1
2
3
4
5
6
7
8
9
10#define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
11
12#include <linux/delay.h>
13#include <linux/device.h>
14#include <linux/kernel.h>
15#include <linux/list.h>
16#include <linux/genhd.h>
17#include <linux/slab.h>
18#include <linux/uaccess.h>
19#include <uapi/linux/sed-opal.h>
20#include <linux/sed-opal.h>
21#include <linux/string.h>
22#include <linux/kdev_t.h>
23
24#include "opal_proto.h"
25
26#define IO_BUFFER_LENGTH 2048
27#define MAX_TOKS 64
28
29struct opal_step {
30 int (*fn)(struct opal_dev *dev, void *data);
31 void *data;
32};
33typedef int (cont_fn)(struct opal_dev *dev);
34
35enum opal_atom_width {
36 OPAL_WIDTH_TINY,
37 OPAL_WIDTH_SHORT,
38 OPAL_WIDTH_MEDIUM,
39 OPAL_WIDTH_LONG,
40 OPAL_WIDTH_TOKEN
41};
42
43
44
45
46
47
48
49struct opal_resp_tok {
50 const u8 *pos;
51 size_t len;
52 enum opal_response_token type;
53 enum opal_atom_width width;
54 union {
55 u64 u;
56 s64 s;
57 } stored;
58};
59
60
61
62
63
64
65
66
67
68struct parsed_resp {
69 int num;
70 struct opal_resp_tok toks[MAX_TOKS];
71};
72
73struct opal_dev {
74 bool supported;
75 bool mbr_enabled;
76
77 void *data;
78 sec_send_recv *send_recv;
79
80 struct mutex dev_lock;
81 u16 comid;
82 u32 hsn;
83 u32 tsn;
84 u64 align;
85 u64 lowest_lba;
86
87 size_t pos;
88 u8 cmd[IO_BUFFER_LENGTH];
89 u8 resp[IO_BUFFER_LENGTH];
90
91 struct parsed_resp parsed;
92 size_t prev_d_len;
93 void *prev_data;
94
95 struct list_head unlk_lst;
96};
97
98
99static const u8 opaluid[][OPAL_UID_LENGTH] = {
100
101 [OPAL_SMUID_UID] =
102 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
103 [OPAL_THISSP_UID] =
104 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
105 [OPAL_ADMINSP_UID] =
106 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
107 [OPAL_LOCKINGSP_UID] =
108 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
109 [OPAL_ENTERPRISE_LOCKINGSP_UID] =
110 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
111 [OPAL_ANYBODY_UID] =
112 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
113 [OPAL_SID_UID] =
114 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
115 [OPAL_ADMIN1_UID] =
116 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
117 [OPAL_USER1_UID] =
118 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
119 [OPAL_USER2_UID] =
120 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
121 [OPAL_PSID_UID] =
122 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
123 [OPAL_ENTERPRISE_BANDMASTER0_UID] =
124 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
125 [OPAL_ENTERPRISE_ERASEMASTER_UID] =
126 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
127
128
129
130 [OPAL_LOCKINGRANGE_GLOBAL] =
131 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
132 [OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
133 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
134 [OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
135 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
136 [OPAL_MBRCONTROL] =
137 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
138 [OPAL_MBR] =
139 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
140 [OPAL_AUTHORITY_TABLE] =
141 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
142 [OPAL_C_PIN_TABLE] =
143 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
144 [OPAL_LOCKING_INFO_TABLE] =
145 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
146 [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
147 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
148
149
150
151 [OPAL_C_PIN_MSID] =
152 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
153 [OPAL_C_PIN_SID] =
154 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
155 [OPAL_C_PIN_ADMIN1] =
156 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
157
158
159
160 [OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
161 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
162 [OPAL_HALF_UID_BOOLEAN_ACE] =
163 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
164
165
166 [OPAL_UID_HEXFF] =
167 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
168};
169
170
171
172
173
174
175static const u8 opalmethod[][OPAL_METHOD_LENGTH] = {
176 [OPAL_PROPERTIES] =
177 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
178 [OPAL_STARTSESSION] =
179 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
180 [OPAL_REVERT] =
181 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
182 [OPAL_ACTIVATE] =
183 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
184 [OPAL_EGET] =
185 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
186 [OPAL_ESET] =
187 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
188 [OPAL_NEXT] =
189 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
190 [OPAL_EAUTHENTICATE] =
191 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
192 [OPAL_GETACL] =
193 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
194 [OPAL_GENKEY] =
195 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
196 [OPAL_REVERTSP] =
197 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
198 [OPAL_GET] =
199 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
200 [OPAL_SET] =
201 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
202 [OPAL_AUTHENTICATE] =
203 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
204 [OPAL_RANDOM] =
205 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
206 [OPAL_ERASE] =
207 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
208};
209
210static int end_opal_session_error(struct opal_dev *dev);
211static int opal_discovery0_step(struct opal_dev *dev);
212
213struct opal_suspend_data {
214 struct opal_lock_unlock unlk;
215 u8 lr;
216 struct list_head node;
217};
218
219
220
221
222
223
224static const char * const opal_errors[] = {
225 "Success",
226 "Not Authorized",
227 "Unknown Error",
228 "SP Busy",
229 "SP Failed",
230 "SP Disabled",
231 "SP Frozen",
232 "No Sessions Available",
233 "Uniqueness Conflict",
234 "Insufficient Space",
235 "Insufficient Rows",
236 "Invalid Function",
237 "Invalid Parameter",
238 "Invalid Reference",
239 "Unknown Error",
240 "TPER Malfunction",
241 "Transaction Failure",
242 "Response Overflow",
243 "Authority Locked Out",
244};
245
246static const char *opal_error_to_human(int error)
247{
248 if (error == 0x3f)
249 return "Failed";
250
251 if (error >= ARRAY_SIZE(opal_errors) || error < 0)
252 return "Unknown Error";
253
254 return opal_errors[error];
255}
256
257static void print_buffer(const u8 *ptr, u32 length)
258{
259#ifdef DEBUG
260 print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
261 pr_debug("\n");
262#endif
263}
264
265static bool check_tper(const void *data)
266{
267 const struct d0_tper_features *tper = data;
268 u8 flags = tper->supported_features;
269
270 if (!(flags & TPER_SYNC_SUPPORTED)) {
271 pr_debug("TPer sync not supported. flags = %d\n",
272 tper->supported_features);
273 return false;
274 }
275
276 return true;
277}
278
279static bool check_mbrenabled(const void *data)
280{
281 const struct d0_locking_features *lfeat = data;
282 u8 sup_feat = lfeat->supported_features;
283
284 return !!(sup_feat & MBR_ENABLED_MASK);
285}
286
287static bool check_sum(const void *data)
288{
289 const struct d0_single_user_mode *sum = data;
290 u32 nlo = be32_to_cpu(sum->num_locking_objects);
291
292 if (nlo == 0) {
293 pr_debug("Need at least one locking object.\n");
294 return false;
295 }
296
297 pr_debug("Number of locking objects: %d\n", nlo);
298
299 return true;
300}
301
302static u16 get_comid_v100(const void *data)
303{
304 const struct d0_opal_v100 *v100 = data;
305
306 return be16_to_cpu(v100->baseComID);
307}
308
309static u16 get_comid_v200(const void *data)
310{
311 const struct d0_opal_v200 *v200 = data;
312
313 return be16_to_cpu(v200->baseComID);
314}
315
316static int opal_send_cmd(struct opal_dev *dev)
317{
318 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
319 dev->cmd, IO_BUFFER_LENGTH,
320 true);
321}
322
323static int opal_recv_cmd(struct opal_dev *dev)
324{
325 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
326 dev->resp, IO_BUFFER_LENGTH,
327 false);
328}
329
330static int opal_recv_check(struct opal_dev *dev)
331{
332 size_t buflen = IO_BUFFER_LENGTH;
333 void *buffer = dev->resp;
334 struct opal_header *hdr = buffer;
335 int ret;
336
337 do {
338 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
339 hdr->cp.outstandingData,
340 hdr->cp.minTransfer);
341
342 if (hdr->cp.outstandingData == 0 ||
343 hdr->cp.minTransfer != 0)
344 return 0;
345
346 memset(buffer, 0, buflen);
347 ret = opal_recv_cmd(dev);
348 } while (!ret);
349
350 return ret;
351}
352
353static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
354{
355 int ret;
356
357 ret = opal_send_cmd(dev);
358 if (ret)
359 return ret;
360 ret = opal_recv_cmd(dev);
361 if (ret)
362 return ret;
363 ret = opal_recv_check(dev);
364 if (ret)
365 return ret;
366 return cont(dev);
367}
368
369static void check_geometry(struct opal_dev *dev, const void *data)
370{
371 const struct d0_geometry_features *geo = data;
372
373 dev->align = geo->alignment_granularity;
374 dev->lowest_lba = geo->lowest_aligned_lba;
375}
376
377static int execute_step(struct opal_dev *dev,
378 const struct opal_step *step, size_t stepIndex)
379{
380 int error = step->fn(dev, step->data);
381
382 if (error) {
383 pr_debug("Step %zu (%pS) failed with error %d: %s\n",
384 stepIndex, step->fn, error,
385 opal_error_to_human(error));
386 }
387
388 return error;
389}
390
391static int execute_steps(struct opal_dev *dev,
392 const struct opal_step *steps, size_t n_steps)
393{
394 size_t state = 0;
395 int error;
396
397
398 error = opal_discovery0_step(dev);
399 if (error)
400 return error;
401
402 for (state = 0; state < n_steps; state++) {
403 error = execute_step(dev, &steps[state], state);
404 if (error)
405 goto out_error;
406 }
407
408 return 0;
409
410out_error:
411
412
413
414
415
416
417
418
419 if (state > 0)
420 end_opal_session_error(dev);
421
422 return error;
423}
424
425static int opal_discovery0_end(struct opal_dev *dev)
426{
427 bool found_com_id = false, supported = true, single_user = false;
428 const struct d0_header *hdr = (struct d0_header *)dev->resp;
429 const u8 *epos = dev->resp, *cpos = dev->resp;
430 u16 comid = 0;
431 u32 hlen = be32_to_cpu(hdr->length);
432
433 print_buffer(dev->resp, hlen);
434 dev->mbr_enabled = false;
435
436 if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
437 pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
438 sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
439 return -EFAULT;
440 }
441
442 epos += hlen;
443 cpos += sizeof(*hdr);
444
445 while (cpos < epos && supported) {
446 const struct d0_features *body =
447 (const struct d0_features *)cpos;
448
449 switch (be16_to_cpu(body->code)) {
450 case FC_TPER:
451 supported = check_tper(body->features);
452 break;
453 case FC_SINGLEUSER:
454 single_user = check_sum(body->features);
455 break;
456 case FC_GEOMETRY:
457 check_geometry(dev, body);
458 break;
459 case FC_LOCKING:
460 dev->mbr_enabled = check_mbrenabled(body->features);
461 break;
462 case FC_ENTERPRISE:
463 case FC_DATASTORE:
464
465 pr_debug("Found OPAL feature description: %d\n",
466 be16_to_cpu(body->code));
467 break;
468 case FC_OPALV100:
469 comid = get_comid_v100(body->features);
470 found_com_id = true;
471 break;
472 case FC_OPALV200:
473 comid = get_comid_v200(body->features);
474 found_com_id = true;
475 break;
476 case 0xbfff ... 0xffff:
477
478 break;
479 default:
480 pr_debug("OPAL Unknown feature: %d\n",
481 be16_to_cpu(body->code));
482
483 }
484 cpos += body->length + 4;
485 }
486
487 if (!supported) {
488 pr_debug("This device is not Opal enabled. Not Supported!\n");
489 return -EOPNOTSUPP;
490 }
491
492 if (!single_user)
493 pr_debug("Device doesn't support single user mode\n");
494
495
496 if (!found_com_id) {
497 pr_debug("Could not find OPAL comid for device. Returning early\n");
498 return -EOPNOTSUPP;
499 }
500
501 dev->comid = comid;
502
503 return 0;
504}
505
506static int opal_discovery0(struct opal_dev *dev, void *data)
507{
508 int ret;
509
510 memset(dev->resp, 0, IO_BUFFER_LENGTH);
511 dev->comid = OPAL_DISCOVERY_COMID;
512 ret = opal_recv_cmd(dev);
513 if (ret)
514 return ret;
515 return opal_discovery0_end(dev);
516}
517
518static int opal_discovery0_step(struct opal_dev *dev)
519{
520 const struct opal_step discovery0_step = {
521 opal_discovery0,
522 };
523 return execute_step(dev, &discovery0_step, 0);
524}
525
526static bool can_add(int *err, struct opal_dev *cmd, size_t len)
527{
528 if (*err)
529 return false;
530
531 if (len > IO_BUFFER_LENGTH || cmd->pos > IO_BUFFER_LENGTH - len) {
532 pr_debug("Error adding %zu bytes: end of buffer.\n", len);
533 *err = -ERANGE;
534 return false;
535 }
536
537 return true;
538}
539
540static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
541{
542 if (!can_add(err, cmd, 1))
543 return;
544 cmd->cmd[cmd->pos++] = tok;
545}
546
547static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
548 bool has_sign, int len)
549{
550 u8 atom;
551 int err = 0;
552
553 atom = SHORT_ATOM_ID;
554 atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
555 atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
556 atom |= len & SHORT_ATOM_LEN_MASK;
557
558 add_token_u8(&err, cmd, atom);
559}
560
561static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
562 bool has_sign, int len)
563{
564 u8 header0;
565
566 header0 = MEDIUM_ATOM_ID;
567 header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
568 header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
569 header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
570 cmd->cmd[cmd->pos++] = header0;
571 cmd->cmd[cmd->pos++] = len;
572}
573
574static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
575{
576 size_t len;
577 int msb;
578
579 if (!(number & ~TINY_ATOM_DATA_MASK)) {
580 add_token_u8(err, cmd, number);
581 return;
582 }
583
584 msb = fls64(number);
585 len = DIV_ROUND_UP(msb, 8);
586
587 if (!can_add(err, cmd, len + 1)) {
588 pr_debug("Error adding u64: end of buffer.\n");
589 return;
590 }
591 add_short_atom_header(cmd, false, false, len);
592 while (len--)
593 add_token_u8(err, cmd, number >> (len * 8));
594}
595
596static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len)
597{
598 size_t header_len = 1;
599 bool is_short_atom = true;
600
601 if (len & ~SHORT_ATOM_LEN_MASK) {
602 header_len = 2;
603 is_short_atom = false;
604 }
605
606 if (!can_add(err, cmd, header_len + len)) {
607 pr_debug("Error adding bytestring: end of buffer.\n");
608 return NULL;
609 }
610
611 if (is_short_atom)
612 add_short_atom_header(cmd, true, false, len);
613 else
614 add_medium_atom_header(cmd, true, false, len);
615
616 return &cmd->cmd[cmd->pos];
617}
618
619static void add_token_bytestring(int *err, struct opal_dev *cmd,
620 const u8 *bytestring, size_t len)
621{
622 u8 *start;
623
624 start = add_bytestring_header(err, cmd, len);
625 if (!start)
626 return;
627 memcpy(start, bytestring, len);
628 cmd->pos += len;
629}
630
631static int build_locking_range(u8 *buffer, size_t length, u8 lr)
632{
633 if (length > OPAL_UID_LENGTH) {
634 pr_debug("Can't build locking range. Length OOB\n");
635 return -ERANGE;
636 }
637
638 memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
639
640 if (lr == 0)
641 return 0;
642 buffer[5] = LOCKING_RANGE_NON_GLOBAL;
643 buffer[7] = lr;
644
645 return 0;
646}
647
648static int build_locking_user(u8 *buffer, size_t length, u8 lr)
649{
650 if (length > OPAL_UID_LENGTH) {
651 pr_debug("Can't build locking range user. Length OOB\n");
652 return -ERANGE;
653 }
654
655 memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
656
657 buffer[7] = lr + 1;
658
659 return 0;
660}
661
662static void set_comid(struct opal_dev *cmd, u16 comid)
663{
664 struct opal_header *hdr = (struct opal_header *)cmd->cmd;
665
666 hdr->cp.extendedComID[0] = comid >> 8;
667 hdr->cp.extendedComID[1] = comid;
668 hdr->cp.extendedComID[2] = 0;
669 hdr->cp.extendedComID[3] = 0;
670}
671
672static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
673{
674 struct opal_header *hdr;
675 int err = 0;
676
677
678 add_token_u8(&err, cmd, OPAL_ENDLIST);
679
680 add_token_u8(&err, cmd, OPAL_ENDOFDATA);
681 add_token_u8(&err, cmd, OPAL_STARTLIST);
682 add_token_u8(&err, cmd, 0);
683 add_token_u8(&err, cmd, 0);
684 add_token_u8(&err, cmd, 0);
685 add_token_u8(&err, cmd, OPAL_ENDLIST);
686
687 if (err) {
688 pr_debug("Error finalizing command.\n");
689 return -EFAULT;
690 }
691
692 hdr = (struct opal_header *) cmd->cmd;
693
694 hdr->pkt.tsn = cpu_to_be32(tsn);
695 hdr->pkt.hsn = cpu_to_be32(hsn);
696
697 hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
698 while (cmd->pos % 4) {
699 if (cmd->pos >= IO_BUFFER_LENGTH) {
700 pr_debug("Error: Buffer overrun\n");
701 return -ERANGE;
702 }
703 cmd->cmd[cmd->pos++] = 0;
704 }
705 hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
706 sizeof(hdr->pkt));
707 hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
708
709 return 0;
710}
711
712static const struct opal_resp_tok *response_get_token(
713 const struct parsed_resp *resp,
714 int n)
715{
716 const struct opal_resp_tok *tok;
717
718 if (!resp) {
719 pr_debug("Response is NULL\n");
720 return ERR_PTR(-EINVAL);
721 }
722
723 if (n >= resp->num) {
724 pr_debug("Token number doesn't exist: %d, resp: %d\n",
725 n, resp->num);
726 return ERR_PTR(-EINVAL);
727 }
728
729 tok = &resp->toks[n];
730 if (tok->len == 0) {
731 pr_debug("Token length must be non-zero\n");
732 return ERR_PTR(-EINVAL);
733 }
734
735 return tok;
736}
737
738static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
739 const u8 *pos)
740{
741 tok->pos = pos;
742 tok->len = 1;
743 tok->width = OPAL_WIDTH_TINY;
744
745 if (pos[0] & TINY_ATOM_SIGNED) {
746 tok->type = OPAL_DTA_TOKENID_SINT;
747 } else {
748 tok->type = OPAL_DTA_TOKENID_UINT;
749 tok->stored.u = pos[0] & 0x3f;
750 }
751
752 return tok->len;
753}
754
755static ssize_t response_parse_short(struct opal_resp_tok *tok,
756 const u8 *pos)
757{
758 tok->pos = pos;
759 tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
760 tok->width = OPAL_WIDTH_SHORT;
761
762 if (pos[0] & SHORT_ATOM_BYTESTRING) {
763 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
764 } else if (pos[0] & SHORT_ATOM_SIGNED) {
765 tok->type = OPAL_DTA_TOKENID_SINT;
766 } else {
767 u64 u_integer = 0;
768 ssize_t i, b = 0;
769
770 tok->type = OPAL_DTA_TOKENID_UINT;
771 if (tok->len > 9) {
772 pr_debug("uint64 with more than 8 bytes\n");
773 return -EINVAL;
774 }
775 for (i = tok->len - 1; i > 0; i--) {
776 u_integer |= ((u64)pos[i] << (8 * b));
777 b++;
778 }
779 tok->stored.u = u_integer;
780 }
781
782 return tok->len;
783}
784
785static ssize_t response_parse_medium(struct opal_resp_tok *tok,
786 const u8 *pos)
787{
788 tok->pos = pos;
789 tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
790 tok->width = OPAL_WIDTH_MEDIUM;
791
792 if (pos[0] & MEDIUM_ATOM_BYTESTRING)
793 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
794 else if (pos[0] & MEDIUM_ATOM_SIGNED)
795 tok->type = OPAL_DTA_TOKENID_SINT;
796 else
797 tok->type = OPAL_DTA_TOKENID_UINT;
798
799 return tok->len;
800}
801
802static ssize_t response_parse_long(struct opal_resp_tok *tok,
803 const u8 *pos)
804{
805 tok->pos = pos;
806 tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
807 tok->width = OPAL_WIDTH_LONG;
808
809 if (pos[0] & LONG_ATOM_BYTESTRING)
810 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
811 else if (pos[0] & LONG_ATOM_SIGNED)
812 tok->type = OPAL_DTA_TOKENID_SINT;
813 else
814 tok->type = OPAL_DTA_TOKENID_UINT;
815
816 return tok->len;
817}
818
819static ssize_t response_parse_token(struct opal_resp_tok *tok,
820 const u8 *pos)
821{
822 tok->pos = pos;
823 tok->len = 1;
824 tok->type = OPAL_DTA_TOKENID_TOKEN;
825 tok->width = OPAL_WIDTH_TOKEN;
826
827 return tok->len;
828}
829
830static int response_parse(const u8 *buf, size_t length,
831 struct parsed_resp *resp)
832{
833 const struct opal_header *hdr;
834 struct opal_resp_tok *iter;
835 int num_entries = 0;
836 int total;
837 ssize_t token_length;
838 const u8 *pos;
839 u32 clen, plen, slen;
840
841 if (!buf)
842 return -EFAULT;
843
844 if (!resp)
845 return -EFAULT;
846
847 hdr = (struct opal_header *)buf;
848 pos = buf;
849 pos += sizeof(*hdr);
850
851 clen = be32_to_cpu(hdr->cp.length);
852 plen = be32_to_cpu(hdr->pkt.length);
853 slen = be32_to_cpu(hdr->subpkt.length);
854 pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
855 clen, plen, slen);
856
857 if (clen == 0 || plen == 0 || slen == 0 ||
858 slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
859 pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
860 clen, plen, slen);
861 print_buffer(pos, sizeof(*hdr));
862 return -EINVAL;
863 }
864
865 if (pos > buf + length)
866 return -EFAULT;
867
868 iter = resp->toks;
869 total = slen;
870 print_buffer(pos, total);
871 while (total > 0) {
872 if (pos[0] <= TINY_ATOM_BYTE)
873 token_length = response_parse_tiny(iter, pos);
874 else if (pos[0] <= SHORT_ATOM_BYTE)
875 token_length = response_parse_short(iter, pos);
876 else if (pos[0] <= MEDIUM_ATOM_BYTE)
877 token_length = response_parse_medium(iter, pos);
878 else if (pos[0] <= LONG_ATOM_BYTE)
879 token_length = response_parse_long(iter, pos);
880 else
881 token_length = response_parse_token(iter, pos);
882
883 if (token_length < 0)
884 return token_length;
885
886 pos += token_length;
887 total -= token_length;
888 iter++;
889 num_entries++;
890 }
891
892 if (num_entries == 0) {
893 pr_debug("Couldn't parse response.\n");
894 return -EINVAL;
895 }
896 resp->num = num_entries;
897
898 return 0;
899}
900
901static size_t response_get_string(const struct parsed_resp *resp, int n,
902 const char **store)
903{
904 u8 skip;
905 const struct opal_resp_tok *tok;
906
907 *store = NULL;
908 tok = response_get_token(resp, n);
909 if (IS_ERR(tok))
910 return 0;
911
912 if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) {
913 pr_debug("Token is not a byte string!\n");
914 return 0;
915 }
916
917 switch (tok->width) {
918 case OPAL_WIDTH_TINY:
919 case OPAL_WIDTH_SHORT:
920 skip = 1;
921 break;
922 case OPAL_WIDTH_MEDIUM:
923 skip = 2;
924 break;
925 case OPAL_WIDTH_LONG:
926 skip = 4;
927 break;
928 default:
929 pr_debug("Token has invalid width!\n");
930 return 0;
931 }
932
933 *store = tok->pos + skip;
934 return tok->len - skip;
935}
936
937static u64 response_get_u64(const struct parsed_resp *resp, int n)
938{
939 const struct opal_resp_tok *tok;
940
941 tok = response_get_token(resp, n);
942 if (IS_ERR(tok))
943 return 0;
944
945 if (tok->type != OPAL_DTA_TOKENID_UINT) {
946 pr_debug("Token is not unsigned int: %d\n", tok->type);
947 return 0;
948 }
949
950 if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) {
951 pr_debug("Atom is not short or tiny: %d\n", tok->width);
952 return 0;
953 }
954
955 return tok->stored.u;
956}
957
958static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
959{
960 if (IS_ERR(token) ||
961 token->type != OPAL_DTA_TOKENID_TOKEN ||
962 token->pos[0] != match)
963 return false;
964 return true;
965}
966
967static u8 response_status(const struct parsed_resp *resp)
968{
969 const struct opal_resp_tok *tok;
970
971 tok = response_get_token(resp, 0);
972 if (response_token_matches(tok, OPAL_ENDOFSESSION))
973 return 0;
974
975 if (resp->num < 5)
976 return DTAERROR_NO_METHOD_STATUS;
977
978 tok = response_get_token(resp, resp->num - 5);
979 if (!response_token_matches(tok, OPAL_STARTLIST))
980 return DTAERROR_NO_METHOD_STATUS;
981
982 tok = response_get_token(resp, resp->num - 1);
983 if (!response_token_matches(tok, OPAL_ENDLIST))
984 return DTAERROR_NO_METHOD_STATUS;
985
986 return response_get_u64(resp, resp->num - 4);
987}
988
989
990static int parse_and_check_status(struct opal_dev *dev)
991{
992 int error;
993
994 print_buffer(dev->cmd, dev->pos);
995
996 error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
997 if (error) {
998 pr_debug("Couldn't parse response.\n");
999 return error;
1000 }
1001
1002 return response_status(&dev->parsed);
1003}
1004
1005static void clear_opal_cmd(struct opal_dev *dev)
1006{
1007 dev->pos = sizeof(struct opal_header);
1008 memset(dev->cmd, 0, IO_BUFFER_LENGTH);
1009}
1010
1011static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method)
1012{
1013 int err = 0;
1014
1015 clear_opal_cmd(dev);
1016 set_comid(dev, dev->comid);
1017
1018 add_token_u8(&err, dev, OPAL_CALL);
1019 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1020 add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH);
1021
1022
1023
1024
1025
1026
1027 add_token_u8(&err, dev, OPAL_STARTLIST);
1028
1029 return err;
1030}
1031
1032static int start_opal_session_cont(struct opal_dev *dev)
1033{
1034 u32 hsn, tsn;
1035 int error = 0;
1036
1037 error = parse_and_check_status(dev);
1038 if (error)
1039 return error;
1040
1041 hsn = response_get_u64(&dev->parsed, 4);
1042 tsn = response_get_u64(&dev->parsed, 5);
1043
1044 if (hsn == 0 && tsn == 0) {
1045 pr_debug("Couldn't authenticate session\n");
1046 return -EPERM;
1047 }
1048
1049 dev->hsn = hsn;
1050 dev->tsn = tsn;
1051 return 0;
1052}
1053
1054static void add_suspend_info(struct opal_dev *dev,
1055 struct opal_suspend_data *sus)
1056{
1057 struct opal_suspend_data *iter;
1058
1059 list_for_each_entry(iter, &dev->unlk_lst, node) {
1060 if (iter->lr == sus->lr) {
1061 list_del(&iter->node);
1062 kfree(iter);
1063 break;
1064 }
1065 }
1066 list_add_tail(&sus->node, &dev->unlk_lst);
1067}
1068
1069static int end_session_cont(struct opal_dev *dev)
1070{
1071 dev->hsn = 0;
1072 dev->tsn = 0;
1073 return parse_and_check_status(dev);
1074}
1075
1076static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1077{
1078 int ret;
1079
1080 ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1081 if (ret) {
1082 pr_debug("Error finalizing command buffer: %d\n", ret);
1083 return ret;
1084 }
1085
1086 print_buffer(dev->cmd, dev->pos);
1087
1088 return opal_send_recv(dev, cont);
1089}
1090
1091
1092
1093
1094
1095static int generic_get_column(struct opal_dev *dev, const u8 *table,
1096 u64 column)
1097{
1098 int err;
1099
1100 err = cmd_start(dev, table, opalmethod[OPAL_GET]);
1101
1102 add_token_u8(&err, dev, OPAL_STARTLIST);
1103
1104 add_token_u8(&err, dev, OPAL_STARTNAME);
1105 add_token_u8(&err, dev, OPAL_STARTCOLUMN);
1106 add_token_u64(&err, dev, column);
1107 add_token_u8(&err, dev, OPAL_ENDNAME);
1108
1109 add_token_u8(&err, dev, OPAL_STARTNAME);
1110 add_token_u8(&err, dev, OPAL_ENDCOLUMN);
1111 add_token_u64(&err, dev, column);
1112 add_token_u8(&err, dev, OPAL_ENDNAME);
1113
1114 add_token_u8(&err, dev, OPAL_ENDLIST);
1115
1116 if (err)
1117 return err;
1118
1119 return finalize_and_send(dev, parse_and_check_status);
1120}
1121
1122static int gen_key(struct opal_dev *dev, void *data)
1123{
1124 u8 uid[OPAL_UID_LENGTH];
1125 int err;
1126
1127 memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1128 kfree(dev->prev_data);
1129 dev->prev_data = NULL;
1130
1131 err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]);
1132
1133 if (err) {
1134 pr_debug("Error building gen key command\n");
1135 return err;
1136
1137 }
1138 return finalize_and_send(dev, parse_and_check_status);
1139}
1140
1141static int get_active_key_cont(struct opal_dev *dev)
1142{
1143 const char *activekey;
1144 size_t keylen;
1145 int error = 0;
1146
1147 error = parse_and_check_status(dev);
1148 if (error)
1149 return error;
1150 keylen = response_get_string(&dev->parsed, 4, &activekey);
1151 if (!activekey) {
1152 pr_debug("%s: Couldn't extract the Activekey from the response\n",
1153 __func__);
1154 return OPAL_INVAL_PARAM;
1155 }
1156 dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1157
1158 if (!dev->prev_data)
1159 return -ENOMEM;
1160
1161 dev->prev_d_len = keylen;
1162
1163 return 0;
1164}
1165
1166static int get_active_key(struct opal_dev *dev, void *data)
1167{
1168 u8 uid[OPAL_UID_LENGTH];
1169 int err;
1170 u8 *lr = data;
1171
1172 err = build_locking_range(uid, sizeof(uid), *lr);
1173 if (err)
1174 return err;
1175
1176 err = generic_get_column(dev, uid, OPAL_ACTIVEKEY);
1177 if (err)
1178 return err;
1179
1180 return get_active_key_cont(dev);
1181}
1182
1183static int generic_lr_enable_disable(struct opal_dev *dev,
1184 u8 *uid, bool rle, bool wle,
1185 bool rl, bool wl)
1186{
1187 int err;
1188
1189 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1190
1191 add_token_u8(&err, dev, OPAL_STARTNAME);
1192 add_token_u8(&err, dev, OPAL_VALUES);
1193 add_token_u8(&err, dev, OPAL_STARTLIST);
1194
1195 add_token_u8(&err, dev, OPAL_STARTNAME);
1196 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1197 add_token_u8(&err, dev, rle);
1198 add_token_u8(&err, dev, OPAL_ENDNAME);
1199
1200 add_token_u8(&err, dev, OPAL_STARTNAME);
1201 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1202 add_token_u8(&err, dev, wle);
1203 add_token_u8(&err, dev, OPAL_ENDNAME);
1204
1205 add_token_u8(&err, dev, OPAL_STARTNAME);
1206 add_token_u8(&err, dev, OPAL_READLOCKED);
1207 add_token_u8(&err, dev, rl);
1208 add_token_u8(&err, dev, OPAL_ENDNAME);
1209
1210 add_token_u8(&err, dev, OPAL_STARTNAME);
1211 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1212 add_token_u8(&err, dev, wl);
1213 add_token_u8(&err, dev, OPAL_ENDNAME);
1214
1215 add_token_u8(&err, dev, OPAL_ENDLIST);
1216 add_token_u8(&err, dev, OPAL_ENDNAME);
1217 return err;
1218}
1219
1220static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1221 struct opal_user_lr_setup *setup)
1222{
1223 int err;
1224
1225 err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1226 0, 0);
1227 if (err)
1228 pr_debug("Failed to create enable global lr command\n");
1229 return err;
1230}
1231
1232static int setup_locking_range(struct opal_dev *dev, void *data)
1233{
1234 u8 uid[OPAL_UID_LENGTH];
1235 struct opal_user_lr_setup *setup = data;
1236 u8 lr;
1237 int err;
1238
1239 lr = setup->session.opal_key.lr;
1240 err = build_locking_range(uid, sizeof(uid), lr);
1241 if (err)
1242 return err;
1243
1244 if (lr == 0)
1245 err = enable_global_lr(dev, uid, setup);
1246 else {
1247 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1248
1249 add_token_u8(&err, dev, OPAL_STARTNAME);
1250 add_token_u8(&err, dev, OPAL_VALUES);
1251 add_token_u8(&err, dev, OPAL_STARTLIST);
1252
1253 add_token_u8(&err, dev, OPAL_STARTNAME);
1254 add_token_u8(&err, dev, OPAL_RANGESTART);
1255 add_token_u64(&err, dev, setup->range_start);
1256 add_token_u8(&err, dev, OPAL_ENDNAME);
1257
1258 add_token_u8(&err, dev, OPAL_STARTNAME);
1259 add_token_u8(&err, dev, OPAL_RANGELENGTH);
1260 add_token_u64(&err, dev, setup->range_length);
1261 add_token_u8(&err, dev, OPAL_ENDNAME);
1262
1263 add_token_u8(&err, dev, OPAL_STARTNAME);
1264 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1265 add_token_u64(&err, dev, !!setup->RLE);
1266 add_token_u8(&err, dev, OPAL_ENDNAME);
1267
1268 add_token_u8(&err, dev, OPAL_STARTNAME);
1269 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1270 add_token_u64(&err, dev, !!setup->WLE);
1271 add_token_u8(&err, dev, OPAL_ENDNAME);
1272
1273 add_token_u8(&err, dev, OPAL_ENDLIST);
1274 add_token_u8(&err, dev, OPAL_ENDNAME);
1275 }
1276 if (err) {
1277 pr_debug("Error building Setup Locking range command.\n");
1278 return err;
1279
1280 }
1281
1282 return finalize_and_send(dev, parse_and_check_status);
1283}
1284
1285static int start_generic_opal_session(struct opal_dev *dev,
1286 enum opal_uid auth,
1287 enum opal_uid sp_type,
1288 const char *key,
1289 u8 key_len)
1290{
1291 u32 hsn;
1292 int err;
1293
1294 if (key == NULL && auth != OPAL_ANYBODY_UID)
1295 return OPAL_INVAL_PARAM;
1296
1297 hsn = GENERIC_HOST_SESSION_NUM;
1298 err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1299 opalmethod[OPAL_STARTSESSION]);
1300
1301 add_token_u64(&err, dev, hsn);
1302 add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1303 add_token_u8(&err, dev, 1);
1304
1305 switch (auth) {
1306 case OPAL_ANYBODY_UID:
1307 break;
1308 case OPAL_ADMIN1_UID:
1309 case OPAL_SID_UID:
1310 add_token_u8(&err, dev, OPAL_STARTNAME);
1311 add_token_u8(&err, dev, 0);
1312 add_token_bytestring(&err, dev, key, key_len);
1313 add_token_u8(&err, dev, OPAL_ENDNAME);
1314 add_token_u8(&err, dev, OPAL_STARTNAME);
1315 add_token_u8(&err, dev, 3);
1316 add_token_bytestring(&err, dev, opaluid[auth],
1317 OPAL_UID_LENGTH);
1318 add_token_u8(&err, dev, OPAL_ENDNAME);
1319 break;
1320 default:
1321 pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1322 return OPAL_INVAL_PARAM;
1323 }
1324
1325 if (err) {
1326 pr_debug("Error building start adminsp session command.\n");
1327 return err;
1328 }
1329
1330 return finalize_and_send(dev, start_opal_session_cont);
1331}
1332
1333static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1334{
1335 return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1336 OPAL_ADMINSP_UID, NULL, 0);
1337}
1338
1339static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1340{
1341 int ret;
1342 const u8 *key = dev->prev_data;
1343
1344 if (!key) {
1345 const struct opal_key *okey = data;
1346
1347 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1348 OPAL_ADMINSP_UID,
1349 okey->key,
1350 okey->key_len);
1351 } else {
1352 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1353 OPAL_ADMINSP_UID,
1354 key, dev->prev_d_len);
1355 kfree(key);
1356 dev->prev_data = NULL;
1357 }
1358 return ret;
1359}
1360
1361static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1362{
1363 struct opal_key *key = data;
1364
1365 return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1366 OPAL_LOCKINGSP_UID,
1367 key->key, key->key_len);
1368}
1369
1370static int start_auth_opal_session(struct opal_dev *dev, void *data)
1371{
1372 struct opal_session_info *session = data;
1373 u8 lk_ul_user[OPAL_UID_LENGTH];
1374 size_t keylen = session->opal_key.key_len;
1375 int err = 0;
1376
1377 u8 *key = session->opal_key.key;
1378 u32 hsn = GENERIC_HOST_SESSION_NUM;
1379
1380 if (session->sum)
1381 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1382 session->opal_key.lr);
1383 else if (session->who != OPAL_ADMIN1 && !session->sum)
1384 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1385 session->who - 1);
1386 else
1387 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1388
1389 if (err)
1390 return err;
1391
1392 err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1393 opalmethod[OPAL_STARTSESSION]);
1394
1395 add_token_u64(&err, dev, hsn);
1396 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1397 OPAL_UID_LENGTH);
1398 add_token_u8(&err, dev, 1);
1399 add_token_u8(&err, dev, OPAL_STARTNAME);
1400 add_token_u8(&err, dev, 0);
1401 add_token_bytestring(&err, dev, key, keylen);
1402 add_token_u8(&err, dev, OPAL_ENDNAME);
1403 add_token_u8(&err, dev, OPAL_STARTNAME);
1404 add_token_u8(&err, dev, 3);
1405 add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1406 add_token_u8(&err, dev, OPAL_ENDNAME);
1407
1408 if (err) {
1409 pr_debug("Error building STARTSESSION command.\n");
1410 return err;
1411 }
1412
1413 return finalize_and_send(dev, start_opal_session_cont);
1414}
1415
1416static int revert_tper(struct opal_dev *dev, void *data)
1417{
1418 int err;
1419
1420 err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID],
1421 opalmethod[OPAL_REVERT]);
1422 if (err) {
1423 pr_debug("Error building REVERT TPER command.\n");
1424 return err;
1425 }
1426
1427 return finalize_and_send(dev, parse_and_check_status);
1428}
1429
1430static int internal_activate_user(struct opal_dev *dev, void *data)
1431{
1432 struct opal_session_info *session = data;
1433 u8 uid[OPAL_UID_LENGTH];
1434 int err;
1435
1436 memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1437 uid[7] = session->who;
1438
1439 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1440 add_token_u8(&err, dev, OPAL_STARTNAME);
1441 add_token_u8(&err, dev, OPAL_VALUES);
1442 add_token_u8(&err, dev, OPAL_STARTLIST);
1443 add_token_u8(&err, dev, OPAL_STARTNAME);
1444 add_token_u8(&err, dev, 5);
1445 add_token_u8(&err, dev, OPAL_TRUE);
1446 add_token_u8(&err, dev, OPAL_ENDNAME);
1447 add_token_u8(&err, dev, OPAL_ENDLIST);
1448 add_token_u8(&err, dev, OPAL_ENDNAME);
1449
1450 if (err) {
1451 pr_debug("Error building Activate UserN command.\n");
1452 return err;
1453 }
1454
1455 return finalize_and_send(dev, parse_and_check_status);
1456}
1457
1458static int erase_locking_range(struct opal_dev *dev, void *data)
1459{
1460 struct opal_session_info *session = data;
1461 u8 uid[OPAL_UID_LENGTH];
1462 int err;
1463
1464 if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1465 return -ERANGE;
1466
1467 err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]);
1468
1469 if (err) {
1470 pr_debug("Error building Erase Locking Range Command.\n");
1471 return err;
1472 }
1473 return finalize_and_send(dev, parse_and_check_status);
1474}
1475
1476static int set_mbr_done(struct opal_dev *dev, void *data)
1477{
1478 u8 *mbr_done_tf = data;
1479 int err;
1480
1481 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1482 opalmethod[OPAL_SET]);
1483
1484 add_token_u8(&err, dev, OPAL_STARTNAME);
1485 add_token_u8(&err, dev, OPAL_VALUES);
1486 add_token_u8(&err, dev, OPAL_STARTLIST);
1487 add_token_u8(&err, dev, OPAL_STARTNAME);
1488 add_token_u8(&err, dev, OPAL_MBRDONE);
1489 add_token_u8(&err, dev, *mbr_done_tf);
1490 add_token_u8(&err, dev, OPAL_ENDNAME);
1491 add_token_u8(&err, dev, OPAL_ENDLIST);
1492 add_token_u8(&err, dev, OPAL_ENDNAME);
1493
1494 if (err) {
1495 pr_debug("Error Building set MBR Done command\n");
1496 return err;
1497 }
1498
1499 return finalize_and_send(dev, parse_and_check_status);
1500}
1501
1502static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1503{
1504 u8 *mbr_en_dis = data;
1505 int err;
1506
1507 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1508 opalmethod[OPAL_SET]);
1509
1510 add_token_u8(&err, dev, OPAL_STARTNAME);
1511 add_token_u8(&err, dev, OPAL_VALUES);
1512 add_token_u8(&err, dev, OPAL_STARTLIST);
1513 add_token_u8(&err, dev, OPAL_STARTNAME);
1514 add_token_u8(&err, dev, OPAL_MBRENABLE);
1515 add_token_u8(&err, dev, *mbr_en_dis);
1516 add_token_u8(&err, dev, OPAL_ENDNAME);
1517 add_token_u8(&err, dev, OPAL_ENDLIST);
1518 add_token_u8(&err, dev, OPAL_ENDNAME);
1519
1520 if (err) {
1521 pr_debug("Error Building set MBR done command\n");
1522 return err;
1523 }
1524
1525 return finalize_and_send(dev, parse_and_check_status);
1526}
1527
1528static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1529 struct opal_dev *dev)
1530{
1531 int err;
1532
1533 err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]);
1534
1535 add_token_u8(&err, dev, OPAL_STARTNAME);
1536 add_token_u8(&err, dev, OPAL_VALUES);
1537 add_token_u8(&err, dev, OPAL_STARTLIST);
1538 add_token_u8(&err, dev, OPAL_STARTNAME);
1539 add_token_u8(&err, dev, OPAL_PIN);
1540 add_token_bytestring(&err, dev, key, key_len);
1541 add_token_u8(&err, dev, OPAL_ENDNAME);
1542 add_token_u8(&err, dev, OPAL_ENDLIST);
1543 add_token_u8(&err, dev, OPAL_ENDNAME);
1544
1545 return err;
1546}
1547
1548static int set_new_pw(struct opal_dev *dev, void *data)
1549{
1550 u8 cpin_uid[OPAL_UID_LENGTH];
1551 struct opal_session_info *usr = data;
1552
1553 memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1554
1555 if (usr->who != OPAL_ADMIN1) {
1556 cpin_uid[5] = 0x03;
1557 if (usr->sum)
1558 cpin_uid[7] = usr->opal_key.lr + 1;
1559 else
1560 cpin_uid[7] = usr->who;
1561 }
1562
1563 if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
1564 cpin_uid, dev)) {
1565 pr_debug("Error building set password command.\n");
1566 return -ERANGE;
1567 }
1568
1569 return finalize_and_send(dev, parse_and_check_status);
1570}
1571
1572static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
1573{
1574 u8 cpin_uid[OPAL_UID_LENGTH];
1575 struct opal_key *key = data;
1576
1577 memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
1578
1579 if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
1580 pr_debug("Error building Set SID cpin\n");
1581 return -ERANGE;
1582 }
1583 return finalize_and_send(dev, parse_and_check_status);
1584}
1585
1586static int add_user_to_lr(struct opal_dev *dev, void *data)
1587{
1588 u8 lr_buffer[OPAL_UID_LENGTH];
1589 u8 user_uid[OPAL_UID_LENGTH];
1590 struct opal_lock_unlock *lkul = data;
1591 int err;
1592
1593 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_RDLOCKED],
1594 OPAL_UID_LENGTH);
1595
1596 if (lkul->l_state == OPAL_RW)
1597 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_WRLOCKED],
1598 OPAL_UID_LENGTH);
1599
1600 lr_buffer[7] = lkul->session.opal_key.lr;
1601
1602 memcpy(user_uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1603
1604 user_uid[7] = lkul->session.who;
1605
1606 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1607
1608 add_token_u8(&err, dev, OPAL_STARTNAME);
1609 add_token_u8(&err, dev, OPAL_VALUES);
1610
1611 add_token_u8(&err, dev, OPAL_STARTLIST);
1612 add_token_u8(&err, dev, OPAL_STARTNAME);
1613 add_token_u8(&err, dev, 3);
1614
1615 add_token_u8(&err, dev, OPAL_STARTLIST);
1616
1617
1618 add_token_u8(&err, dev, OPAL_STARTNAME);
1619 add_token_bytestring(&err, dev,
1620 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1621 OPAL_UID_LENGTH/2);
1622 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1623 add_token_u8(&err, dev, OPAL_ENDNAME);
1624
1625
1626 add_token_u8(&err, dev, OPAL_STARTNAME);
1627 add_token_bytestring(&err, dev,
1628 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1629 OPAL_UID_LENGTH/2);
1630 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1631 add_token_u8(&err, dev, OPAL_ENDNAME);
1632
1633
1634 add_token_u8(&err, dev, OPAL_STARTNAME);
1635 add_token_bytestring(&err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
1636 OPAL_UID_LENGTH/2);
1637 add_token_u8(&err, dev, 1);
1638 add_token_u8(&err, dev, OPAL_ENDNAME);
1639
1640
1641 add_token_u8(&err, dev, OPAL_ENDLIST);
1642 add_token_u8(&err, dev, OPAL_ENDNAME);
1643 add_token_u8(&err, dev, OPAL_ENDLIST);
1644 add_token_u8(&err, dev, OPAL_ENDNAME);
1645
1646 if (err) {
1647 pr_debug("Error building add user to locking range command.\n");
1648 return err;
1649 }
1650
1651 return finalize_and_send(dev, parse_and_check_status);
1652}
1653
1654static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
1655{
1656 u8 lr_buffer[OPAL_UID_LENGTH];
1657 struct opal_lock_unlock *lkul = data;
1658 u8 read_locked = 1, write_locked = 1;
1659 int err = 0;
1660
1661 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1662 lkul->session.opal_key.lr) < 0)
1663 return -ERANGE;
1664
1665 switch (lkul->l_state) {
1666 case OPAL_RO:
1667 read_locked = 0;
1668 write_locked = 1;
1669 break;
1670 case OPAL_RW:
1671 read_locked = 0;
1672 write_locked = 0;
1673 break;
1674 case OPAL_LK:
1675
1676 break;
1677 default:
1678 pr_debug("Tried to set an invalid locking state... returning to uland\n");
1679 return OPAL_INVAL_PARAM;
1680 }
1681
1682 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1683
1684 add_token_u8(&err, dev, OPAL_STARTNAME);
1685 add_token_u8(&err, dev, OPAL_VALUES);
1686 add_token_u8(&err, dev, OPAL_STARTLIST);
1687
1688 add_token_u8(&err, dev, OPAL_STARTNAME);
1689 add_token_u8(&err, dev, OPAL_READLOCKED);
1690 add_token_u8(&err, dev, read_locked);
1691 add_token_u8(&err, dev, OPAL_ENDNAME);
1692
1693 add_token_u8(&err, dev, OPAL_STARTNAME);
1694 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1695 add_token_u8(&err, dev, write_locked);
1696 add_token_u8(&err, dev, OPAL_ENDNAME);
1697
1698 add_token_u8(&err, dev, OPAL_ENDLIST);
1699 add_token_u8(&err, dev, OPAL_ENDNAME);
1700
1701 if (err) {
1702 pr_debug("Error building SET command.\n");
1703 return err;
1704 }
1705 return finalize_and_send(dev, parse_and_check_status);
1706}
1707
1708
1709static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
1710{
1711 u8 lr_buffer[OPAL_UID_LENGTH];
1712 u8 read_locked = 1, write_locked = 1;
1713 struct opal_lock_unlock *lkul = data;
1714 int ret;
1715
1716 clear_opal_cmd(dev);
1717 set_comid(dev, dev->comid);
1718
1719 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1720 lkul->session.opal_key.lr) < 0)
1721 return -ERANGE;
1722
1723 switch (lkul->l_state) {
1724 case OPAL_RO:
1725 read_locked = 0;
1726 write_locked = 1;
1727 break;
1728 case OPAL_RW:
1729 read_locked = 0;
1730 write_locked = 0;
1731 break;
1732 case OPAL_LK:
1733
1734 break;
1735 default:
1736 pr_debug("Tried to set an invalid locking state.\n");
1737 return OPAL_INVAL_PARAM;
1738 }
1739 ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
1740 read_locked, write_locked);
1741
1742 if (ret < 0) {
1743 pr_debug("Error building SET command.\n");
1744 return ret;
1745 }
1746 return finalize_and_send(dev, parse_and_check_status);
1747}
1748
1749static int activate_lsp(struct opal_dev *dev, void *data)
1750{
1751 struct opal_lr_act *opal_act = data;
1752 u8 user_lr[OPAL_UID_LENGTH];
1753 u8 uint_3 = 0x83;
1754 int err, i;
1755
1756 err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID],
1757 opalmethod[OPAL_ACTIVATE]);
1758
1759 if (opal_act->sum) {
1760 err = build_locking_range(user_lr, sizeof(user_lr),
1761 opal_act->lr[0]);
1762 if (err)
1763 return err;
1764
1765 add_token_u8(&err, dev, OPAL_STARTNAME);
1766 add_token_u8(&err, dev, uint_3);
1767 add_token_u8(&err, dev, 6);
1768 add_token_u8(&err, dev, 0);
1769 add_token_u8(&err, dev, 0);
1770
1771 add_token_u8(&err, dev, OPAL_STARTLIST);
1772 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1773 for (i = 1; i < opal_act->num_lrs; i++) {
1774 user_lr[7] = opal_act->lr[i];
1775 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1776 }
1777 add_token_u8(&err, dev, OPAL_ENDLIST);
1778 add_token_u8(&err, dev, OPAL_ENDNAME);
1779 }
1780
1781 if (err) {
1782 pr_debug("Error building Activate LockingSP command.\n");
1783 return err;
1784 }
1785
1786 return finalize_and_send(dev, parse_and_check_status);
1787}
1788
1789
1790static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
1791{
1792 u8 lc_status;
1793 int err;
1794
1795 err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID],
1796 OPAL_LIFECYCLE);
1797 if (err)
1798 return err;
1799
1800 lc_status = response_get_u64(&dev->parsed, 4);
1801
1802
1803 if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
1804 pr_debug("Couldn't determine the status of the Lifecycle state\n");
1805 return -ENODEV;
1806 }
1807
1808 return 0;
1809}
1810
1811static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
1812{
1813 const char *msid_pin;
1814 size_t strlen;
1815 int err;
1816
1817 err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN);
1818 if (err)
1819 return err;
1820
1821 strlen = response_get_string(&dev->parsed, 4, &msid_pin);
1822 if (!msid_pin) {
1823 pr_debug("Couldn't extract MSID_CPIN from response\n");
1824 return OPAL_INVAL_PARAM;
1825 }
1826
1827 dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
1828 if (!dev->prev_data)
1829 return -ENOMEM;
1830
1831 dev->prev_d_len = strlen;
1832
1833 return 0;
1834}
1835
1836static int end_opal_session(struct opal_dev *dev, void *data)
1837{
1838 int err = 0;
1839
1840 clear_opal_cmd(dev);
1841 set_comid(dev, dev->comid);
1842 add_token_u8(&err, dev, OPAL_ENDOFSESSION);
1843
1844 if (err < 0)
1845 return err;
1846 return finalize_and_send(dev, end_session_cont);
1847}
1848
1849static int end_opal_session_error(struct opal_dev *dev)
1850{
1851 const struct opal_step error_end_session = {
1852 end_opal_session,
1853 };
1854 return execute_step(dev, &error_end_session, 0);
1855}
1856
1857static inline void setup_opal_dev(struct opal_dev *dev)
1858{
1859 dev->tsn = 0;
1860 dev->hsn = 0;
1861 dev->prev_data = NULL;
1862}
1863
1864static int check_opal_support(struct opal_dev *dev)
1865{
1866 int ret;
1867
1868 mutex_lock(&dev->dev_lock);
1869 setup_opal_dev(dev);
1870 ret = opal_discovery0_step(dev);
1871 dev->supported = !ret;
1872 mutex_unlock(&dev->dev_lock);
1873 return ret;
1874}
1875
1876static void clean_opal_dev(struct opal_dev *dev)
1877{
1878
1879 struct opal_suspend_data *suspend, *next;
1880
1881 mutex_lock(&dev->dev_lock);
1882 list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
1883 list_del(&suspend->node);
1884 kfree(suspend);
1885 }
1886 mutex_unlock(&dev->dev_lock);
1887}
1888
1889void free_opal_dev(struct opal_dev *dev)
1890{
1891 if (!dev)
1892 return;
1893 clean_opal_dev(dev);
1894 kfree(dev);
1895}
1896EXPORT_SYMBOL(free_opal_dev);
1897
1898struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
1899{
1900 struct opal_dev *dev;
1901
1902 dev = kmalloc(sizeof(*dev), GFP_KERNEL);
1903 if (!dev)
1904 return NULL;
1905
1906 INIT_LIST_HEAD(&dev->unlk_lst);
1907 mutex_init(&dev->dev_lock);
1908 dev->data = data;
1909 dev->send_recv = send_recv;
1910 if (check_opal_support(dev) != 0) {
1911 pr_debug("Opal is not supported on this device\n");
1912 kfree(dev);
1913 return NULL;
1914 }
1915 return dev;
1916}
1917EXPORT_SYMBOL(init_opal_dev);
1918
1919static int opal_secure_erase_locking_range(struct opal_dev *dev,
1920 struct opal_session_info *opal_session)
1921{
1922 const struct opal_step erase_steps[] = {
1923 { start_auth_opal_session, opal_session },
1924 { get_active_key, &opal_session->opal_key.lr },
1925 { gen_key, },
1926 { end_opal_session, }
1927 };
1928 int ret;
1929
1930 mutex_lock(&dev->dev_lock);
1931 setup_opal_dev(dev);
1932 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
1933 mutex_unlock(&dev->dev_lock);
1934 return ret;
1935}
1936
1937static int opal_erase_locking_range(struct opal_dev *dev,
1938 struct opal_session_info *opal_session)
1939{
1940 const struct opal_step erase_steps[] = {
1941 { start_auth_opal_session, opal_session },
1942 { erase_locking_range, opal_session },
1943 { end_opal_session, }
1944 };
1945 int ret;
1946
1947 mutex_lock(&dev->dev_lock);
1948 setup_opal_dev(dev);
1949 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
1950 mutex_unlock(&dev->dev_lock);
1951 return ret;
1952}
1953
1954static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
1955 struct opal_mbr_data *opal_mbr)
1956{
1957 u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ?
1958 OPAL_TRUE : OPAL_FALSE;
1959
1960 const struct opal_step mbr_steps[] = {
1961 { start_admin1LSP_opal_session, &opal_mbr->key },
1962 { set_mbr_done, &enable_disable },
1963 { end_opal_session, },
1964 { start_admin1LSP_opal_session, &opal_mbr->key },
1965 { set_mbr_enable_disable, &enable_disable },
1966 { end_opal_session, }
1967 };
1968 int ret;
1969
1970 if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
1971 opal_mbr->enable_disable != OPAL_MBR_DISABLE)
1972 return -EINVAL;
1973
1974 mutex_lock(&dev->dev_lock);
1975 setup_opal_dev(dev);
1976 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
1977 mutex_unlock(&dev->dev_lock);
1978 return ret;
1979}
1980
1981static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
1982{
1983 struct opal_suspend_data *suspend;
1984
1985 suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
1986 if (!suspend)
1987 return -ENOMEM;
1988
1989 suspend->unlk = *lk_unlk;
1990 suspend->lr = lk_unlk->session.opal_key.lr;
1991
1992 mutex_lock(&dev->dev_lock);
1993 setup_opal_dev(dev);
1994 add_suspend_info(dev, suspend);
1995 mutex_unlock(&dev->dev_lock);
1996 return 0;
1997}
1998
1999static int opal_add_user_to_lr(struct opal_dev *dev,
2000 struct opal_lock_unlock *lk_unlk)
2001{
2002 const struct opal_step steps[] = {
2003 { start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2004 { add_user_to_lr, lk_unlk },
2005 { end_opal_session, }
2006 };
2007 int ret;
2008
2009 if (lk_unlk->l_state != OPAL_RO &&
2010 lk_unlk->l_state != OPAL_RW) {
2011 pr_debug("Locking state was not RO or RW\n");
2012 return -EINVAL;
2013 }
2014 if (lk_unlk->session.who < OPAL_USER1 ||
2015 lk_unlk->session.who > OPAL_USER9) {
2016 pr_debug("Authority was not within the range of users: %d\n",
2017 lk_unlk->session.who);
2018 return -EINVAL;
2019 }
2020 if (lk_unlk->session.sum) {
2021 pr_debug("%s not supported in sum. Use setup locking range\n",
2022 __func__);
2023 return -EINVAL;
2024 }
2025
2026 mutex_lock(&dev->dev_lock);
2027 setup_opal_dev(dev);
2028 ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2029 mutex_unlock(&dev->dev_lock);
2030 return ret;
2031}
2032
2033static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal)
2034{
2035 const struct opal_step revert_steps[] = {
2036 { start_SIDASP_opal_session, opal },
2037 { revert_tper, }
2038 };
2039 int ret;
2040
2041 mutex_lock(&dev->dev_lock);
2042 setup_opal_dev(dev);
2043 ret = execute_steps(dev, revert_steps, ARRAY_SIZE(revert_steps));
2044 mutex_unlock(&dev->dev_lock);
2045
2046
2047
2048
2049
2050 if (!ret)
2051 clean_opal_dev(dev);
2052
2053 return ret;
2054}
2055
2056static int __opal_lock_unlock(struct opal_dev *dev,
2057 struct opal_lock_unlock *lk_unlk)
2058{
2059 const struct opal_step unlock_steps[] = {
2060 { start_auth_opal_session, &lk_unlk->session },
2061 { lock_unlock_locking_range, lk_unlk },
2062 { end_opal_session, }
2063 };
2064 const struct opal_step unlock_sum_steps[] = {
2065 { start_auth_opal_session, &lk_unlk->session },
2066 { lock_unlock_locking_range_sum, lk_unlk },
2067 { end_opal_session, }
2068 };
2069
2070 if (lk_unlk->session.sum)
2071 return execute_steps(dev, unlock_sum_steps,
2072 ARRAY_SIZE(unlock_sum_steps));
2073 else
2074 return execute_steps(dev, unlock_steps,
2075 ARRAY_SIZE(unlock_steps));
2076}
2077
2078static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2079{
2080 u8 mbr_done_tf = OPAL_TRUE;
2081 const struct opal_step mbrdone_step[] = {
2082 { start_admin1LSP_opal_session, key },
2083 { set_mbr_done, &mbr_done_tf },
2084 { end_opal_session, }
2085 };
2086
2087 return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step));
2088}
2089
2090static int opal_lock_unlock(struct opal_dev *dev,
2091 struct opal_lock_unlock *lk_unlk)
2092{
2093 int ret;
2094
2095 if (lk_unlk->session.who < OPAL_ADMIN1 ||
2096 lk_unlk->session.who > OPAL_USER9)
2097 return -EINVAL;
2098
2099 mutex_lock(&dev->dev_lock);
2100 ret = __opal_lock_unlock(dev, lk_unlk);
2101 mutex_unlock(&dev->dev_lock);
2102 return ret;
2103}
2104
2105static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2106{
2107 const struct opal_step owner_steps[] = {
2108 { start_anybodyASP_opal_session, },
2109 { get_msid_cpin_pin, },
2110 { end_opal_session, },
2111 { start_SIDASP_opal_session, opal },
2112 { set_sid_cpin_pin, opal },
2113 { end_opal_session, }
2114 };
2115 int ret;
2116
2117 if (!dev)
2118 return -ENODEV;
2119
2120 mutex_lock(&dev->dev_lock);
2121 setup_opal_dev(dev);
2122 ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
2123 mutex_unlock(&dev->dev_lock);
2124 return ret;
2125}
2126
2127static int opal_activate_lsp(struct opal_dev *dev,
2128 struct opal_lr_act *opal_lr_act)
2129{
2130 const struct opal_step active_steps[] = {
2131 { start_SIDASP_opal_session, &opal_lr_act->key },
2132 { get_lsp_lifecycle, },
2133 { activate_lsp, opal_lr_act },
2134 { end_opal_session, }
2135 };
2136 int ret;
2137
2138 if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2139 return -EINVAL;
2140
2141 mutex_lock(&dev->dev_lock);
2142 setup_opal_dev(dev);
2143 ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
2144 mutex_unlock(&dev->dev_lock);
2145 return ret;
2146}
2147
2148static int opal_setup_locking_range(struct opal_dev *dev,
2149 struct opal_user_lr_setup *opal_lrs)
2150{
2151 const struct opal_step lr_steps[] = {
2152 { start_auth_opal_session, &opal_lrs->session },
2153 { setup_locking_range, opal_lrs },
2154 { end_opal_session, }
2155 };
2156 int ret;
2157
2158 mutex_lock(&dev->dev_lock);
2159 setup_opal_dev(dev);
2160 ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2161 mutex_unlock(&dev->dev_lock);
2162 return ret;
2163}
2164
2165static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
2166{
2167 const struct opal_step pw_steps[] = {
2168 { start_auth_opal_session, &opal_pw->session },
2169 { set_new_pw, &opal_pw->new_user_pw },
2170 { end_opal_session, }
2171 };
2172 int ret;
2173
2174 if (opal_pw->session.who < OPAL_ADMIN1 ||
2175 opal_pw->session.who > OPAL_USER9 ||
2176 opal_pw->new_user_pw.who < OPAL_ADMIN1 ||
2177 opal_pw->new_user_pw.who > OPAL_USER9)
2178 return -EINVAL;
2179
2180 mutex_lock(&dev->dev_lock);
2181 setup_opal_dev(dev);
2182 ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
2183 mutex_unlock(&dev->dev_lock);
2184 return ret;
2185}
2186
2187static int opal_activate_user(struct opal_dev *dev,
2188 struct opal_session_info *opal_session)
2189{
2190 const struct opal_step act_steps[] = {
2191 { start_admin1LSP_opal_session, &opal_session->opal_key },
2192 { internal_activate_user, opal_session },
2193 { end_opal_session, }
2194 };
2195 int ret;
2196
2197
2198 if (opal_session->who < OPAL_USER1 ||
2199 opal_session->who > OPAL_USER9) {
2200 pr_debug("Who was not a valid user: %d\n", opal_session->who);
2201 return -EINVAL;
2202 }
2203
2204 mutex_lock(&dev->dev_lock);
2205 setup_opal_dev(dev);
2206 ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
2207 mutex_unlock(&dev->dev_lock);
2208 return ret;
2209}
2210
2211bool opal_unlock_from_suspend(struct opal_dev *dev)
2212{
2213 struct opal_suspend_data *suspend;
2214 bool was_failure = false;
2215 int ret = 0;
2216
2217 if (!dev)
2218 return false;
2219 if (!dev->supported)
2220 return false;
2221
2222 mutex_lock(&dev->dev_lock);
2223 setup_opal_dev(dev);
2224
2225 list_for_each_entry(suspend, &dev->unlk_lst, node) {
2226 dev->tsn = 0;
2227 dev->hsn = 0;
2228
2229 ret = __opal_lock_unlock(dev, &suspend->unlk);
2230 if (ret) {
2231 pr_debug("Failed to unlock LR %hhu with sum %d\n",
2232 suspend->unlk.session.opal_key.lr,
2233 suspend->unlk.session.sum);
2234 was_failure = true;
2235 }
2236 if (dev->mbr_enabled) {
2237 ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
2238 if (ret)
2239 pr_debug("Failed to set MBR Done in S3 resume\n");
2240 }
2241 }
2242 mutex_unlock(&dev->dev_lock);
2243 return was_failure;
2244}
2245EXPORT_SYMBOL(opal_unlock_from_suspend);
2246
2247int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
2248{
2249 void *p;
2250 int ret = -ENOTTY;
2251
2252 if (!capable(CAP_SYS_ADMIN))
2253 return -EACCES;
2254 if (!dev)
2255 return -ENOTSUPP;
2256 if (!dev->supported)
2257 return -ENOTSUPP;
2258
2259 p = memdup_user(arg, _IOC_SIZE(cmd));
2260 if (IS_ERR(p))
2261 return PTR_ERR(p);
2262
2263 switch (cmd) {
2264 case IOC_OPAL_SAVE:
2265 ret = opal_save(dev, p);
2266 break;
2267 case IOC_OPAL_LOCK_UNLOCK:
2268 ret = opal_lock_unlock(dev, p);
2269 break;
2270 case IOC_OPAL_TAKE_OWNERSHIP:
2271 ret = opal_take_ownership(dev, p);
2272 break;
2273 case IOC_OPAL_ACTIVATE_LSP:
2274 ret = opal_activate_lsp(dev, p);
2275 break;
2276 case IOC_OPAL_SET_PW:
2277 ret = opal_set_new_pw(dev, p);
2278 break;
2279 case IOC_OPAL_ACTIVATE_USR:
2280 ret = opal_activate_user(dev, p);
2281 break;
2282 case IOC_OPAL_REVERT_TPR:
2283 ret = opal_reverttper(dev, p);
2284 break;
2285 case IOC_OPAL_LR_SETUP:
2286 ret = opal_setup_locking_range(dev, p);
2287 break;
2288 case IOC_OPAL_ADD_USR_TO_LR:
2289 ret = opal_add_user_to_lr(dev, p);
2290 break;
2291 case IOC_OPAL_ENABLE_DISABLE_MBR:
2292 ret = opal_enable_disable_shadow_mbr(dev, p);
2293 break;
2294 case IOC_OPAL_ERASE_LR:
2295 ret = opal_erase_locking_range(dev, p);
2296 break;
2297 case IOC_OPAL_SECURE_ERASE_LR:
2298 ret = opal_secure_erase_locking_range(dev, p);
2299 break;
2300 default:
2301 break;
2302 }
2303
2304 kfree(p);
2305 return ret;
2306}
2307EXPORT_SYMBOL_GPL(sed_ioctl);
2308
