKINGSP_UID,
1411 key->key, key->key_len);
1412 }
1413
1414 static int start_PSID_opal_session(struct opal_dev *dev, void *data)
1415 {
1416 const struct opal_key *okey = data;
1417
1418 return start_generic_opal_session(dev, OPAL_PSID_UID,
1419 OPAL_ADMINSP_UID,
1420 okey->key,
1421 okey->key_len);
1422 }
1423
1424 static int start_auth_opal_session(struct opal_dev *dev, void *data)
1425 {
1426 struct opal_session_info *session = data;
1427 u8 lk_ul_user[OPAL_UID_LENGTH];
1428 size_t keylen = session->opal_key.key_len;
1429 int err = 0;
1430
1431 u8 *key = session->opal_key.key;
1432 u32 hsn = GENERIC_HOST_SESSION_NUM;
1433
1434 if (session->sum)
1435 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1436 session->opal_key.lr);
1437 else if (session->who != OPAL_ADMIN1 && !session->sum)
1438 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1439 session->who - 1);
1440 else
1441 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1442
1443 if (err)
1444 return err;
1445
1446 err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1447 opalmethod[OPAL_STARTSESSION]);
1448
1449 add_token_u64(&err, dev, hsn);
1450 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1451 OPAL_UID_LENGTH);
1452 add_token_u8(&err, dev, 1);
1453 add_token_u8(&err, dev, OPAL_STARTNAME);
1454 add_token_u8(&err, dev, 0);
1455 add_token_bytestring(&err, dev, key, keylen);
1456 add_token_u8(&err, dev, OPAL_ENDNAME);
1457 add_token_u8(&err, dev, OPAL_STARTNAME);
1458 add_token_u8(&err, dev, 3);
1459 add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1460 add_token_u8(&err, dev, OPAL_ENDNAME);
1461
1462 if (err) {
1463 pr_debug("Error building STARTSESSION command.\n");
1464 return err;
1465 }
1466
1467 return finalize_and_send(dev, start_opal_session_cont);
1468 }
1469
1470 static int revert_tper(struct opal_dev *dev, void *data)
1471 {
1472 int err;
1473
1474 err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID],
1475 opalmethod[OPAL_REVERT]);
1476 if (err) {
1477 pr_debug("Error building REVERT TPER command.\n");
1478 return err;
1479 }
1480
1481 return finalize_and_send(dev, parse_and_check_status);
1482 }
1483
1484 static int internal_activate_user(struct opal_dev *dev, void *data)
1485 {
1486 struct opal_session_info *session = data;
1487 u8 uid[OPAL_UID_LENGTH];
1488 int err;
1489
1490 memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1491 uid[7] = session->who;
1492
1493 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1494 add_token_u8(&err, dev, OPAL_STARTNAME);
1495 add_token_u8(&err, dev, OPAL_VALUES);
1496 add_token_u8(&err, dev, OPAL_STARTLIST);
1497 add_token_u8(&err, dev, OPAL_STARTNAME);
1498 add_token_u8(&err, dev, 5);
1499 add_token_u8(&err, dev, OPAL_TRUE);
1500 add_token_u8(&err, dev, OPAL_ENDNAME);
1501 add_token_u8(&err, dev, OPAL_ENDLIST);
1502 add_token_u8(&err, dev, OPAL_ENDNAME);
1503
1504 if (err) {
1505 pr_debug("Error building Activate UserN command.\n");
1506 return err;
1507 }
1508
1509 return finalize_and_send(dev, parse_and_check_status);
1510 }
1511
1512 static int erase_locking_range(struct opal_dev *dev, void *data)
1513 {
1514 struct opal_session_info *session = data;
1515 u8 uid[OPAL_UID_LENGTH];
1516 int err;
1517
1518 if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1519 return -ERANGE;
1520
1521 err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]);
1522
1523 if (err) {
1524 pr_debug("Error building Erase Locking Range Command.\n");
1525 return err;
1526 }
1527
1528 return finalize_and_send(dev, parse_and_check_status);
1529 }
1530
1531 static int set_mbr_done(struct opal_dev *dev, void *data)
1532 {
1533 u8 *mbr_done_tf = data;
1534 int err;
1535
1536 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1537 opalmethod[OPAL_SET]);
1538
1539 add_token_u8(&err, dev, OPAL_STARTNAME);
1540 add_token_u8(&err, dev, OPAL_VALUES);
1541 add_token_u8(&err, dev, OPAL_STARTLIST);
1542 add_token_u8(&err, dev, OPAL_STARTNAME);
1543 add_token_u8(&err, dev, OPAL_MBRDONE);
1544 add_token_u8(&err, dev, *mbr_done_tf);
1545 add_token_u8(&err, dev, OPAL_ENDNAME);
1546 add_token_u8(&err, dev, OPAL_ENDLIST);
1547 add_token_u8(&err, dev, OPAL_ENDNAME);
1548
1549 if (err) {
1550 pr_debug("Error Building set MBR Done command\n");
1551 return err;
1552 }
1553
1554 return finalize_and_send(dev, parse_and_check_status);
1555 }
1556
1557 static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1558 {
1559 u8 *mbr_en_dis = data;
1560 int err;
1561
1562 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1563 opalmethod[OPAL_SET]);
1564
1565 add_token_u8(&err, dev, OPAL_STARTNAME);
1566 add_token_u8(&err, dev, OPAL_VALUES);
1567 add_token_u8(&err, dev, OPAL_STARTLIST);
1568 add_token_u8(&err, dev, OPAL_STARTNAME);
1569 add_token_u8(&err, dev, OPAL_MBRENABLE);
1570 add_token_u8(&err, dev, *mbr_en_dis);
1571 add_token_u8(&err, dev, OPAL_ENDNAME);
1572 add_token_u8(&err, dev, OPAL_ENDLIST);
1573 add_token_u8(&err, dev, OPAL_ENDNAME);
1574
1575 if (err) {
1576 pr_debug("Error Building set MBR done command\n");
1577 return err;
1578 }
1579
1580 return finalize_and_send(dev, parse_and_check_status);
1581 }
1582
1583 static int write_shadow_mbr(struct opal_dev *dev, void *data)
1584 {
1585 struct opal_shadow_mbr *shadow = data;
1586 const u8 __user *src;
1587 u8 *dst;
1588 size_t off = 0;
1589 u64 len;
1590 int err = 0;
1591
1592
1593 err = generic_get_table_info(dev, OPAL_MBR, OPAL_TABLE_ROWS);
1594 if (err) {
1595 pr_debug("MBR: could not get shadow size\n");
1596 return err;
1597 }
1598
1599 len = response_get_u64(&dev->parsed, 4);
1600 if (shadow->size > len || shadow->offset > len - shadow->size) {
1601 pr_debug("MBR: does not fit in shadow (%llu vs. %llu)\n",
1602 shadow->offset + shadow->size, len);
1603 return -ENOSPC;
1604 }
1605
1606
1607 src = (u8 __user *)(uintptr_t)shadow->data;
1608 while (off < shadow->size) {
1609 err = cmd_start(dev, opaluid[OPAL_MBR], opalmethod[OPAL_SET]);
1610 add_token_u8(&err, dev, OPAL_STARTNAME);
1611 add_token_u8(&err, dev, OPAL_WHERE);
1612 add_token_u64(&err, dev, shadow->offset + off);
1613 add_token_u8(&err, dev, OPAL_ENDNAME);
1614
1615 add_token_u8(&err, dev, OPAL_STARTNAME);
1616 add_token_u8(&err, dev, OPAL_VALUES);
1617
1618
1619
1620
1621
1622
1623
1624 len = min(remaining_size(dev) - (2+1+CMD_FINALIZE_BYTES_NEEDED),
1625 (size_t)(shadow->size - off));
1626 pr_debug("MBR: write bytes %zu+%llu/%llu\n",
1627 off, len, shadow->size);
1628
1629 dst = add_bytestring_header(&err, dev, len);
1630 if (!dst)
1631 break;
1632 if (copy_from_user(dst, src + off, len))
1633 err = -EFAULT;
1634 dev->pos += len;
1635
1636 add_token_u8(&err, dev, OPAL_ENDNAME);
1637 if (err)
1638 break;
1639
1640 err = finalize_and_send(dev, parse_and_check_status);
1641 if (err)
1642 break;
1643
1644 off += len;
1645 }
1646
1647 return err;
1648 }
1649
1650 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1651 struct opal_dev *dev)
1652 {
1653 int err;
1654
1655 err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]);
1656
1657 add_token_u8(&err, dev, OPAL_STARTNAME);
1658 add_token_u8(&err, dev, OPAL_VALUES);
1659 add_token_u8(&err, dev, OPAL_STARTLIST);
1660 add_token_u8(&err, dev, OPAL_STARTNAME);
1661 add_token_u8(&err, dev, OPAL_PIN);
1662 add_token_bytestring(&err, dev, key, key_len);
1663 add_token_u8(&err, dev, OPAL_ENDNAME);
1664 add_token_u8(&err, dev, OPAL_ENDLIST);
1665 add_token_u8(&err, dev, OPAL_ENDNAME);
1666
1667 return err;
1668 }
1669
1670 static int set_new_pw(struct opal_dev *dev, void *data)
1671 {
1672 u8 cpin_uid[OPAL_UID_LENGTH];
1673 struct opal_session_info *usr = data;
1674
1675 memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1676
1677 if (usr->who != OPAL_ADMIN1) {
1678 cpin_uid[5] = 0x03;
1679 if (usr->sum)
1680 cpin_uid[7] = usr->opal_key.lr + 1;
1681 else
1682 cpin_uid[7] = usr->who;
1683 }
1684
1685 if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
1686 cpin_uid, dev)) {
1687 pr_debug("Error building set password command.\n");
1688 return -ERANGE;
1689 }
1690
1691 return finalize_and_send(dev, parse_and_check_status);
1692 }
1693
1694 static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
1695 {
1696 u8 cpin_uid[OPAL_UID_LENGTH];
1697 struct opal_key *key = data;
1698
1699 memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
1700
1701 if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
1702 pr_debug("Error building Set SID cpin\n");
1703 return -ERANGE;
1704 }
1705 return finalize_and_send(dev, parse_and_check_status);
1706 }
1707
1708 static int add_user_to_lr(struct opal_dev *dev, void *data)
1709 {
1710 u8 lr_buffer[OPAL_UID_LENGTH];
1711 u8 user_uid[OPAL_UID_LENGTH];
1712 struct opal_lock_unlock *lkul = data;
1713 int err;
1714
1715 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_RDLOCKED],
1716 OPAL_UID_LENGTH);
1717
1718 if (lkul->l_state == OPAL_RW)
1719 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_WRLOCKED],
1720 OPAL_UID_LENGTH);
1721
1722 lr_buffer[7] = lkul->session.opal_key.lr;
1723
1724 memcpy(user_uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1725
1726 user_uid[7] = lkul->session.who;
1727
1728 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1729
1730 add_token_u8(&err, dev, OPAL_STARTNAME);
1731 add_token_u8(&err, dev, OPAL_VALUES);
1732
1733 add_token_u8(&err, dev, OPAL_STARTLIST);
1734 add_token_u8(&err, dev, OPAL_STARTNAME);
1735 add_token_u8(&err, dev, 3);
1736
1737 add_token_u8(&err, dev, OPAL_STARTLIST);
1738
1739
1740 add_token_u8(&err, dev, OPAL_STARTNAME);
1741 add_token_bytestring(&err, dev,
1742 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1743 OPAL_UID_LENGTH/2);
1744 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1745 add_token_u8(&err, dev, OPAL_ENDNAME);
1746
1747
1748 add_token_u8(&err, dev, OPAL_STARTNAME);
1749 add_token_bytestring(&err, dev,
1750 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1751 OPAL_UID_LENGTH/2);
1752 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1753 add_token_u8(&err, dev, OPAL_ENDNAME);
1754
1755
1756 add_token_u8(&err, dev, OPAL_STARTNAME);
1757 add_token_bytestring(&err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
1758 OPAL_UID_LENGTH/2);
1759 add_token_u8(&err, dev, 1);
1760 add_token_u8(&err, dev, OPAL_ENDNAME);
1761
1762
1763 add_token_u8(&err, dev, OPAL_ENDLIST);
1764 add_token_u8(&err, dev, OPAL_ENDNAME);
1765 add_token_u8(&err, dev, OPAL_ENDLIST);
1766 add_token_u8(&err, dev, OPAL_ENDNAME);
1767
1768 if (err) {
1769 pr_debug("Error building add user to locking range command.\n");
1770 return err;
1771 }
1772
1773 return finalize_and_send(dev, parse_and_check_status);
1774 }
1775
1776 static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
1777 {
1778 u8 lr_buffer[OPAL_UID_LENGTH];
1779 struct opal_lock_unlock *lkul = data;
1780 u8 read_locked = 1, write_locked = 1;
1781 int err = 0;
1782
1783 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1784 lkul->session.opal_key.lr) < 0)
1785 return -ERANGE;
1786
1787 switch (lkul->l_state) {
1788 case OPAL_RO:
1789 read_locked = 0;
1790 write_locked = 1;
1791 break;
1792 case OPAL_RW:
1793 read_locked = 0;
1794 write_locked = 0;
1795 break;
1796 case OPAL_LK:
1797
1798 break;
1799 default:
1800 pr_debug("Tried to set an invalid locking state... returning to uland\n");
1801 return OPAL_INVAL_PARAM;
1802 }
1803
1804 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1805
1806 add_token_u8(&err, dev, OPAL_STARTNAME);
1807 add_token_u8(&err, dev, OPAL_VALUES);
1808 add_token_u8(&err, dev, OPAL_STARTLIST);
1809
1810 add_token_u8(&err, dev, OPAL_STARTNAME);
1811 add_token_u8(&err, dev, OPAL_READLOCKED);
1812 add_token_u8(&err, dev, read_locked);
1813 add_token_u8(&err, dev, OPAL_ENDNAME);
1814
1815 add_token_u8(&err, dev, OPAL_STARTNAME);
1816 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1817 add_token_u8(&err, dev, write_locked);
1818 add_token_u8(&err, dev, OPAL_ENDNAME);
1819
1820 add_token_u8(&err, dev, OPAL_ENDLIST);
1821 add_token_u8(&err, dev, OPAL_ENDNAME);
1822
1823 if (err) {
1824 pr_debug("Error building SET command.\n");
1825 return err;
1826 }
1827
1828 return finalize_and_send(dev, parse_and_check_status);
1829 }
1830
1831
1832 static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
1833 {
1834 u8 lr_buffer[OPAL_UID_LENGTH];
1835 u8 read_locked = 1, write_locked = 1;
1836 struct opal_lock_unlock *lkul = data;
1837 int ret;
1838
1839 clear_opal_cmd(dev);
1840 set_comid(dev, dev->comid);
1841
1842 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1843 lkul->session.opal_key.lr) < 0)
1844 return -ERANGE;
1845
1846 switch (lkul->l_state) {
1847 case OPAL_RO:
1848 read_locked = 0;
1849 write_locked = 1;
1850 break;
1851 case OPAL_RW:
1852 read_locked = 0;
1853 write_locked = 0;
1854 break;
1855 case OPAL_LK:
1856
1857 break;
1858 default:
1859 pr_debug("Tried to set an invalid locking state.\n");
1860 return OPAL_INVAL_PARAM;
1861 }
1862 ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
1863 read_locked, write_locked);
1864
1865 if (ret < 0) {
1866 pr_debug("Error building SET command.\n");
1867 return ret;
1868 }
1869
1870 return finalize_and_send(dev, parse_and_check_status);
1871 }
1872
1873 static int activate_lsp(struct opal_dev *dev, void *data)
1874 {
1875 struct opal_lr_act *opal_act = data;
1876 u8 user_lr[OPAL_UID_LENGTH];
1877 u8 uint_3 = 0x83;
1878 int err, i;
1879
1880 err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID],
1881 opalmethod[OPAL_ACTIVATE]);
1882
1883 if (opal_act->sum) {
1884 err = build_locking_range(user_lr, sizeof(user_lr),
1885 opal_act->lr[0]);
1886 if (err)
1887 return err;
1888
1889 add_token_u8(&err, dev, OPAL_STARTNAME);
1890 add_token_u8(&err, dev, uint_3);
1891 add_token_u8(&err, dev, 6);
1892 add_token_u8(&err, dev, 0);
1893 add_token_u8(&err, dev, 0);
1894
1895 add_token_u8(&err, dev, OPAL_STARTLIST);
1896 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1897 for (i = 1; i < opal_act->num_lrs; i++) {
1898 user_lr[7] = opal_act->lr[i];
1899 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1900 }
1901 add_token_u8(&err, dev, OPAL_ENDLIST);
1902 add_token_u8(&err, dev, OPAL_ENDNAME);
1903 }
1904
1905 if (err) {
1906 pr_debug("Error building Activate LockingSP command.\n");
1907 return err;
1908 }
1909
1910 return finalize_and_send(dev, parse_and_check_status);
1911 }
1912
1913
1914 static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
1915 {
1916 u8 lc_status;
1917 int err;
1918
1919 err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID],
1920 OPAL_LIFECYCLE);
1921 if (err)
1922 return err;
1923
1924 lc_status = response_get_u64(&dev->parsed, 4);
1925
1926
1927 if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
1928 pr_debug("Couldn't determine the status of the Lifecycle state\n");
1929 return -ENODEV;
1930 }
1931
1932 return 0;
1933 }
1934
1935 static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
1936 {
1937 const char *msid_pin;
1938 size_t strlen;
1939 int err;
1940
1941 err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN);
1942 if (err)
1943 return err;
1944
1945 strlen = response_get_string(&dev->parsed, 4, &msid_pin);
1946 if (!msid_pin) {
1947 pr_debug("Couldn't extract MSID_CPIN from response\n");
1948 return OPAL_INVAL_PARAM;
1949 }
1950
1951 dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
1952 if (!dev->prev_data)
1953 return -ENOMEM;
1954
1955 dev->prev_d_len = strlen;
1956
1957 return 0;
1958 }
1959
1960 static int end_opal_session(struct opal_dev *dev, void *data)
1961 {
1962 int err = 0;
1963
1964 clear_opal_cmd(dev);
1965 set_comid(dev, dev->comid);
1966 add_token_u8(&err, dev, OPAL_ENDOFSESSION);
1967
1968 if (err < 0)
1969 return err;
1970
1971 return finalize_and_send(dev, end_session_cont);
1972 }
1973
1974 static int end_opal_session_error(struct opal_dev *dev)
1975 {
1976 const struct opal_step error_end_session = {
1977 end_opal_session,
1978 };
1979
1980 return execute_step(dev, &error_end_session, 0);
1981 }
1982
1983 static inline void setup_opal_dev(struct opal_dev *dev)
1984 {
1985 dev->tsn = 0;
1986 dev->hsn = 0;
1987 dev->prev_data = NULL;
1988 }
1989
1990 static int check_opal_support(struct opal_dev *dev)
1991 {
1992 int ret;
1993
1994 mutex_lock(&dev->dev_lock);
1995 setup_opal_dev(dev);
1996 ret = opal_discovery0_step(dev);
1997 dev->supported = !ret;
1998 mutex_unlock(&dev->dev_lock);
1999
2000 return ret;
2001 }
2002
2003 static void clean_opal_dev(struct opal_dev *dev)
2004 {
2005
2006 struct opal_suspend_data *suspend, *next;
2007
2008 mutex_lock(&dev->dev_lock);
2009 list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
2010 list_del(&suspend->node);
2011 kfree(suspend);
2012 }
2013 mutex_unlock(&dev->dev_lock);
2014 }
2015
2016 void free_opal_dev(struct opal_dev *dev)
2017 {
2018 if (!dev)
2019 return;
2020
2021 clean_opal_dev(dev);
2022 kfree(dev);
2023 }
2024 EXPORT_SYMBOL(free_opal_dev);
2025
2026 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2027 {
2028 struct opal_dev *dev;
2029
2030 dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2031 if (!dev)
2032 return NULL;
2033
2034 INIT_LIST_HEAD(&dev->unlk_lst);
2035 mutex_init(&dev->dev_lock);
2036 dev->data = data;
2037 dev->send_recv = send_recv;
2038 if (check_opal_support(dev) != 0) {
2039 pr_debug("Opal is not supported on this device\n");
2040 kfree(dev);
2041 return NULL;
2042 }
2043
2044 return dev;
2045 }
2046 EXPORT_SYMBOL(init_opal_dev);
2047
2048 static int opal_secure_erase_locking_range(struct opal_dev *dev,
2049 struct opal_session_info *opal_session)
2050 {
2051 const struct opal_step erase_steps[] = {
2052 { start_auth_opal_session, opal_session },
2053 { get_active_key, &opal_session->opal_key.lr },
2054 { gen_key, },
2055 { end_opal_session, }
2056 };
2057 int ret;
2058
2059 mutex_lock(&dev->dev_lock);
2060 setup_opal_dev(dev);
2061 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2062 mutex_unlock(&dev->dev_lock);
2063
2064 return ret;
2065 }
2066
2067 static int opal_erase_locking_range(struct opal_dev *dev,
2068 struct opal_session_info *opal_session)
2069 {
2070 const struct opal_step erase_steps[] = {
2071 { start_auth_opal_session, opal_session },
2072 { erase_locking_range, opal_session },
2073 { end_opal_session, }
2074 };
2075 int ret;
2076
2077 mutex_lock(&dev->dev_lock);
2078 setup_opal_dev(dev);
2079 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2080 mutex_unlock(&dev->dev_lock);
2081
2082 return ret;
2083 }
2084
2085 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2086 struct opal_mbr_data *opal_mbr)
2087 {
2088 u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ?
2089 OPAL_TRUE : OPAL_FALSE;
2090
2091 const struct opal_step mbr_steps[] = {
2092 { start_admin1LSP_opal_session, &opal_mbr->key },
2093 { set_mbr_done, &enable_disable },
2094 { end_opal_session, },
2095 { start_admin1LSP_opal_session, &opal_mbr->key },
2096 { set_mbr_enable_disable, &enable_disable },
2097 { end_opal_session, }
2098 };
2099 int ret;
2100
2101 if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2102 opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2103 return -EINVAL;
2104
2105 mutex_lock(&dev->dev_lock);
2106 setup_opal_dev(dev);
2107 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2108 mutex_unlock(&dev->dev_lock);
2109
2110 return ret;
2111 }
2112
2113 static int opal_set_mbr_done(struct opal_dev *dev,
2114 struct opal_mbr_done *mbr_done)
2115 {
2116 u8 mbr_done_tf = mbr_done->done_flag == OPAL_MBR_DONE ?
2117 OPAL_TRUE : OPAL_FALSE;
2118
2119 const struct opal_step mbr_steps[] = {
2120 { start_admin1LSP_opal_session, &mbr_done->key },
2121 { set_mbr_done, &mbr_done_tf },
2122 { end_opal_session, }
2123 };
2124 int ret;
2125
2126 if (mbr_done->done_flag != OPAL_MBR_DONE &&
2127 mbr_done->done_flag != OPAL_MBR_NOT_DONE)
2128 return -EINVAL;
2129
2130 mutex_lock(&dev->dev_lock);
2131 setup_opal_dev(dev);
2132 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2133 mutex_unlock(&dev->dev_lock);
2134
2135 return ret;
2136 }
2137
2138 static int opal_write_shadow_mbr(struct opal_dev *dev,
2139 struct opal_shadow_mbr *info)
2140 {
2141 const struct opal_step mbr_steps[] = {
2142 { start_admin1LSP_opal_session, &info->key },
2143 { write_shadow_mbr, info },
2144 { end_opal_session, }
2145 };
2146 int ret;
2147
2148 if (info->size == 0)
2149 return 0;
2150
2151 mutex_lock(&dev->dev_lock);
2152 setup_opal_dev(dev);
2153 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2154 mutex_unlock(&dev->dev_lock);
2155
2156 return ret;
2157 }
2158
2159 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2160 {
2161 struct opal_suspend_data *suspend;
2162
2163 suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2164 if (!suspend)
2165 return -ENOMEM;
2166
2167 suspend->unlk = *lk_unlk;
2168 suspend->lr = lk_unlk->session.opal_key.lr;
2169
2170 mutex_lock(&dev->dev_lock);
2171 setup_opal_dev(dev);
2172 add_suspend_info(dev, suspend);
2173 mutex_unlock(&dev->dev_lock);
2174
2175 return 0;
2176 }
2177
2178 static int opal_add_user_to_lr(struct opal_dev *dev,
2179 struct opal_lock_unlock *lk_unlk)
2180 {
2181 const struct opal_step steps[] = {
2182 { start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2183 { add_user_to_lr, lk_unlk },
2184 { end_opal_session, }
2185 };
2186 int ret;
2187
2188 if (lk_unlk->l_state != OPAL_RO &&
2189 lk_unlk->l_state != OPAL_RW) {
2190 pr_debug("Locking state was not RO or RW\n");
2191 return -EINVAL;
2192 }
2193
2194 if (lk_unlk->session.who < OPAL_USER1 ||
2195 lk_unlk->session.who > OPAL_USER9) {
2196 pr_debug("Authority was not within the range of users: %d\n",
2197 lk_unlk->session.who);
2198 return -EINVAL;
2199 }
2200
2201 if (lk_unlk->session.sum) {
2202 pr_debug("%s not supported in sum. Use setup locking range\n",
2203 __func__);
2204 return -EINVAL;
2205 }
2206
2207 mutex_lock(&dev->dev_lock);
2208 setup_opal_dev(dev);
2209 ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2210 mutex_unlock(&dev->dev_lock);
2211
2212 return ret;
2213 }
2214
2215 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psid)
2216 {
2217
2218 const struct opal_step revert_steps[] = {
2219 { start_SIDASP_opal_session, opal },
2220 { revert_tper, }
2221 };
2222 const struct opal_step psid_revert_steps[] = {
2223 { start_PSID_opal_session, opal },
2224 { revert_tper, }
2225 };
2226
2227 int ret;
2228
2229 mutex_lock(&dev->dev_lock);
2230 setup_opal_dev(dev);
2231 if (psid)
2232 ret = execute_steps(dev, psid_revert_steps,
2233 ARRAY_SIZE(psid_revert_steps));
2234 else
2235 ret = execute_steps(dev, revert_steps,
2236 ARRAY_SIZE(revert_steps));
2237 mutex_unlock(&dev->dev_lock);
2238
2239
2240
2241
2242
2243 if (!ret)
2244 clean_opal_dev(dev);
2245
2246 return ret;
2247 }
2248
2249 static int __opal_lock_unlock(struct opal_dev *dev,
2250 struct opal_lock_unlock *lk_unlk)
2251 {
2252 const struct opal_step unlock_steps[] = {
2253 { start_auth_opal_session, &lk_unlk->session },
2254 { lock_unlock_locking_range, lk_unlk },
2255 { end_opal_session, }
2256 };
2257 const struct opal_step unlock_sum_steps[] = {
2258 { start_auth_opal_session, &lk_unlk->session },
2259 { lock_unlock_locking_range_sum, lk_unlk },
2260 { end_opal_session, }
2261 };
2262
2263 if (lk_unlk->session.sum)
2264 return execute_steps(dev, unlock_sum_steps,
2265 ARRAY_SIZE(unlock_sum_steps));
2266 else
2267 return execute_steps(dev, unlock_steps,
2268 ARRAY_SIZE(unlock_steps));
2269 }
2270
2271 static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2272 {
2273 u8 mbr_done_tf = OPAL_TRUE;
2274 const struct opal_step mbrdone_step[] = {
2275 { start_admin1LSP_opal_session, key },
2276 { set_mbr_done, &mbr_done_tf },
2277 { end_opal_session, }
2278 };
2279
2280 return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step));
2281 }
2282
2283 static int opal_lock_unlock(struct opal_dev *dev,
2284 struct opal_lock_unlock *lk_unlk)
2285 {
2286 int ret;
2287
2288 if (lk_unlk->session.who > OPAL_USER9)
2289 return -EINVAL;
2290
2291 mutex_lock(&dev->dev_lock);
2292 ret = __opal_lock_unlock(dev, lk_unlk);
2293 mutex_unlock(&dev->dev_lock);
2294
2295 return ret;
2296 }
2297
2298 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2299 {
2300 const struct opal_step owner_steps[] = {
2301 { start_anybodyASP_opal_session, },
2302 { get_msid_cpin_pin, },
2303 { end_opal_session, },
2304 { start_SIDASP_opal_session, opal },
2305 { set_sid_cpin_pin, opal },
2306 { end_opal_session, }
2307 };
2308 int ret;
2309
2310 if (!dev)
2311 return -ENODEV;
2312
2313 mutex_lock(&dev->dev_lock);
2314 setup_opal_dev(dev);
2315 ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
2316 mutex_unlock(&dev->dev_lock);
2317
2318 return ret;
2319 }
2320
2321 static int opal_activate_lsp(struct opal_dev *dev,
2322 struct opal_lr_act *opal_lr_act)
2323 {
2324 const struct opal_step active_steps[] = {
2325 { start_SIDASP_opal_session, &opal_lr_act->key },
2326 { get_lsp_lifecycle, },
2327 { activate_lsp, opal_lr_act },
2328 { end_opal_session, }
2329 };
2330 int ret;
2331
2332 if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2333 return -EINVAL;
2334
2335 mutex_lock(&dev->dev_lock);
2336 setup_opal_dev(dev);
2337 ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
2338 mutex_unlock(&dev->dev_lock);
2339
2340 return ret;
2341 }
2342
2343 static int opal_setup_locking_range(struct opal_dev *dev,
2344 struct opal_user_lr_setup *opal_lrs)
2345 {
2346 const struct opal_step lr_steps[] = {
2347 { start_auth_opal_session, &opal_lrs->session },
2348 { setup_locking_range, opal_lrs },
2349 { end_opal_session, }
2350 };
2351 int ret;
2352
2353 mutex_lock(&dev->dev_lock);
2354 setup_opal_dev(dev);
2355 ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2356 mutex_unlock(&dev->dev_lock);
2357
2358 return ret;
2359 }
2360
2361 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
2362 {
2363 const struct opal_step pw_steps[] = {
2364 { start_auth_opal_session, &opal_pw->session },
2365 { set_new_pw, &opal_pw->new_user_pw },
2366 { end_opal_session, }
2367 };
2368 int ret;
2369
2370 if (opal_pw->session.who > OPAL_USER9 ||
2371 opal_pw->new_user_pw.who > OPAL_USER9)
2372 return -EINVAL;
2373
2374 mutex_lock(&dev->dev_lock);
2375 setup_opal_dev(dev);
2376 ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
2377 mutex_unlock(&dev->dev_lock);
2378
2379 return ret;
2380 }
2381
2382 static int opal_activate_user(struct opal_dev *dev,
2383 struct opal_session_info *opal_session)
2384 {
2385 const struct opal_step act_steps[] = {
2386 { start_admin1LSP_opal_session, &opal_session->opal_key },
2387 { internal_activate_user, opal_session },
2388 { end_opal_session, }
2389 };
2390 int ret;
2391
2392
2393 if (opal_session->who < OPAL_USER1 ||
2394 opal_session->who > OPAL_USER9) {
2395 pr_debug("Who was not a valid user: %d\n", opal_session->who);
2396 return -EINVAL;
2397 }
2398
2399 mutex_lock(&dev->dev_lock);
2400 setup_opal_dev(dev);
2401 ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
2402 mutex_unlock(&dev->dev_lock);
2403
2404 return ret;
2405 }
2406
2407 bool opal_unlock_from_suspend(struct opal_dev *dev)
2408 {
2409 struct opal_suspend_data *suspend;
2410 bool was_failure = false;
2411 int ret = 0;
2412
2413 if (!dev)
2414 return false;
2415
2416 if (!dev->supported)
2417 return false;
2418
2419 mutex_lock(&dev->dev_lock);
2420 setup_opal_dev(dev);
2421
2422 list_for_each_entry(suspend, &dev->unlk_lst, node) {
2423 dev->tsn = 0;
2424 dev->hsn = 0;
2425
2426 ret = __opal_lock_unlock(dev, &suspend->unlk);
2427 if (ret) {
2428 pr_debug("Failed to unlock LR %hhu with sum %d\n",
2429 suspend->unlk.session.opal_key.lr,
2430 suspend->unlk.session.sum);
2431 was_failure = true;
2432 }
2433
2434 if (dev->mbr_enabled) {
2435 ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
2436 if (ret)
2437 pr_debug("Failed to set MBR Done in S3 resume\n");
2438 }
2439 }
2440 mutex_unlock(&dev->dev_lock);
2441
2442 return was_failure;
2443 }
2444 EXPORT_SYMBOL(opal_unlock_from_suspend);
2445
2446 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
2447 {
2448 void *p;
2449 int ret = -ENOTTY;
2450
2451 if (!capable(CAP_SYS_ADMIN))
2452 return -EACCES;
2453 if (!dev)
2454 return -ENOTSUPP;
2455 if (!dev->supported)
2456 return -ENOTSUPP;
2457
2458 p = memdup_user(arg, _IOC_SIZE(cmd));
2459 if (IS_ERR(p))
2460 return PTR_ERR(p);
2461
2462 switch (cmd) {
2463 case IOC_OPAL_SAVE:
2464 ret = opal_save(dev, p);
2465 break;
2466 case IOC_OPAL_LOCK_UNLOCK:
2467 ret = opal_lock_unlock(dev, p);
2468 break;
2469 case IOC_OPAL_TAKE_OWNERSHIP:
2470 ret = opal_take_ownership(dev, p);
2471 break;
2472 case IOC_OPAL_ACTIVATE_LSP:
2473 ret = opal_activate_lsp(dev, p);
2474 break;
2475 case IOC_OPAL_SET_PW:
2476 ret = opal_set_new_pw(dev, p);
2477 break;
2478 case IOC_OPAL_ACTIVATE_USR:
2479 ret = opal_activate_user(dev, p);
2480 break;
2481 case IOC_OPAL_REVERT_TPR:
2482 ret = opal_reverttper(dev, p, false);
2483 break;
2484 case IOC_OPAL_LR_SETUP:
2485 ret = opal_setup_locking_range(dev, p);
2486 break;
2487 case IOC_OPAL_ADD_USR_TO_LR:
2488 ret = opal_add_user_to_lr(dev, p);
2489 break;
2490 case IOC_OPAL_ENABLE_DISABLE_MBR:
2491 ret = opal_enable_disable_shadow_mbr(dev, p);
2492 break;
2493 case IOC_OPAL_MBR_DONE:
2494 ret = opal_set_mbr_done(dev, p);
2495 break;
2496 case IOC_OPAL_WRITE_SHADOW_MBR:
2497 ret = opal_write_shadow_mbr(dev, p);
2498 break;
2499 case IOC_OPAL_ERASE_LR:
2500 ret = opal_erase_locking_range(dev, p);
2501 break;
2502 case IOC_OPAL_SECURE_ERASE_LR:
2503 ret = opal_secure_erase_locking_range(dev, p);
2504 break;
2505 case IOC_OPAL_PSID_REVERT_TPR:
2506 ret = opal_reverttper(dev, p, true);
2507 break;
2508 default:
2509 break;
2510 }
2511
2512 kfree(p);
2513 return ret;
2514 }
2515 EXPORT_SYMBOL_GPL(sed_ioctl);