search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'trace-printf-v6.13' of git://git.kernel.org/pub/scm/linux/kernel/git/trace...
[drm/drm-misc.git] / block / sed-opal.c
blob5a28f23f7f22c8966684dcc43fb07a45c0d9d134
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright © 2016 Intel Corporation
4 *
5 * Authors:
6 * Scott Bauer <scott.bauer@intel.com>
7 * Rafael Antognolli <rafael.antognolli@intel.com>
8 */
9
10 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
11
12 #include <linux/delay.h>
13 #include <linux/device.h>
14 #include <linux/kernel.h>
15 #include <linux/list.h>
16 #include <linux/blkdev.h>
17 #include <linux/slab.h>
18 #include <linux/uaccess.h>
19 #include <uapi/linux/sed-opal.h>
20 #include <linux/sed-opal.h>
21 #include <linux/sed-opal-key.h>
22 #include <linux/string.h>
23 #include <linux/kdev_t.h>
24 #include <linux/key.h>
25 #include <linux/key-type.h>
26 #include <keys/user-type.h>
27
28 #include "opal_proto.h"
29
30 #define IO_BUFFER_LENGTH 2048
31 #define MAX_TOKS 64
32
33 /* Number of bytes needed by cmd_finalize. */
34 #define CMD_FINALIZE_BYTES_NEEDED 7
35
36 static struct key *sed_opal_keyring;
37
38 struct opal_step {
39 int (*fn)(struct opal_dev *dev, void *data);
40 void *data;
41 };
42 typedef int (cont_fn)(struct opal_dev *dev);
43
44 enum opal_atom_width {
45 OPAL_WIDTH_TINY,
46 OPAL_WIDTH_SHORT,
47 OPAL_WIDTH_MEDIUM,
48 OPAL_WIDTH_LONG,
49 OPAL_WIDTH_TOKEN
50 };
51
52 /*
53 * On the parsed response, we don't store again the toks that are already
54 * stored in the response buffer. Instead, for each token, we just store a
55 * pointer to the position in the buffer where the token starts, and the size
56 * of the token in bytes.
57 */
58 struct opal_resp_tok {
59 const u8 *pos;
60 size_t len;
61 enum opal_response_token type;
62 enum opal_atom_width width;
63 union {
64 u64 u;
65 s64 s;
66 } stored;
67 };
68
69 /*
70 * From the response header it's not possible to know how many tokens there are
71 * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
72 * if we start dealing with messages that have more than that, we can increase
73 * this number. This is done to avoid having to make two passes through the
74 * response, the first one counting how many tokens we have and the second one
75 * actually storing the positions.
76 */
77 struct parsed_resp {
78 int num;
79 struct opal_resp_tok toks[MAX_TOKS];
80 };
81
82 struct opal_dev {
83 u32 flags;
84
85 void *data;
86 sec_send_recv *send_recv;
87
88 struct mutex dev_lock;
89 u16 comid;
90 u32 hsn;
91 u32 tsn;
92 u64 align; /* alignment granularity */
93 u64 lowest_lba;
94 u32 logical_block_size;
95 u8 align_required; /* ALIGN: 0 or 1 */
96
97 size_t pos;
98 u8 *cmd;
99 u8 *resp;
100
101 struct parsed_resp parsed;
102 size_t prev_d_len;
103 void *prev_data;
104
105 struct list_head unlk_lst;
106 };
107
108
109 static const u8 opaluid[][OPAL_UID_LENGTH] = {
110 /* users */
111 [OPAL_SMUID_UID] =
112 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
113 [OPAL_THISSP_UID] =
114 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
115 [OPAL_ADMINSP_UID] =
116 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
117 [OPAL_LOCKINGSP_UID] =
118 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
119 [OPAL_ENTERPRISE_LOCKINGSP_UID] =
120 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
121 [OPAL_ANYBODY_UID] =
122 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
123 [OPAL_SID_UID] =
124 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
125 [OPAL_ADMIN1_UID] =
126 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
127 [OPAL_USER1_UID] =
128 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
129 [OPAL_USER2_UID] =
130 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
131 [OPAL_PSID_UID] =
132 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
133 [OPAL_ENTERPRISE_BANDMASTER0_UID] =
134 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
135 [OPAL_ENTERPRISE_ERASEMASTER_UID] =
136 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
137
138 /* tables */
139 [OPAL_TABLE_TABLE] =
140 { 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01 },
141 [OPAL_LOCKINGRANGE_GLOBAL] =
142 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
143 [OPAL_LOCKINGRANGE_ACE_START_TO_KEY] =
144 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xD0, 0x01 },
145 [OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
146 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
147 [OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
148 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
149 [OPAL_MBRCONTROL] =
150 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
151 [OPAL_MBR] =
152 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
153 [OPAL_AUTHORITY_TABLE] =
154 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
155 [OPAL_C_PIN_TABLE] =
156 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
157 [OPAL_LOCKING_INFO_TABLE] =
158 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
159 [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
160 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
161 [OPAL_DATASTORE] =
162 { 0x00, 0x00, 0x10, 0x01, 0x00, 0x00, 0x00, 0x00 },
163
164 /* C_PIN_TABLE object ID's */
165 [OPAL_C_PIN_MSID] =
166 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
167 [OPAL_C_PIN_SID] =
168 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
169 [OPAL_C_PIN_ADMIN1] =
170 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
171
172 /* half UID's (only first 4 bytes used) */
173 [OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
174 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
175 [OPAL_HALF_UID_BOOLEAN_ACE] =
176 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
177
178 /* special value for omitted optional parameter */
179 [OPAL_UID_HEXFF] =
180 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
181 };
182
183 /*
184 * TCG Storage SSC Methods.
185 * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
186 * Section: 6.3 Assigned UIDs
187 */
188 static const u8 opalmethod[][OPAL_METHOD_LENGTH] = {
189 [OPAL_PROPERTIES] =
190 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
191 [OPAL_STARTSESSION] =
192 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
193 [OPAL_REVERT] =
194 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
195 [OPAL_ACTIVATE] =
196 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
197 [OPAL_EGET] =
198 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
199 [OPAL_ESET] =
200 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
201 [OPAL_NEXT] =
202 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
203 [OPAL_EAUTHENTICATE] =
204 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
205 [OPAL_GETACL] =
206 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
207 [OPAL_GENKEY] =
208 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
209 [OPAL_REVERTSP] =
210 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
211 [OPAL_GET] =
212 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
213 [OPAL_SET] =
214 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
215 [OPAL_AUTHENTICATE] =
216 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
217 [OPAL_RANDOM] =
218 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
219 [OPAL_ERASE] =
220 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
221 };
222
223 static int end_opal_session_error(struct opal_dev *dev);
224 static int opal_discovery0_step(struct opal_dev *dev);
225
226 struct opal_suspend_data {
227 struct opal_lock_unlock unlk;
228 u8 lr;
229 struct list_head node;
230 };
231
232 /*
233 * Derived from:
234 * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
235 * Section: 5.1.5 Method Status Codes
236 */
237 static const char * const opal_errors[] = {
238 "Success",
239 "Not Authorized",
240 "Unknown Error",
241 "SP Busy",
242 "SP Failed",
243 "SP Disabled",
244 "SP Frozen",
245 "No Sessions Available",
246 "Uniqueness Conflict",
247 "Insufficient Space",
248 "Insufficient Rows",
249 "Invalid Function",
250 "Invalid Parameter",
251 "Invalid Reference",
252 "Unknown Error",
253 "TPER Malfunction",
254 "Transaction Failure",
255 "Response Overflow",
256 "Authority Locked Out",
257 };
258
259 static const char *opal_error_to_human(int error)
260 {
261 if (error == 0x3f)
262 return "Failed";
263
264 if (error >= ARRAY_SIZE(opal_errors) || error < 0)
265 return "Unknown Error";
266
267 return opal_errors[error];
268 }
269
270 static void print_buffer(const u8 *ptr, u32 length)
271 {
272 #ifdef DEBUG
273 print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
274 pr_debug("\n");
275 #endif
276 }
277
278 /*
279 * Allocate/update a SED Opal key and add it to the SED Opal keyring.
280 */
281 static int update_sed_opal_key(const char *desc, u_char *key_data, int keylen)
282 {
283 key_ref_t kr;
284
285 if (!sed_opal_keyring)
286 return -ENOKEY;
287
288 kr = key_create_or_update(make_key_ref(sed_opal_keyring, true), "user",
289 desc, (const void *)key_data, keylen,
290 KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_WRITE,
291 KEY_ALLOC_NOT_IN_QUOTA | KEY_ALLOC_BUILT_IN |
292 KEY_ALLOC_BYPASS_RESTRICTION);
293 if (IS_ERR(kr)) {
294 pr_err("Error adding SED key (%ld)\n", PTR_ERR(kr));
295 return PTR_ERR(kr);
296 }
297
298 return 0;
299 }
300
301 /*
302 * Read a SED Opal key from the SED Opal keyring.
303 */
304 static int read_sed_opal_key(const char *key_name, u_char *buffer, int buflen)
305 {
306 int ret;
307 key_ref_t kref;
308 struct key *key;
309
310 if (!sed_opal_keyring)
311 return -ENOKEY;
312
313 kref = keyring_search(make_key_ref(sed_opal_keyring, true),
314 &key_type_user, key_name, true);
315
316 if (IS_ERR(kref))
317 return PTR_ERR(kref);
318
319 key = key_ref_to_ptr(kref);
320 down_read(&key->sem);
321 ret = key_validate(key);
322 if (ret == 0) {
323 if (buflen > key->datalen)
324 buflen = key->datalen;
325
326 ret = key->type->read(key, (char *)buffer, buflen);
327 }
328 up_read(&key->sem);
329
330 key_ref_put(kref);
331
332 return ret;
333 }
334
335 static int opal_get_key(struct opal_dev *dev, struct opal_key *key)
336 {
337 int ret = 0;
338
339 switch (key->key_type) {
340 case OPAL_INCLUDED:
341 /* the key is ready to use */
342 break;
343 case OPAL_KEYRING:
344 /* the key is in the keyring */
345 ret = read_sed_opal_key(OPAL_AUTH_KEY, key->key, OPAL_KEY_MAX);
346 if (ret > 0) {
347 if (ret > U8_MAX) {
348 ret = -ENOSPC;
349 goto error;
350 }
351 key->key_len = ret;
352 key->key_type = OPAL_INCLUDED;
353 }
354 break;
355 default:
356 ret = -EINVAL;
357 break;
358 }
359 if (ret < 0)
360 goto error;
361
362 /* must have a PEK by now or it's an error */
363 if (key->key_type != OPAL_INCLUDED || key->key_len == 0) {
364 ret = -EINVAL;
365 goto error;
366 }
367 return 0;
368 error:
369 pr_debug("Error getting password: %d\n", ret);
370 return ret;
371 }
372
373 static bool check_tper(const void *data)
374 {
375 const struct d0_tper_features *tper = data;
376 u8 flags = tper->supported_features;
377
378 if (!(flags & TPER_SYNC_SUPPORTED)) {
379 pr_debug("TPer sync not supported. flags = %d\n",
380 tper->supported_features);
381 return false;
382 }
383
384 return true;
385 }
386
387 static bool check_lcksuppt(const void *data)
388 {
389 const struct d0_locking_features *lfeat = data;
390 u8 sup_feat = lfeat->supported_features;
391
392 return !!(sup_feat & LOCKING_SUPPORTED_MASK);
393 }
394
395 static bool check_lckenabled(const void *data)
396 {
397 const struct d0_locking_features *lfeat = data;
398 u8 sup_feat = lfeat->supported_features;
399
400 return !!(sup_feat & LOCKING_ENABLED_MASK);
401 }
402
403 static bool check_locked(const void *data)
404 {
405 const struct d0_locking_features *lfeat = data;
406 u8 sup_feat = lfeat->supported_features;
407
408 return !!(sup_feat & LOCKED_MASK);
409 }
410
411 static bool check_mbrenabled(const void *data)
412 {
413 const struct d0_locking_features *lfeat = data;
414 u8 sup_feat = lfeat->supported_features;
415
416 return !!(sup_feat & MBR_ENABLED_MASK);
417 }
418
419 static bool check_mbrdone(const void *data)
420 {
421 const struct d0_locking_features *lfeat = data;
422 u8 sup_feat = lfeat->supported_features;
423
424 return !!(sup_feat & MBR_DONE_MASK);
425 }
426
427 static bool check_sum(const void *data)
428 {
429 const struct d0_single_user_mode *sum = data;
430 u32 nlo = be32_to_cpu(sum->num_locking_objects);
431
432 if (nlo == 0) {
433 pr_debug("Need at least one locking object.\n");
434 return false;
435 }
436
437 pr_debug("Number of locking objects: %d\n", nlo);
438
439 return true;
440 }
441
442 static u16 get_comid_v100(const void *data)
443 {
444 const struct d0_opal_v100 *v100 = data;
445
446 return be16_to_cpu(v100->baseComID);
447 }
448
449 static u16 get_comid_v200(const void *data)
450 {
451 const struct d0_opal_v200 *v200 = data;
452
453 return be16_to_cpu(v200->baseComID);
454 }
455
456 static int opal_send_cmd(struct opal_dev *dev)
457 {
458 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
459 dev->cmd, IO_BUFFER_LENGTH,
460 true);
461 }
462
463 static int opal_recv_cmd(struct opal_dev *dev)
464 {
465 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
466 dev->resp, IO_BUFFER_LENGTH,
467 false);
468 }
469
470 static int opal_recv_check(struct opal_dev *dev)
471 {
472 size_t buflen = IO_BUFFER_LENGTH;
473 void *buffer = dev->resp;
474 struct opal_header *hdr = buffer;
475 int ret;
476
477 do {
478 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
479 hdr->cp.outstandingData,
480 hdr->cp.minTransfer);
481
482 if (hdr->cp.outstandingData == 0 ||
483 hdr->cp.minTransfer != 0)
484 return 0;
485
486 memset(buffer, 0, buflen);
487 ret = opal_recv_cmd(dev);
488 } while (!ret);
489
490 return ret;
491 }
492
493 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
494 {
495 int ret;
496
497 ret = opal_send_cmd(dev);
498 if (ret)
499 return ret;
500 ret = opal_recv_cmd(dev);
501 if (ret)
502 return ret;
503 ret = opal_recv_check(dev);
504 if (ret)
505 return ret;
506 return cont(dev);
507 }
508
509 static void check_geometry(struct opal_dev *dev, const void *data)
510 {
511 const struct d0_geometry_features *geo = data;
512
513 dev->align = be64_to_cpu(geo->alignment_granularity);
514 dev->lowest_lba = be64_to_cpu(geo->lowest_aligned_lba);
515 dev->logical_block_size = be32_to_cpu(geo->logical_block_size);
516 dev->align_required = geo->reserved01 & 1;
517 }
518
519 static int execute_step(struct opal_dev *dev,
520 const struct opal_step *step, size_t stepIndex)
521 {
522 int error = step->fn(dev, step->data);
523
524 if (error) {
525 pr_debug("Step %zu (%pS) failed with error %d: %s\n",
526 stepIndex, step->fn, error,
527 opal_error_to_human(error));
528 }
529
530 return error;
531 }
532
533 static int execute_steps(struct opal_dev *dev,
534 const struct opal_step *steps, size_t n_steps)
535 {
536 size_t state = 0;
537 int error;
538
539 /* first do a discovery0 */
540 error = opal_discovery0_step(dev);
541 if (error)
542 return error;
543
544 for (state = 0; state < n_steps; state++) {
545 error = execute_step(dev, &steps[state], state);
546 if (error)
547 goto out_error;
548 }
549
550 return 0;
551
552 out_error:
553 /*
554 * For each OPAL command the first step in steps starts some sort of
555 * session. If an error occurred in the initial discovery0 or if an
556 * error occurred in the first step (and thus stopping the loop with
557 * state == 0) then there was an error before or during the attempt to
558 * start a session. Therefore we shouldn't attempt to terminate a
559 * session, as one has not yet been created.
560 */
561 if (state > 0)
562 end_opal_session_error(dev);
563
564 return error;
565 }
566
567 static int opal_discovery0_end(struct opal_dev *dev, void *data)
568 {
569 struct opal_discovery *discv_out = data; /* may be NULL */
570 u8 __user *buf_out;
571 u64 len_out;
572 bool found_com_id = false, supported = true, single_user = false;
573 const struct d0_header *hdr = (struct d0_header *)dev->resp;
574 const u8 *epos = dev->resp, *cpos = dev->resp;
575 u16 comid = 0;
576 u32 hlen = be32_to_cpu(hdr->length);
577
578 print_buffer(dev->resp, hlen);
579 dev->flags &= OPAL_FL_SUPPORTED;
580
581 if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
582 pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
583 sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
584 return -EFAULT;
585 }
586
587 if (discv_out) {
588 buf_out = (u8 __user *)(uintptr_t)discv_out->data;
589 len_out = min_t(u64, discv_out->size, hlen);
590 if (buf_out && copy_to_user(buf_out, dev->resp, len_out))
591 return -EFAULT;
592
593 discv_out->size = hlen; /* actual size of data */
594 }
595
596 epos += hlen; /* end of buffer */
597 cpos += sizeof(*hdr); /* current position on buffer */
598
599 while (cpos < epos && supported) {
600 const struct d0_features *body =
601 (const struct d0_features *)cpos;
602
603 switch (be16_to_cpu(body->code)) {
604 case FC_TPER:
605 supported = check_tper(body->features);
606 break;
607 case FC_SINGLEUSER:
608 single_user = check_sum(body->features);
609 if (single_user)
610 dev->flags |= OPAL_FL_SUM_SUPPORTED;
611 break;
612 case FC_GEOMETRY:
613 check_geometry(dev, body);
614 break;
615 case FC_LOCKING:
616 if (check_lcksuppt(body->features))
617 dev->flags |= OPAL_FL_LOCKING_SUPPORTED;
618 if (check_lckenabled(body->features))
619 dev->flags |= OPAL_FL_LOCKING_ENABLED;
620 if (check_locked(body->features))
621 dev->flags |= OPAL_FL_LOCKED;
622 if (check_mbrenabled(body->features))
623 dev->flags |= OPAL_FL_MBR_ENABLED;
624 if (check_mbrdone(body->features))
625 dev->flags |= OPAL_FL_MBR_DONE;
626 break;
627 case FC_ENTERPRISE:
628 case FC_DATASTORE:
629 /* some ignored properties */
630 pr_debug("Found OPAL feature description: %d\n",
631 be16_to_cpu(body->code));
632 break;
633 case FC_OPALV100:
634 comid = get_comid_v100(body->features);
635 found_com_id = true;
636 break;
637 case FC_OPALV200:
638 comid = get_comid_v200(body->features);
639 found_com_id = true;
640 break;
641 case 0xbfff ... 0xffff:
642 /* vendor specific, just ignore */
643 break;
644 default:
645 pr_debug("OPAL Unknown feature: %d\n",
646 be16_to_cpu(body->code));
647
648 }
649 cpos += body->length + 4;
650 }
651
652 if (!supported) {
653 pr_debug("This device is not Opal enabled. Not Supported!\n");
654 return -EOPNOTSUPP;
655 }
656
657 if (!single_user)
658 pr_debug("Device doesn't support single user mode\n");
659
660
661 if (!found_com_id) {
662 pr_debug("Could not find OPAL comid for device. Returning early\n");
663 return -EOPNOTSUPP;
664 }
665
666 dev->comid = comid;
667
668 return 0;
669 }
670
671 static int opal_discovery0(struct opal_dev *dev, void *data)
672 {
673 int ret;
674
675 memset(dev->resp, 0, IO_BUFFER_LENGTH);
676 dev->comid = OPAL_DISCOVERY_COMID;
677 ret = opal_recv_cmd(dev);
678 if (ret)
679 return ret;
680
681 return opal_discovery0_end(dev, data);
682 }
683
684 static int opal_discovery0_step(struct opal_dev *dev)
685 {
686 const struct opal_step discovery0_step = {
687 opal_discovery0, NULL
688 };
689
690 return execute_step(dev, &discovery0_step, 0);
691 }
692
693 static size_t remaining_size(struct opal_dev *cmd)
694 {
695 return IO_BUFFER_LENGTH - cmd->pos;
696 }
697
698 static bool can_add(int *err, struct opal_dev *cmd, size_t len)
699 {
700 if (*err)
701 return false;
702
703 if (remaining_size(cmd) < len) {
704 pr_debug("Error adding %zu bytes: end of buffer.\n", len);
705 *err = -ERANGE;
706 return false;
707 }
708
709 return true;
710 }
711
712 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
713 {
714 if (!can_add(err, cmd, 1))
715 return;
716
717 cmd->cmd[cmd->pos++] = tok;
718 }
719
720 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
721 bool has_sign, int len)
722 {
723 u8 atom;
724 int err = 0;
725
726 atom = SHORT_ATOM_ID;
727 atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
728 atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
729 atom |= len & SHORT_ATOM_LEN_MASK;
730
731 add_token_u8(&err, cmd, atom);
732 }
733
734 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
735 bool has_sign, int len)
736 {
737 u8 header0;
738
739 header0 = MEDIUM_ATOM_ID;
740 header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
741 header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
742 header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
743
744 cmd->cmd[cmd->pos++] = header0;
745 cmd->cmd[cmd->pos++] = len;
746 }
747
748 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
749 {
750 size_t len;
751 int msb;
752
753 if (!(number & ~TINY_ATOM_DATA_MASK)) {
754 add_token_u8(err, cmd, number);
755 return;
756 }
757
758 msb = fls64(number);
759 len = DIV_ROUND_UP(msb, 8);
760
761 if (!can_add(err, cmd, len + 1)) {
762 pr_debug("Error adding u64: end of buffer.\n");
763 return;
764 }
765 add_short_atom_header(cmd, false, false, len);
766 while (len--)
767 add_token_u8(err, cmd, number >> (len * 8));
768 }
769
770 static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len)
771 {
772 size_t header_len = 1;
773 bool is_short_atom = true;
774
775 if (len & ~SHORT_ATOM_LEN_MASK) {
776 header_len = 2;
777 is_short_atom = false;
778 }
779
780 if (!can_add(err, cmd, header_len + len)) {
781 pr_debug("Error adding bytestring: end of buffer.\n");
782 return NULL;
783 }
784
785 if (is_short_atom)
786 add_short_atom_header(cmd, true, false, len);
787 else
788 add_medium_atom_header(cmd, true, false, len);
789
790 return &cmd->cmd[cmd->pos];
791 }
792
793 static void add_token_bytestring(int *err, struct opal_dev *cmd,
794 const u8 *bytestring, size_t len)
795 {
796 u8 *start;
797
798 start = add_bytestring_header(err, cmd, len);
799 if (!start)
800 return;
801 memcpy(start, bytestring, len);
802 cmd->pos += len;
803 }
804
805 static int build_locking_range(u8 *buffer, size_t length, u8 lr)
806 {
807 if (length > OPAL_UID_LENGTH) {
808 pr_debug("Can't build locking range. Length OOB\n");
809 return -ERANGE;
810 }
811
812 memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
813
814 if (lr == 0)
815 return 0;
816
817 buffer[5] = LOCKING_RANGE_NON_GLOBAL;
818 buffer[7] = lr;
819
820 return 0;
821 }
822
823 static int build_locking_user(u8 *buffer, size_t length, u8 lr)
824 {
825 if (length > OPAL_UID_LENGTH) {
826 pr_debug("Can't build locking range user. Length OOB\n");
827 return -ERANGE;
828 }
829
830 memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
831
832 buffer[7] = lr + 1;
833
834 return 0;
835 }
836
837 static void set_comid(struct opal_dev *cmd, u16 comid)
838 {
839 struct opal_header *hdr = (struct opal_header *)cmd->cmd;
840
841 hdr->cp.extendedComID[0] = comid >> 8;
842 hdr->cp.extendedComID[1] = comid;
843 hdr->cp.extendedComID[2] = 0;
844 hdr->cp.extendedComID[3] = 0;
845 }
846
847 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
848 {
849 struct opal_header *hdr;
850 int err = 0;
851
852 /*
853 * Close the parameter list opened from cmd_start.
854 * The number of bytes added must be equal to
855 * CMD_FINALIZE_BYTES_NEEDED.
856 */
857 add_token_u8(&err, cmd, OPAL_ENDLIST);
858
859 add_token_u8(&err, cmd, OPAL_ENDOFDATA);
860 add_token_u8(&err, cmd, OPAL_STARTLIST);
861 add_token_u8(&err, cmd, 0);
862 add_token_u8(&err, cmd, 0);
863 add_token_u8(&err, cmd, 0);
864 add_token_u8(&err, cmd, OPAL_ENDLIST);
865
866 if (err) {
867 pr_debug("Error finalizing command.\n");
868 return -EFAULT;
869 }
870
871 hdr = (struct opal_header *) cmd->cmd;
872
873 hdr->pkt.tsn = cpu_to_be32(tsn);
874 hdr->pkt.hsn = cpu_to_be32(hsn);
875
876 hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
877 while (cmd->pos % 4) {
878 if (cmd->pos >= IO_BUFFER_LENGTH) {
879 pr_debug("Error: Buffer overrun\n");
880 return -ERANGE;
881 }
882 cmd->cmd[cmd->pos++] = 0;
883 }
884 hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
885 sizeof(hdr->pkt));
886 hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
887
888 return 0;
889 }
890
891 static const struct opal_resp_tok *response_get_token(
892 const struct parsed_resp *resp,
893 int n)
894 {
895 const struct opal_resp_tok *tok;
896
897 if (!resp) {
898 pr_debug("Response is NULL\n");
899 return ERR_PTR(-EINVAL);
900 }
901
902 if (n >= resp->num) {
903 pr_debug("Token number doesn't exist: %d, resp: %d\n",
904 n, resp->num);
905 return ERR_PTR(-EINVAL);
906 }
907
908 tok = &resp->toks[n];
909 if (tok->len == 0) {
910 pr_debug("Token length must be non-zero\n");
911 return ERR_PTR(-EINVAL);
912 }
913
914 return tok;
915 }
916
917 static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
918 const u8 *pos)
919 {
920 tok->pos = pos;
921 tok->len = 1;
922 tok->width = OPAL_WIDTH_TINY;
923
924 if (pos[0] & TINY_ATOM_SIGNED) {
925 tok->type = OPAL_DTA_TOKENID_SINT;
926 } else {
927 tok->type = OPAL_DTA_TOKENID_UINT;
928 tok->stored.u = pos[0] & 0x3f;
929 }
930
931 return tok->len;
932 }
933
934 static ssize_t response_parse_short(struct opal_resp_tok *tok,
935 const u8 *pos)
936 {
937 tok->pos = pos;
938 tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
939 tok->width = OPAL_WIDTH_SHORT;
940
941 if (pos[0] & SHORT_ATOM_BYTESTRING) {
942 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
943 } else if (pos[0] & SHORT_ATOM_SIGNED) {
944 tok->type = OPAL_DTA_TOKENID_SINT;
945 } else {
946 u64 u_integer = 0;
947 ssize_t i, b = 0;
948
949 tok->type = OPAL_DTA_TOKENID_UINT;
950 if (tok->len > 9) {
951 pr_debug("uint64 with more than 8 bytes\n");
952 return -EINVAL;
953 }
954 for (i = tok->len - 1; i > 0; i--) {
955 u_integer |= ((u64)pos[i] << (8 * b));
956 b++;
957 }
958 tok->stored.u = u_integer;
959 }
960
961 return tok->len;
962 }
963
964 static ssize_t response_parse_medium(struct opal_resp_tok *tok,
965 const u8 *pos)
966 {
967 tok->pos = pos;
968 tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
969 tok->width = OPAL_WIDTH_MEDIUM;
970
971 if (pos[0] & MEDIUM_ATOM_BYTESTRING)
972 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
973 else if (pos[0] & MEDIUM_ATOM_SIGNED)
974 tok->type = OPAL_DTA_TOKENID_SINT;
975 else
976 tok->type = OPAL_DTA_TOKENID_UINT;
977
978 return tok->len;
979 }
980
981 static ssize_t response_parse_long(struct opal_resp_tok *tok,
982 const u8 *pos)
983 {
984 tok->pos = pos;
985 tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
986 tok->width = OPAL_WIDTH_LONG;
987
988 if (pos[0] & LONG_ATOM_BYTESTRING)
989 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
990 else if (pos[0] & LONG_ATOM_SIGNED)
991 tok->type = OPAL_DTA_TOKENID_SINT;
992 else
993 tok->type = OPAL_DTA_TOKENID_UINT;
994
995 return tok->len;
996 }
997
998 static ssize_t response_parse_token(struct opal_resp_tok *tok,
999 const u8 *pos)
1000 {
1001 tok->pos = pos;
1002 tok->len = 1;
1003 tok->type = OPAL_DTA_TOKENID_TOKEN;
1004 tok->width = OPAL_WIDTH_TOKEN;
1005
1006 return tok->len;
1007 }
1008
1009 static int response_parse(const u8 *buf, size_t length,
1010 struct parsed_resp *resp)
1011 {
1012 const struct opal_header *hdr;
1013 struct opal_resp_tok *iter;
1014 int num_entries = 0;
1015 int total;
1016 ssize_t token_length;
1017 const u8 *pos;
1018 u32 clen, plen, slen;
1019
1020 if (!buf)
1021 return -EFAULT;
1022
1023 if (!resp)
1024 return -EFAULT;
1025
1026 hdr = (struct opal_header *)buf;
1027 pos = buf;
1028 pos += sizeof(*hdr);
1029
1030 clen = be32_to_cpu(hdr->cp.length);
1031 plen = be32_to_cpu(hdr->pkt.length);
1032 slen = be32_to_cpu(hdr->subpkt.length);
1033 pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
1034 clen, plen, slen);
1035
1036 if (clen == 0 || plen == 0 || slen == 0 ||
1037 slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
1038 pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
1039 clen, plen, slen);
1040 print_buffer(pos, sizeof(*hdr));
1041 return -EINVAL;
1042 }
1043
1044 if (pos > buf + length)
1045 return -EFAULT;
1046
1047 iter = resp->toks;
1048 total = slen;
1049 print_buffer(pos, total);
1050 while (total > 0) {
1051 if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
1052 token_length = response_parse_tiny(iter, pos);
1053 else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
1054 token_length = response_parse_short(iter, pos);
1055 else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
1056 token_length = response_parse_medium(iter, pos);
1057 else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
1058 token_length = response_parse_long(iter, pos);
1059 else if (pos[0] == EMPTY_ATOM_BYTE) /* empty atom */
1060 token_length = 1;
1061 else /* TOKEN */
1062 token_length = response_parse_token(iter, pos);
1063
1064 if (token_length < 0)
1065 return token_length;
1066
1067 if (pos[0] != EMPTY_ATOM_BYTE)
1068 num_entries++;
1069
1070 pos += token_length;
1071 total -= token_length;
1072 iter++;
1073 }
1074
1075 resp->num = num_entries;
1076
1077 return 0;
1078 }
1079
1080 static size_t response_get_string(const struct parsed_resp *resp, int n,
1081 const char **store)
1082 {
1083 u8 skip;
1084 const struct opal_resp_tok *tok;
1085
1086 *store = NULL;
1087 tok = response_get_token(resp, n);
1088 if (IS_ERR(tok))
1089 return 0;
1090
1091 if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) {
1092 pr_debug("Token is not a byte string!\n");
1093 return 0;
1094 }
1095
1096 switch (tok->width) {
1097 case OPAL_WIDTH_TINY:
1098 case OPAL_WIDTH_SHORT:
1099 skip = 1;
1100 break;
1101 case OPAL_WIDTH_MEDIUM:
1102 skip = 2;
1103 break;
1104 case OPAL_WIDTH_LONG:
1105 skip = 4;
1106 break;
1107 default:
1108 pr_debug("Token has invalid width!\n");
1109 return 0;
1110 }
1111
1112 *store = tok->pos + skip;
1113
1114 return tok->len - skip;
1115 }
1116
1117 static u64 response_get_u64(const struct parsed_resp *resp, int n)
1118 {
1119 const struct opal_resp_tok *tok;
1120
1121 tok = response_get_token(resp, n);
1122 if (IS_ERR(tok))
1123 return 0;
1124
1125 if (tok->type != OPAL_DTA_TOKENID_UINT) {
1126 pr_debug("Token is not unsigned int: %d\n", tok->type);
1127 return 0;
1128 }
1129
1130 if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) {
1131 pr_debug("Atom is not short or tiny: %d\n", tok->width);
1132 return 0;
1133 }
1134
1135 return tok->stored.u;
1136 }
1137
1138 static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
1139 {
1140 if (IS_ERR(token) ||
1141 token->type != OPAL_DTA_TOKENID_TOKEN ||
1142 token->pos[0] != match)
1143 return false;
1144 return true;
1145 }
1146
1147 static u8 response_status(const struct parsed_resp *resp)
1148 {
1149 const struct opal_resp_tok *tok;
1150
1151 tok = response_get_token(resp, 0);
1152 if (response_token_matches(tok, OPAL_ENDOFSESSION))
1153 return 0;
1154
1155 if (resp->num < 5)
1156 return DTAERROR_NO_METHOD_STATUS;
1157
1158 tok = response_get_token(resp, resp->num - 5);
1159 if (!response_token_matches(tok, OPAL_STARTLIST))
1160 return DTAERROR_NO_METHOD_STATUS;
1161
1162 tok = response_get_token(resp, resp->num - 1);
1163 if (!response_token_matches(tok, OPAL_ENDLIST))
1164 return DTAERROR_NO_METHOD_STATUS;
1165
1166 return response_get_u64(resp, resp->num - 4);
1167 }
1168
1169 /* Parses and checks for errors */
1170 static int parse_and_check_status(struct opal_dev *dev)
1171 {
1172 int error;
1173
1174 print_buffer(dev->cmd, dev->pos);
1175
1176 error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
1177 if (error) {
1178 pr_debug("Couldn't parse response.\n");
1179 return error;
1180 }
1181
1182 return response_status(&dev->parsed);
1183 }
1184
1185 static void clear_opal_cmd(struct opal_dev *dev)
1186 {
1187 dev->pos = sizeof(struct opal_header);
1188 memset(dev->cmd, 0, IO_BUFFER_LENGTH);
1189 }
1190
1191 static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method)
1192 {
1193 int err = 0;
1194
1195 clear_opal_cmd(dev);
1196 set_comid(dev, dev->comid);
1197
1198 add_token_u8(&err, dev, OPAL_CALL);
1199 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1200 add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH);
1201
1202 /*
1203 * Every method call is followed by its parameters enclosed within
1204 * OPAL_STARTLIST and OPAL_ENDLIST tokens. We automatically open the
1205 * parameter list here and close it later in cmd_finalize.
1206 */
1207 add_token_u8(&err, dev, OPAL_STARTLIST);
1208
1209 return err;
1210 }
1211
1212 static int start_opal_session_cont(struct opal_dev *dev)
1213 {
1214 u32 hsn, tsn;
1215 int error;
1216
1217 error = parse_and_check_status(dev);
1218 if (error)
1219 return error;
1220
1221 hsn = response_get_u64(&dev->parsed, 4);
1222 tsn = response_get_u64(&dev->parsed, 5);
1223
1224 if (hsn != GENERIC_HOST_SESSION_NUM || tsn < FIRST_TPER_SESSION_NUM) {
1225 pr_debug("Couldn't authenticate session\n");
1226 return -EPERM;
1227 }
1228
1229 dev->hsn = hsn;
1230 dev->tsn = tsn;
1231
1232 return 0;
1233 }
1234
1235 static void add_suspend_info(struct opal_dev *dev,
1236 struct opal_suspend_data *sus)
1237 {
1238 struct opal_suspend_data *iter;
1239
1240 list_for_each_entry(iter, &dev->unlk_lst, node) {
1241 if (iter->lr == sus->lr) {
1242 list_del(&iter->node);
1243 kfree(iter);
1244 break;
1245 }
1246 }
1247 list_add_tail(&sus->node, &dev->unlk_lst);
1248 }
1249
1250 static int end_session_cont(struct opal_dev *dev)
1251 {
1252 dev->hsn = 0;
1253 dev->tsn = 0;
1254
1255 return parse_and_check_status(dev);
1256 }
1257
1258 static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1259 {
1260 int ret;
1261
1262 ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1263 if (ret) {
1264 pr_debug("Error finalizing command buffer: %d\n", ret);
1265 return ret;
1266 }
1267
1268 print_buffer(dev->cmd, dev->pos);
1269
1270 return opal_send_recv(dev, cont);
1271 }
1272
1273 static int generic_get_columns(struct opal_dev *dev, const u8 *table,
1274 u64 start_column, u64 end_column)
1275 {
1276 int err;
1277
1278 err = cmd_start(dev, table, opalmethod[OPAL_GET]);
1279
1280 add_token_u8(&err, dev, OPAL_STARTLIST);
1281
1282 add_token_u8(&err, dev, OPAL_STARTNAME);
1283 add_token_u8(&err, dev, OPAL_STARTCOLUMN);
1284 add_token_u64(&err, dev, start_column);
1285 add_token_u8(&err, dev, OPAL_ENDNAME);
1286
1287 add_token_u8(&err, dev, OPAL_STARTNAME);
1288 add_token_u8(&err, dev, OPAL_ENDCOLUMN);
1289 add_token_u64(&err, dev, end_column);
1290 add_token_u8(&err, dev, OPAL_ENDNAME);
1291
1292 add_token_u8(&err, dev, OPAL_ENDLIST);
1293
1294 if (err)
1295 return err;
1296
1297 return finalize_and_send(dev, parse_and_check_status);
1298 }
1299
1300 /*
1301 * request @column from table @table on device @dev. On success, the column
1302 * data will be available in dev->resp->tok[4]
1303 */
1304 static int generic_get_column(struct opal_dev *dev, const u8 *table,
1305 u64 column)
1306 {
1307 return generic_get_columns(dev, table, column, column);
1308 }
1309
1310 /*
1311 * see TCG SAS 5.3.2.3 for a description of the available columns
1312 *
1313 * the result is provided in dev->resp->tok[4]
1314 */
1315 static int generic_get_table_info(struct opal_dev *dev, const u8 *table_uid,
1316 u64 column)
1317 {
1318 u8 uid[OPAL_UID_LENGTH];
1319 const unsigned int half = OPAL_UID_LENGTH_HALF;
1320
1321 /* sed-opal UIDs can be split in two halves:
1322 * first: actual table index
1323 * second: relative index in the table
1324 * so we have to get the first half of the OPAL_TABLE_TABLE and use the
1325 * first part of the target table as relative index into that table
1326 */
1327 memcpy(uid, opaluid[OPAL_TABLE_TABLE], half);
1328 memcpy(uid + half, table_uid, half);
1329
1330 return generic_get_column(dev, uid, column);
1331 }
1332
1333 static int gen_key(struct opal_dev *dev, void *data)
1334 {
1335 u8 uid[OPAL_UID_LENGTH];
1336 int err;
1337
1338 memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1339 kfree(dev->prev_data);
1340 dev->prev_data = NULL;
1341
1342 err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]);
1343
1344 if (err) {
1345 pr_debug("Error building gen key command\n");
1346 return err;
1347
1348 }
1349
1350 return finalize_and_send(dev, parse_and_check_status);
1351 }
1352
1353 static int get_active_key_cont(struct opal_dev *dev)
1354 {
1355 const char *activekey;
1356 size_t keylen;
1357 int error;
1358
1359 error = parse_and_check_status(dev);
1360 if (error)
1361 return error;
1362
1363 keylen = response_get_string(&dev->parsed, 4, &activekey);
1364 if (!activekey) {
1365 pr_debug("%s: Couldn't extract the Activekey from the response\n",
1366 __func__);
1367 return OPAL_INVAL_PARAM;
1368 }
1369
1370 dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1371
1372 if (!dev->prev_data)
1373 return -ENOMEM;
1374
1375 dev->prev_d_len = keylen;
1376
1377 return 0;
1378 }
1379
1380 static int get_active_key(struct opal_dev *dev, void *data)
1381 {
1382 u8 uid[OPAL_UID_LENGTH];
1383 int err;
1384 u8 *lr = data;
1385
1386 err = build_locking_range(uid, sizeof(uid), *lr);
1387 if (err)
1388 return err;
1389
1390 err = generic_get_column(dev, uid, OPAL_ACTIVEKEY);
1391 if (err)
1392 return err;
1393
1394 return get_active_key_cont(dev);
1395 }
1396
1397 static int generic_table_write_data(struct opal_dev *dev, const u64 data,
1398 u64 offset, u64 size, const u8 *uid)
1399 {
1400 const u8 __user *src = (u8 __user *)(uintptr_t)data;
1401 u8 *dst;
1402 u64 len;
1403 size_t off = 0;
1404 int err;
1405
1406 /* do we fit in the available space? */
1407 err = generic_get_table_info(dev, uid, OPAL_TABLE_ROWS);
1408 if (err) {
1409 pr_debug("Couldn't get the table size\n");
1410 return err;
1411 }
1412
1413 len = response_get_u64(&dev->parsed, 4);
1414 if (size > len || offset > len - size) {
1415 pr_debug("Does not fit in the table (%llu vs. %llu)\n",
1416 offset + size, len);
1417 return -ENOSPC;
1418 }
1419
1420 /* do the actual transmission(s) */
1421 while (off < size) {
1422 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1423 add_token_u8(&err, dev, OPAL_STARTNAME);
1424 add_token_u8(&err, dev, OPAL_WHERE);
1425 add_token_u64(&err, dev, offset + off);
1426 add_token_u8(&err, dev, OPAL_ENDNAME);
1427
1428 add_token_u8(&err, dev, OPAL_STARTNAME);
1429 add_token_u8(&err, dev, OPAL_VALUES);
1430
1431 /*
1432 * The bytestring header is either 1 or 2 bytes, so assume 2.
1433 * There also needs to be enough space to accommodate the
1434 * trailing OPAL_ENDNAME (1 byte) and tokens added by
1435 * cmd_finalize.
1436 */
1437 len = min(remaining_size(dev) - (2+1+CMD_FINALIZE_BYTES_NEEDED),
1438 (size_t)(size - off));
1439 pr_debug("Write bytes %zu+%llu/%llu\n", off, len, size);
1440
1441 dst = add_bytestring_header(&err, dev, len);
1442 if (!dst)
1443 break;
1444
1445 if (copy_from_user(dst, src + off, len)) {
1446 err = -EFAULT;
1447 break;
1448 }
1449
1450 dev->pos += len;
1451
1452 add_token_u8(&err, dev, OPAL_ENDNAME);
1453 if (err)
1454 break;
1455
1456 err = finalize_and_send(dev, parse_and_check_status);
1457 if (err)
1458 break;
1459
1460 off += len;
1461 }
1462
1463 return err;
1464 }
1465
1466 static int generic_lr_enable_disable(struct opal_dev *dev,
1467 u8 *uid, bool rle, bool wle,
1468 bool rl, bool wl)
1469 {
1470 int err;
1471
1472 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1473
1474 add_token_u8(&err, dev, OPAL_STARTNAME);
1475 add_token_u8(&err, dev, OPAL_VALUES);
1476 add_token_u8(&err, dev, OPAL_STARTLIST);
1477
1478 add_token_u8(&err, dev, OPAL_STARTNAME);
1479 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1480 add_token_u8(&err, dev, rle);
1481 add_token_u8(&err, dev, OPAL_ENDNAME);
1482
1483 add_token_u8(&err, dev, OPAL_STARTNAME);
1484 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1485 add_token_u8(&err, dev, wle);
1486 add_token_u8(&err, dev, OPAL_ENDNAME);
1487
1488 add_token_u8(&err, dev, OPAL_STARTNAME);
1489 add_token_u8(&err, dev, OPAL_READLOCKED);
1490 add_token_u8(&err, dev, rl);
1491 add_token_u8(&err, dev, OPAL_ENDNAME);
1492
1493 add_token_u8(&err, dev, OPAL_STARTNAME);
1494 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1495 add_token_u8(&err, dev, wl);
1496 add_token_u8(&err, dev, OPAL_ENDNAME);
1497
1498 add_token_u8(&err, dev, OPAL_ENDLIST);
1499 add_token_u8(&err, dev, OPAL_ENDNAME);
1500
1501 return err;
1502 }
1503
1504 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1505 struct opal_user_lr_setup *setup)
1506 {
1507 int err;
1508
1509 err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1510 0, 0);
1511 if (err)
1512 pr_debug("Failed to create enable global lr command\n");
1513
1514 return err;
1515 }
1516
1517 static int setup_locking_range(struct opal_dev *dev, void *data)
1518 {
1519 u8 uid[OPAL_UID_LENGTH];
1520 struct opal_user_lr_setup *setup = data;
1521 u8 lr;
1522 int err;
1523
1524 lr = setup->session.opal_key.lr;
1525 err = build_locking_range(uid, sizeof(uid), lr);
1526 if (err)
1527 return err;
1528
1529 if (lr == 0)
1530 err = enable_global_lr(dev, uid, setup);
1531 else {
1532 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1533
1534 add_token_u8(&err, dev, OPAL_STARTNAME);
1535 add_token_u8(&err, dev, OPAL_VALUES);
1536 add_token_u8(&err, dev, OPAL_STARTLIST);
1537
1538 add_token_u8(&err, dev, OPAL_STARTNAME);
1539 add_token_u8(&err, dev, OPAL_RANGESTART);
1540 add_token_u64(&err, dev, setup->range_start);
1541 add_token_u8(&err, dev, OPAL_ENDNAME);
1542
1543 add_token_u8(&err, dev, OPAL_STARTNAME);
1544 add_token_u8(&err, dev, OPAL_RANGELENGTH);
1545 add_token_u64(&err, dev, setup->range_length);
1546 add_token_u8(&err, dev, OPAL_ENDNAME);
1547
1548 add_token_u8(&err, dev, OPAL_STARTNAME);
1549 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1550 add_token_u64(&err, dev, !!setup->RLE);
1551 add_token_u8(&err, dev, OPAL_ENDNAME);
1552
1553 add_token_u8(&err, dev, OPAL_STARTNAME);
1554 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1555 add_token_u64(&err, dev, !!setup->WLE);
1556 add_token_u8(&err, dev, OPAL_ENDNAME);
1557
1558 add_token_u8(&err, dev, OPAL_ENDLIST);
1559 add_token_u8(&err, dev, OPAL_ENDNAME);
1560 }
1561 if (err) {
1562 pr_debug("Error building Setup Locking range command.\n");
1563 return err;
1564 }
1565
1566 return finalize_and_send(dev, parse_and_check_status);
1567 }
1568
1569 static int response_get_column(const struct parsed_resp *resp,
1570 int *iter,
1571 u8 column,
1572 u64 *value)
1573 {
1574 const struct opal_resp_tok *tok;
1575 int n = *iter;
1576 u64 val;
1577
1578 tok = response_get_token(resp, n);
1579 if (IS_ERR(tok))
1580 return PTR_ERR(tok);
1581
1582 if (!response_token_matches(tok, OPAL_STARTNAME)) {
1583 pr_debug("Unexpected response token type %d.\n", n);
1584 return OPAL_INVAL_PARAM;
1585 }
1586 n++;
1587
1588 if (response_get_u64(resp, n) != column) {
1589 pr_debug("Token %d does not match expected column %u.\n",
1590 n, column);
1591 return OPAL_INVAL_PARAM;
1592 }
1593 n++;
1594
1595 val = response_get_u64(resp, n);
1596 n++;
1597
1598 tok = response_get_token(resp, n);
1599 if (IS_ERR(tok))
1600 return PTR_ERR(tok);
1601
1602 if (!response_token_matches(tok, OPAL_ENDNAME)) {
1603 pr_debug("Unexpected response token type %d.\n", n);
1604 return OPAL_INVAL_PARAM;
1605 }
1606 n++;
1607
1608 *value = val;
1609 *iter = n;
1610
1611 return 0;
1612 }
1613
1614 static int locking_range_status(struct opal_dev *dev, void *data)
1615 {
1616 u8 lr_buffer[OPAL_UID_LENGTH];
1617 u64 resp;
1618 bool rlocked, wlocked;
1619 int err, tok_n = 2;
1620 struct opal_lr_status *lrst = data;
1621
1622 err = build_locking_range(lr_buffer, sizeof(lr_buffer),
1623 lrst->session.opal_key.lr);
1624 if (err)
1625 return err;
1626
1627 err = generic_get_columns(dev, lr_buffer, OPAL_RANGESTART,
1628 OPAL_WRITELOCKED);
1629 if (err) {
1630 pr_debug("Couldn't get lr %u table columns %d to %d.\n",
1631 lrst->session.opal_key.lr, OPAL_RANGESTART,
1632 OPAL_WRITELOCKED);
1633 return err;
1634 }
1635
1636 /* range start */
1637 err = response_get_column(&dev->parsed, &tok_n, OPAL_RANGESTART,
1638 &lrst->range_start);
1639 if (err)
1640 return err;
1641
1642 /* range length */
1643 err = response_get_column(&dev->parsed, &tok_n, OPAL_RANGELENGTH,
1644 &lrst->range_length);
1645 if (err)
1646 return err;
1647
1648 /* RLE */
1649 err = response_get_column(&dev->parsed, &tok_n, OPAL_READLOCKENABLED,
1650 &resp);
1651 if (err)
1652 return err;
1653
1654 lrst->RLE = !!resp;
1655
1656 /* WLE */
1657 err = response_get_column(&dev->parsed, &tok_n, OPAL_WRITELOCKENABLED,
1658 &resp);
1659 if (err)
1660 return err;
1661
1662 lrst->WLE = !!resp;
1663
1664 /* read locked */
1665 err = response_get_column(&dev->parsed, &tok_n, OPAL_READLOCKED, &resp);
1666 if (err)
1667 return err;
1668
1669 rlocked = !!resp;
1670
1671 /* write locked */
1672 err = response_get_column(&dev->parsed, &tok_n, OPAL_WRITELOCKED, &resp);
1673 if (err)
1674 return err;
1675
1676 wlocked = !!resp;
1677
1678 /* opal_lock_state can not map 'read locked' only state. */
1679 lrst->l_state = OPAL_RW;
1680 if (rlocked && wlocked)
1681 lrst->l_state = OPAL_LK;
1682 else if (wlocked)
1683 lrst->l_state = OPAL_RO;
1684 else if (rlocked) {
1685 pr_debug("Can not report read locked only state.\n");
1686 return -EINVAL;
1687 }
1688
1689 return 0;
1690 }
1691
1692 static int start_generic_opal_session(struct opal_dev *dev,
1693 enum opal_uid auth,
1694 enum opal_uid sp_type,
1695 const char *key,
1696 u8 key_len)
1697 {
1698 u32 hsn;
1699 int err;
1700
1701 if (key == NULL && auth != OPAL_ANYBODY_UID)
1702 return OPAL_INVAL_PARAM;
1703
1704 hsn = GENERIC_HOST_SESSION_NUM;
1705 err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1706 opalmethod[OPAL_STARTSESSION]);
1707
1708 add_token_u64(&err, dev, hsn);
1709 add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1710 add_token_u8(&err, dev, 1);
1711
1712 switch (auth) {
1713 case OPAL_ANYBODY_UID:
1714 break;
1715 case OPAL_ADMIN1_UID:
1716 case OPAL_SID_UID:
1717 case OPAL_PSID_UID:
1718 add_token_u8(&err, dev, OPAL_STARTNAME);
1719 add_token_u8(&err, dev, 0); /* HostChallenge */
1720 add_token_bytestring(&err, dev, key, key_len);
1721 add_token_u8(&err, dev, OPAL_ENDNAME);
1722 add_token_u8(&err, dev, OPAL_STARTNAME);
1723 add_token_u8(&err, dev, 3); /* HostSignAuth */
1724 add_token_bytestring(&err, dev, opaluid[auth],
1725 OPAL_UID_LENGTH);
1726 add_token_u8(&err, dev, OPAL_ENDNAME);
1727 break;
1728 default:
1729 pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1730 return OPAL_INVAL_PARAM;
1731 }
1732
1733 if (err) {
1734 pr_debug("Error building start adminsp session command.\n");
1735 return err;
1736 }
1737
1738 return finalize_and_send(dev, start_opal_session_cont);
1739 }
1740
1741 static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1742 {
1743 return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1744 OPAL_ADMINSP_UID, NULL, 0);
1745 }
1746
1747 static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1748 {
1749 int ret;
1750 const u8 *key = dev->prev_data;
1751
1752 if (!key) {
1753 const struct opal_key *okey = data;
1754
1755 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1756 OPAL_ADMINSP_UID,
1757 okey->key,
1758 okey->key_len);
1759 } else {
1760 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1761 OPAL_ADMINSP_UID,
1762 key, dev->prev_d_len);
1763 kfree(key);
1764 dev->prev_data = NULL;
1765 }
1766
1767 return ret;
1768 }
1769
1770 static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1771 {
1772 struct opal_key *key = data;
1773
1774 return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1775 OPAL_LOCKINGSP_UID,
1776 key->key, key->key_len);
1777 }
1778
1779 static int start_PSID_opal_session(struct opal_dev *dev, void *data)
1780 {
1781 const struct opal_key *okey = data;
1782
1783 return start_generic_opal_session(dev, OPAL_PSID_UID,
1784 OPAL_ADMINSP_UID,
1785 okey->key,
1786 okey->key_len);
1787 }
1788
1789 static int start_auth_opal_session(struct opal_dev *dev, void *data)
1790 {
1791 struct opal_session_info *session = data;
1792 u8 lk_ul_user[OPAL_UID_LENGTH];
1793 size_t keylen = session->opal_key.key_len;
1794 int err = 0;
1795
1796 u8 *key = session->opal_key.key;
1797 u32 hsn = GENERIC_HOST_SESSION_NUM;
1798
1799 if (session->sum)
1800 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1801 session->opal_key.lr);
1802 else if (session->who != OPAL_ADMIN1 && !session->sum)
1803 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1804 session->who - 1);
1805 else
1806 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1807
1808 if (err)
1809 return err;
1810
1811 err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1812 opalmethod[OPAL_STARTSESSION]);
1813
1814 add_token_u64(&err, dev, hsn);
1815 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1816 OPAL_UID_LENGTH);
1817 add_token_u8(&err, dev, 1);
1818 add_token_u8(&err, dev, OPAL_STARTNAME);
1819 add_token_u8(&err, dev, 0);
1820 add_token_bytestring(&err, dev, key, keylen);
1821 add_token_u8(&err, dev, OPAL_ENDNAME);
1822 add_token_u8(&err, dev, OPAL_STARTNAME);
1823 add_token_u8(&err, dev, 3);
1824 add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1825 add_token_u8(&err, dev, OPAL_ENDNAME);
1826
1827 if (err) {
1828 pr_debug("Error building STARTSESSION command.\n");
1829 return err;
1830 }
1831
1832 return finalize_and_send(dev, start_opal_session_cont);
1833 }
1834
1835 static int revert_tper(struct opal_dev *dev, void *data)
1836 {
1837 int err;
1838
1839 err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID],
1840 opalmethod[OPAL_REVERT]);
1841 if (err) {
1842 pr_debug("Error building REVERT TPER command.\n");
1843 return err;
1844 }
1845
1846 return finalize_and_send(dev, parse_and_check_status);
1847 }
1848
1849 static int internal_activate_user(struct opal_dev *dev, void *data)
1850 {
1851 struct opal_session_info *session = data;
1852 u8 uid[OPAL_UID_LENGTH];
1853 int err;
1854
1855 memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1856 uid[7] = session->who;
1857
1858 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1859 add_token_u8(&err, dev, OPAL_STARTNAME);
1860 add_token_u8(&err, dev, OPAL_VALUES);
1861 add_token_u8(&err, dev, OPAL_STARTLIST);
1862 add_token_u8(&err, dev, OPAL_STARTNAME);
1863 add_token_u8(&err, dev, 5); /* Enabled */
1864 add_token_u8(&err, dev, OPAL_TRUE);
1865 add_token_u8(&err, dev, OPAL_ENDNAME);
1866 add_token_u8(&err, dev, OPAL_ENDLIST);
1867 add_token_u8(&err, dev, OPAL_ENDNAME);
1868
1869 if (err) {
1870 pr_debug("Error building Activate UserN command.\n");
1871 return err;
1872 }
1873
1874 return finalize_and_send(dev, parse_and_check_status);
1875 }
1876
1877 static int revert_lsp(struct opal_dev *dev, void *data)
1878 {
1879 struct opal_revert_lsp *rev = data;
1880 int err;
1881
1882 err = cmd_start(dev, opaluid[OPAL_THISSP_UID],
1883 opalmethod[OPAL_REVERTSP]);
1884 add_token_u8(&err, dev, OPAL_STARTNAME);
1885 add_token_u64(&err, dev, OPAL_KEEP_GLOBAL_RANGE_KEY);
1886 add_token_u8(&err, dev, (rev->options & OPAL_PRESERVE) ?
1887 OPAL_TRUE : OPAL_FALSE);
1888 add_token_u8(&err, dev, OPAL_ENDNAME);
1889 if (err) {
1890 pr_debug("Error building REVERT SP command.\n");
1891 return err;
1892 }
1893
1894 return finalize_and_send(dev, parse_and_check_status);
1895 }
1896
1897 static int erase_locking_range(struct opal_dev *dev, void *data)
1898 {
1899 struct opal_session_info *session = data;
1900 u8 uid[OPAL_UID_LENGTH];
1901 int err;
1902
1903 if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1904 return -ERANGE;
1905
1906 err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]);
1907
1908 if (err) {
1909 pr_debug("Error building Erase Locking Range Command.\n");
1910 return err;
1911 }
1912
1913 return finalize_and_send(dev, parse_and_check_status);
1914 }
1915
1916 static int set_mbr_done(struct opal_dev *dev, void *data)
1917 {
1918 u8 *mbr_done_tf = data;
1919 int err;
1920
1921 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1922 opalmethod[OPAL_SET]);
1923
1924 add_token_u8(&err, dev, OPAL_STARTNAME);
1925 add_token_u8(&err, dev, OPAL_VALUES);
1926 add_token_u8(&err, dev, OPAL_STARTLIST);
1927 add_token_u8(&err, dev, OPAL_STARTNAME);
1928 add_token_u8(&err, dev, OPAL_MBRDONE);
1929 add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */
1930 add_token_u8(&err, dev, OPAL_ENDNAME);
1931 add_token_u8(&err, dev, OPAL_ENDLIST);
1932 add_token_u8(&err, dev, OPAL_ENDNAME);
1933
1934 if (err) {
1935 pr_debug("Error Building set MBR Done command\n");
1936 return err;
1937 }
1938
1939 return finalize_and_send(dev, parse_and_check_status);
1940 }
1941
1942 static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1943 {
1944 u8 *mbr_en_dis = data;
1945 int err;
1946
1947 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1948 opalmethod[OPAL_SET]);
1949
1950 add_token_u8(&err, dev, OPAL_STARTNAME);
1951 add_token_u8(&err, dev, OPAL_VALUES);
1952 add_token_u8(&err, dev, OPAL_STARTLIST);
1953 add_token_u8(&err, dev, OPAL_STARTNAME);
1954 add_token_u8(&err, dev, OPAL_MBRENABLE);
1955 add_token_u8(&err, dev, *mbr_en_dis);
1956 add_token_u8(&err, dev, OPAL_ENDNAME);
1957 add_token_u8(&err, dev, OPAL_ENDLIST);
1958 add_token_u8(&err, dev, OPAL_ENDNAME);
1959
1960 if (err) {
1961 pr_debug("Error Building set MBR done command\n");
1962 return err;
1963 }
1964
1965 return finalize_and_send(dev, parse_and_check_status);
1966 }
1967
1968 static int write_shadow_mbr(struct opal_dev *dev, void *data)
1969 {
1970 struct opal_shadow_mbr *shadow = data;
1971
1972 return generic_table_write_data(dev, shadow->data, shadow->offset,
1973 shadow->size, opaluid[OPAL_MBR]);
1974 }
1975
1976 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1977 struct opal_dev *dev)
1978 {
1979 int err;
1980
1981 err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]);
1982
1983 add_token_u8(&err, dev, OPAL_STARTNAME);
1984 add_token_u8(&err, dev, OPAL_VALUES);
1985 add_token_u8(&err, dev, OPAL_STARTLIST);
1986 add_token_u8(&err, dev, OPAL_STARTNAME);
1987 add_token_u8(&err, dev, OPAL_PIN);
1988 add_token_bytestring(&err, dev, key, key_len);
1989 add_token_u8(&err, dev, OPAL_ENDNAME);
1990 add_token_u8(&err, dev, OPAL_ENDLIST);
1991 add_token_u8(&err, dev, OPAL_ENDNAME);
1992
1993 return err;
1994 }
1995
1996 static int set_new_pw(struct opal_dev *dev, void *data)
1997 {
1998 u8 cpin_uid[OPAL_UID_LENGTH];
1999 struct opal_session_info *usr = data;
2000
2001 memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
2002
2003 if (usr->who != OPAL_ADMIN1) {
2004 cpin_uid[5] = 0x03;
2005 if (usr->sum)
2006 cpin_uid[7] = usr->opal_key.lr + 1;
2007 else
2008 cpin_uid[7] = usr->who;
2009 }
2010
2011 if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
2012 cpin_uid, dev)) {
2013 pr_debug("Error building set password command.\n");
2014 return -ERANGE;
2015 }
2016
2017 return finalize_and_send(dev, parse_and_check_status);
2018 }
2019
2020 static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
2021 {
2022 u8 cpin_uid[OPAL_UID_LENGTH];
2023 struct opal_key *key = data;
2024
2025 memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
2026
2027 if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
2028 pr_debug("Error building Set SID cpin\n");
2029 return -ERANGE;
2030 }
2031 return finalize_and_send(dev, parse_and_check_status);
2032 }
2033
2034 static void add_authority_object_ref(int *err,
2035 struct opal_dev *dev,
2036 const u8 *uid,
2037 size_t uid_len)
2038 {
2039 add_token_u8(err, dev, OPAL_STARTNAME);
2040 add_token_bytestring(err, dev,
2041 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
2042 OPAL_UID_LENGTH/2);
2043 add_token_bytestring(err, dev, uid, uid_len);
2044 add_token_u8(err, dev, OPAL_ENDNAME);
2045 }
2046
2047 static void add_boolean_object_ref(int *err,
2048 struct opal_dev *dev,
2049 u8 boolean_op)
2050 {
2051 add_token_u8(err, dev, OPAL_STARTNAME);
2052 add_token_bytestring(err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
2053 OPAL_UID_LENGTH/2);
2054 add_token_u8(err, dev, boolean_op);
2055 add_token_u8(err, dev, OPAL_ENDNAME);
2056 }
2057
2058 static int set_lr_boolean_ace(struct opal_dev *dev,
2059 unsigned int opal_uid,
2060 u8 lr,
2061 const u8 *users,
2062 size_t users_len)
2063 {
2064 u8 lr_buffer[OPAL_UID_LENGTH];
2065 u8 user_uid[OPAL_UID_LENGTH];
2066 u8 u;
2067 int err;
2068
2069 memcpy(lr_buffer, opaluid[opal_uid], OPAL_UID_LENGTH);
2070 lr_buffer[7] = lr;
2071
2072 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
2073
2074 add_token_u8(&err, dev, OPAL_STARTNAME);
2075 add_token_u8(&err, dev, OPAL_VALUES);
2076
2077 add_token_u8(&err, dev, OPAL_STARTLIST);
2078 add_token_u8(&err, dev, OPAL_STARTNAME);
2079 add_token_u8(&err, dev, 3);
2080
2081 add_token_u8(&err, dev, OPAL_STARTLIST);
2082
2083 for (u = 0; u < users_len; u++) {
2084 if (users[u] == OPAL_ADMIN1)
2085 memcpy(user_uid, opaluid[OPAL_ADMIN1_UID],
2086 OPAL_UID_LENGTH);
2087 else {
2088 memcpy(user_uid, opaluid[OPAL_USER1_UID],
2089 OPAL_UID_LENGTH);
2090 user_uid[7] = users[u];
2091 }
2092
2093 add_authority_object_ref(&err, dev, user_uid, sizeof(user_uid));
2094
2095 /*
2096 * Add boolean operator in postfix only with
2097 * two or more authorities being added in ACE
2098 * expresion.
2099 * */
2100 if (u > 0)
2101 add_boolean_object_ref(&err, dev, OPAL_BOOLEAN_OR);
2102 }
2103
2104 add_token_u8(&err, dev, OPAL_ENDLIST);
2105 add_token_u8(&err, dev, OPAL_ENDNAME);
2106 add_token_u8(&err, dev, OPAL_ENDLIST);
2107 add_token_u8(&err, dev, OPAL_ENDNAME);
2108
2109 return err;
2110 }
2111
2112 static int add_user_to_lr(struct opal_dev *dev, void *data)
2113 {
2114 int err;
2115 struct opal_lock_unlock *lkul = data;
2116 const u8 users[] = {
2117 lkul->session.who
2118 };
2119
2120 err = set_lr_boolean_ace(dev,
2121 lkul->l_state == OPAL_RW ?
2122 OPAL_LOCKINGRANGE_ACE_WRLOCKED :
2123 OPAL_LOCKINGRANGE_ACE_RDLOCKED,
2124 lkul->session.opal_key.lr, users,
2125 ARRAY_SIZE(users));
2126 if (err) {
2127 pr_debug("Error building add user to locking range command.\n");
2128 return err;
2129 }
2130
2131 return finalize_and_send(dev, parse_and_check_status);
2132 }
2133
2134 static int add_user_to_lr_ace(struct opal_dev *dev, void *data)
2135 {
2136 int err;
2137 struct opal_lock_unlock *lkul = data;
2138 const u8 users[] = {
2139 OPAL_ADMIN1,
2140 lkul->session.who
2141 };
2142
2143 err = set_lr_boolean_ace(dev, OPAL_LOCKINGRANGE_ACE_START_TO_KEY,
2144 lkul->session.opal_key.lr, users,
2145 ARRAY_SIZE(users));
2146
2147 if (err) {
2148 pr_debug("Error building add user to locking ranges ACEs.\n");
2149 return err;
2150 }
2151
2152 return finalize_and_send(dev, parse_and_check_status);
2153 }
2154
2155 static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
2156 {
2157 u8 lr_buffer[OPAL_UID_LENGTH];
2158 struct opal_lock_unlock *lkul = data;
2159 u8 read_locked = 1, write_locked = 1;
2160 int err;
2161
2162 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
2163 lkul->session.opal_key.lr) < 0)
2164 return -ERANGE;
2165
2166 switch (lkul->l_state) {
2167 case OPAL_RO:
2168 read_locked = 0;
2169 write_locked = 1;
2170 break;
2171 case OPAL_RW:
2172 read_locked = 0;
2173 write_locked = 0;
2174 break;
2175 case OPAL_LK:
2176 /* vars are initialized to locked */
2177 break;
2178 default:
2179 pr_debug("Tried to set an invalid locking state... returning to uland\n");
2180 return OPAL_INVAL_PARAM;
2181 }
2182
2183 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
2184
2185 add_token_u8(&err, dev, OPAL_STARTNAME);
2186 add_token_u8(&err, dev, OPAL_VALUES);
2187 add_token_u8(&err, dev, OPAL_STARTLIST);
2188
2189 add_token_u8(&err, dev, OPAL_STARTNAME);
2190 add_token_u8(&err, dev, OPAL_READLOCKED);
2191 add_token_u8(&err, dev, read_locked);
2192 add_token_u8(&err, dev, OPAL_ENDNAME);
2193
2194 add_token_u8(&err, dev, OPAL_STARTNAME);
2195 add_token_u8(&err, dev, OPAL_WRITELOCKED);
2196 add_token_u8(&err, dev, write_locked);
2197 add_token_u8(&err, dev, OPAL_ENDNAME);
2198
2199 add_token_u8(&err, dev, OPAL_ENDLIST);
2200 add_token_u8(&err, dev, OPAL_ENDNAME);
2201
2202 if (err) {
2203 pr_debug("Error building SET command.\n");
2204 return err;
2205 }
2206
2207 return finalize_and_send(dev, parse_and_check_status);
2208 }
2209
2210
2211 static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
2212 {
2213 u8 lr_buffer[OPAL_UID_LENGTH];
2214 u8 read_locked = 1, write_locked = 1;
2215 struct opal_lock_unlock *lkul = data;
2216 int ret;
2217
2218 clear_opal_cmd(dev);
2219 set_comid(dev, dev->comid);
2220
2221 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
2222 lkul->session.opal_key.lr) < 0)
2223 return -ERANGE;
2224
2225 switch (lkul->l_state) {
2226 case OPAL_RO:
2227 read_locked = 0;
2228 write_locked = 1;
2229 break;
2230 case OPAL_RW:
2231 read_locked = 0;
2232 write_locked = 0;
2233 break;
2234 case OPAL_LK:
2235 /* vars are initialized to locked */
2236 break;
2237 default:
2238 pr_debug("Tried to set an invalid locking state.\n");
2239 return OPAL_INVAL_PARAM;
2240 }
2241 ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
2242 read_locked, write_locked);
2243
2244 if (ret < 0) {
2245 pr_debug("Error building SET command.\n");
2246 return ret;
2247 }
2248
2249 return finalize_and_send(dev, parse_and_check_status);
2250 }
2251
2252 static int activate_lsp(struct opal_dev *dev, void *data)
2253 {
2254 struct opal_lr_act *opal_act = data;
2255 u8 user_lr[OPAL_UID_LENGTH];
2256 int err, i;
2257
2258 err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID],
2259 opalmethod[OPAL_ACTIVATE]);
2260
2261 if (opal_act->sum) {
2262 err = build_locking_range(user_lr, sizeof(user_lr),
2263 opal_act->lr[0]);
2264 if (err)
2265 return err;
2266
2267 add_token_u8(&err, dev, OPAL_STARTNAME);
2268 add_token_u64(&err, dev, OPAL_SUM_SET_LIST);
2269
2270 add_token_u8(&err, dev, OPAL_STARTLIST);
2271 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
2272 for (i = 1; i < opal_act->num_lrs; i++) {
2273 user_lr[7] = opal_act->lr[i];
2274 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
2275 }
2276 add_token_u8(&err, dev, OPAL_ENDLIST);
2277 add_token_u8(&err, dev, OPAL_ENDNAME);
2278 }
2279
2280 if (err) {
2281 pr_debug("Error building Activate LockingSP command.\n");
2282 return err;
2283 }
2284
2285 return finalize_and_send(dev, parse_and_check_status);
2286 }
2287
2288 /* Determine if we're in the Manufactured Inactive or Active state */
2289 static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
2290 {
2291 u8 lc_status;
2292 int err;
2293
2294 err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID],
2295 OPAL_LIFECYCLE);
2296 if (err)
2297 return err;
2298
2299 lc_status = response_get_u64(&dev->parsed, 4);
2300 /* 0x08 is Manufactured Inactive */
2301 /* 0x09 is Manufactured */
2302 if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
2303 pr_debug("Couldn't determine the status of the Lifecycle state\n");
2304 return -ENODEV;
2305 }
2306
2307 return 0;
2308 }
2309
2310 static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
2311 {
2312 const char *msid_pin;
2313 size_t strlen;
2314 int err;
2315
2316 err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN);
2317 if (err)
2318 return err;
2319
2320 strlen = response_get_string(&dev->parsed, 4, &msid_pin);
2321 if (!msid_pin) {
2322 pr_debug("Couldn't extract MSID_CPIN from response\n");
2323 return OPAL_INVAL_PARAM;
2324 }
2325
2326 dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
2327 if (!dev->prev_data)
2328 return -ENOMEM;
2329
2330 dev->prev_d_len = strlen;
2331
2332 return 0;
2333 }
2334
2335 static int write_table_data(struct opal_dev *dev, void *data)
2336 {
2337 struct opal_read_write_table *write_tbl = data;
2338
2339 return generic_table_write_data(dev, write_tbl->data, write_tbl->offset,
2340 write_tbl->size, write_tbl->table_uid);
2341 }
2342
2343 static int read_table_data_cont(struct opal_dev *dev)
2344 {
2345 int err;
2346 const char *data_read;
2347
2348 err = parse_and_check_status(dev);
2349 if (err)
2350 return err;
2351
2352 dev->prev_d_len = response_get_string(&dev->parsed, 1, &data_read);
2353 dev->prev_data = (void *)data_read;
2354 if (!dev->prev_data) {
2355 pr_debug("%s: Couldn't read data from the table.\n", __func__);
2356 return OPAL_INVAL_PARAM;
2357 }
2358
2359 return 0;
2360 }
2361
2362 /*
2363 * IO_BUFFER_LENGTH = 2048
2364 * sizeof(header) = 56
2365 * No. of Token Bytes in the Response = 11
2366 * MAX size of data that can be carried in response buffer
2367 * at a time is : 2048 - (56 + 11) = 1981 = 0x7BD.
2368 */
2369 #define OPAL_MAX_READ_TABLE (0x7BD)
2370
2371 static int read_table_data(struct opal_dev *dev, void *data)
2372 {
2373 struct opal_read_write_table *read_tbl = data;
2374 int err;
2375 size_t off = 0, max_read_size = OPAL_MAX_READ_TABLE;
2376 u64 table_len, len;
2377 u64 offset = read_tbl->offset, read_size = read_tbl->size - 1;
2378 u8 __user *dst;
2379
2380 err = generic_get_table_info(dev, read_tbl->table_uid, OPAL_TABLE_ROWS);
2381 if (err) {
2382 pr_debug("Couldn't get the table size\n");
2383 return err;
2384 }
2385
2386 table_len = response_get_u64(&dev->parsed, 4);
2387
2388 /* Check if the user is trying to read from the table limits */
2389 if (read_size > table_len || offset > table_len - read_size) {
2390 pr_debug("Read size exceeds the Table size limits (%llu vs. %llu)\n",
2391 offset + read_size, table_len);
2392 return -EINVAL;
2393 }
2394
2395 while (off < read_size) {
2396 err = cmd_start(dev, read_tbl->table_uid, opalmethod[OPAL_GET]);
2397
2398 add_token_u8(&err, dev, OPAL_STARTLIST);
2399 add_token_u8(&err, dev, OPAL_STARTNAME);
2400 add_token_u8(&err, dev, OPAL_STARTROW);
2401 add_token_u64(&err, dev, offset + off); /* start row value */
2402 add_token_u8(&err, dev, OPAL_ENDNAME);
2403
2404 add_token_u8(&err, dev, OPAL_STARTNAME);
2405 add_token_u8(&err, dev, OPAL_ENDROW);
2406
2407 len = min(max_read_size, (size_t)(read_size - off));
2408 add_token_u64(&err, dev, offset + off + len); /* end row value
2409 */
2410 add_token_u8(&err, dev, OPAL_ENDNAME);
2411 add_token_u8(&err, dev, OPAL_ENDLIST);
2412
2413 if (err) {
2414 pr_debug("Error building read table data command.\n");
2415 break;
2416 }
2417
2418 err = finalize_and_send(dev, read_table_data_cont);
2419 if (err)
2420 break;
2421
2422 /* len+1: This includes the NULL terminator at the end*/
2423 if (dev->prev_d_len > len + 1) {
2424 err = -EOVERFLOW;
2425 break;
2426 }
2427
2428 dst = (u8 __user *)(uintptr_t)read_tbl->data;
2429 if (copy_to_user(dst + off, dev->prev_data, dev->prev_d_len)) {
2430 pr_debug("Error copying data to userspace\n");
2431 err = -EFAULT;
2432 break;
2433 }
2434 dev->prev_data = NULL;
2435
2436 off += len;
2437 }
2438
2439 return err;
2440 }
2441
2442 static int end_opal_session(struct opal_dev *dev, void *data)
2443 {
2444 int err = 0;
2445
2446 clear_opal_cmd(dev);
2447 set_comid(dev, dev->comid);
2448 add_token_u8(&err, dev, OPAL_ENDOFSESSION);
2449
2450 if (err < 0)
2451 return err;
2452
2453 return finalize_and_send(dev, end_session_cont);
2454 }
2455
2456 static int end_opal_session_error(struct opal_dev *dev)
2457 {
2458 const struct opal_step error_end_session = {
2459 end_opal_session,
2460 };
2461
2462 return execute_step(dev, &error_end_session, 0);
2463 }
2464
2465 static inline void setup_opal_dev(struct opal_dev *dev)
2466 {
2467 dev->tsn = 0;
2468 dev->hsn = 0;
2469 dev->prev_data = NULL;
2470 }
2471
2472 static int check_opal_support(struct opal_dev *dev)
2473 {
2474 int ret;
2475
2476 mutex_lock(&dev->dev_lock);
2477 setup_opal_dev(dev);
2478 ret = opal_discovery0_step(dev);
2479 if (!ret)
2480 dev->flags |= OPAL_FL_SUPPORTED;
2481 mutex_unlock(&dev->dev_lock);
2482
2483 return ret;
2484 }
2485
2486 static void clean_opal_dev(struct opal_dev *dev)
2487 {
2488
2489 struct opal_suspend_data *suspend, *next;
2490
2491 mutex_lock(&dev->dev_lock);
2492 list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
2493 list_del(&suspend->node);
2494 kfree(suspend);
2495 }
2496 mutex_unlock(&dev->dev_lock);
2497 }
2498
2499 void free_opal_dev(struct opal_dev *dev)
2500 {
2501 if (!dev)
2502 return;
2503
2504 clean_opal_dev(dev);
2505 kfree(dev->resp);
2506 kfree(dev->cmd);
2507 kfree(dev);
2508 }
2509 EXPORT_SYMBOL(free_opal_dev);
2510
2511 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2512 {
2513 struct opal_dev *dev;
2514
2515 dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2516 if (!dev)
2517 return NULL;
2518
2519 /*
2520 * Presumably DMA-able buffers must be cache-aligned. Kmalloc makes
2521 * sure the allocated buffer is DMA-safe in that regard.
2522 */
2523 dev->cmd = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2524 if (!dev->cmd)
2525 goto err_free_dev;
2526
2527 dev->resp = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2528 if (!dev->resp)
2529 goto err_free_cmd;
2530
2531 INIT_LIST_HEAD(&dev->unlk_lst);
2532 mutex_init(&dev->dev_lock);
2533 dev->flags = 0;
2534 dev->data = data;
2535 dev->send_recv = send_recv;
2536 if (check_opal_support(dev) != 0) {
2537 pr_debug("Opal is not supported on this device\n");
2538 goto err_free_resp;
2539 }
2540
2541 return dev;
2542
2543 err_free_resp:
2544 kfree(dev->resp);
2545
2546 err_free_cmd:
2547 kfree(dev->cmd);
2548
2549 err_free_dev:
2550 kfree(dev);
2551
2552 return NULL;
2553 }
2554 EXPORT_SYMBOL(init_opal_dev);
2555
2556 static int opal_secure_erase_locking_range(struct opal_dev *dev,
2557 struct opal_session_info *opal_session)
2558 {
2559 const struct opal_step erase_steps[] = {
2560 { start_auth_opal_session, opal_session },
2561 { get_active_key, &opal_session->opal_key.lr },
2562 { gen_key, },
2563 { end_opal_session, }
2564 };
2565 int ret;
2566
2567 ret = opal_get_key(dev, &opal_session->opal_key);
2568 if (ret)
2569 return ret;
2570 mutex_lock(&dev->dev_lock);
2571 setup_opal_dev(dev);
2572 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2573 mutex_unlock(&dev->dev_lock);
2574
2575 return ret;
2576 }
2577
2578 static int opal_get_discv(struct opal_dev *dev, struct opal_discovery *discv)
2579 {
2580 const struct opal_step discovery0_step = {
2581 opal_discovery0, discv
2582 };
2583 int ret;
2584
2585 mutex_lock(&dev->dev_lock);
2586 setup_opal_dev(dev);
2587 ret = execute_step(dev, &discovery0_step, 0);
2588 mutex_unlock(&dev->dev_lock);
2589 if (ret)
2590 return ret;
2591 return discv->size; /* modified to actual length of data */
2592 }
2593
2594 static int opal_revertlsp(struct opal_dev *dev, struct opal_revert_lsp *rev)
2595 {
2596 /* controller will terminate session */
2597 const struct opal_step steps[] = {
2598 { start_admin1LSP_opal_session, &rev->key },
2599 { revert_lsp, rev }
2600 };
2601 int ret;
2602
2603 ret = opal_get_key(dev, &rev->key);
2604 if (ret)
2605 return ret;
2606 mutex_lock(&dev->dev_lock);
2607 setup_opal_dev(dev);
2608 ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2609 mutex_unlock(&dev->dev_lock);
2610
2611 return ret;
2612 }
2613
2614 static int opal_erase_locking_range(struct opal_dev *dev,
2615 struct opal_session_info *opal_session)
2616 {
2617 const struct opal_step erase_steps[] = {
2618 { start_auth_opal_session, opal_session },
2619 { erase_locking_range, opal_session },
2620 { end_opal_session, }
2621 };
2622 int ret;
2623
2624 ret = opal_get_key(dev, &opal_session->opal_key);
2625 if (ret)
2626 return ret;
2627 mutex_lock(&dev->dev_lock);
2628 setup_opal_dev(dev);
2629 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2630 mutex_unlock(&dev->dev_lock);
2631
2632 return ret;
2633 }
2634
2635 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2636 struct opal_mbr_data *opal_mbr)
2637 {
2638 u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ?
2639 OPAL_TRUE : OPAL_FALSE;
2640
2641 const struct opal_step mbr_steps[] = {
2642 { start_admin1LSP_opal_session, &opal_mbr->key },
2643 { set_mbr_done, &enable_disable },
2644 { end_opal_session, },
2645 { start_admin1LSP_opal_session, &opal_mbr->key },
2646 { set_mbr_enable_disable, &enable_disable },
2647 { end_opal_session, }
2648 };
2649 int ret;
2650
2651 if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2652 opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2653 return -EINVAL;
2654
2655 ret = opal_get_key(dev, &opal_mbr->key);
2656 if (ret)
2657 return ret;
2658 mutex_lock(&dev->dev_lock);
2659 setup_opal_dev(dev);
2660 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2661 mutex_unlock(&dev->dev_lock);
2662
2663 return ret;
2664 }
2665
2666 static int opal_set_mbr_done(struct opal_dev *dev,
2667 struct opal_mbr_done *mbr_done)
2668 {
2669 u8 mbr_done_tf = mbr_done->done_flag == OPAL_MBR_DONE ?
2670 OPAL_TRUE : OPAL_FALSE;
2671
2672 const struct opal_step mbr_steps[] = {
2673 { start_admin1LSP_opal_session, &mbr_done->key },
2674 { set_mbr_done, &mbr_done_tf },
2675 { end_opal_session, }
2676 };
2677 int ret;
2678
2679 if (mbr_done->done_flag != OPAL_MBR_DONE &&
2680 mbr_done->done_flag != OPAL_MBR_NOT_DONE)
2681 return -EINVAL;
2682
2683 ret = opal_get_key(dev, &mbr_done->key);
2684 if (ret)
2685 return ret;
2686 mutex_lock(&dev->dev_lock);
2687 setup_opal_dev(dev);
2688 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2689 mutex_unlock(&dev->dev_lock);
2690
2691 return ret;
2692 }
2693
2694 static int opal_write_shadow_mbr(struct opal_dev *dev,
2695 struct opal_shadow_mbr *info)
2696 {
2697 const struct opal_step mbr_steps[] = {
2698 { start_admin1LSP_opal_session, &info->key },
2699 { write_shadow_mbr, info },
2700 { end_opal_session, }
2701 };
2702 int ret;
2703
2704 if (info->size == 0)
2705 return 0;
2706
2707 ret = opal_get_key(dev, &info->key);
2708 if (ret)
2709 return ret;
2710 mutex_lock(&dev->dev_lock);
2711 setup_opal_dev(dev);
2712 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2713 mutex_unlock(&dev->dev_lock);
2714
2715 return ret;
2716 }
2717
2718 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2719 {
2720 struct opal_suspend_data *suspend;
2721
2722 suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2723 if (!suspend)
2724 return -ENOMEM;
2725
2726 suspend->unlk = *lk_unlk;
2727 suspend->lr = lk_unlk->session.opal_key.lr;
2728
2729 mutex_lock(&dev->dev_lock);
2730 setup_opal_dev(dev);
2731 add_suspend_info(dev, suspend);
2732 mutex_unlock(&dev->dev_lock);
2733
2734 return 0;
2735 }
2736
2737 static int opal_add_user_to_lr(struct opal_dev *dev,
2738 struct opal_lock_unlock *lk_unlk)
2739 {
2740 const struct opal_step steps[] = {
2741 { start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2742 { add_user_to_lr, lk_unlk },
2743 { add_user_to_lr_ace, lk_unlk },
2744 { end_opal_session, }
2745 };
2746 int ret;
2747
2748 if (lk_unlk->l_state != OPAL_RO &&
2749 lk_unlk->l_state != OPAL_RW) {
2750 pr_debug("Locking state was not RO or RW\n");
2751 return -EINVAL;
2752 }
2753
2754 if (lk_unlk->session.who < OPAL_USER1 ||
2755 lk_unlk->session.who > OPAL_USER9) {
2756 pr_debug("Authority was not within the range of users: %d\n",
2757 lk_unlk->session.who);
2758 return -EINVAL;
2759 }
2760
2761 if (lk_unlk->session.sum) {
2762 pr_debug("%s not supported in sum. Use setup locking range\n",
2763 __func__);
2764 return -EINVAL;
2765 }
2766
2767 ret = opal_get_key(dev, &lk_unlk->session.opal_key);
2768 if (ret)
2769 return ret;
2770 mutex_lock(&dev->dev_lock);
2771 setup_opal_dev(dev);
2772 ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2773 mutex_unlock(&dev->dev_lock);
2774
2775 return ret;
2776 }
2777
2778 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psid)
2779 {
2780 /* controller will terminate session */
2781 const struct opal_step revert_steps[] = {
2782 { start_SIDASP_opal_session, opal },
2783 { revert_tper, }
2784 };
2785 const struct opal_step psid_revert_steps[] = {
2786 { start_PSID_opal_session, opal },
2787 { revert_tper, }
2788 };
2789
2790 int ret;
2791
2792 ret = opal_get_key(dev, opal);
2793
2794 if (ret)
2795 return ret;
2796 mutex_lock(&dev->dev_lock);
2797 setup_opal_dev(dev);
2798 if (psid)
2799 ret = execute_steps(dev, psid_revert_steps,
2800 ARRAY_SIZE(psid_revert_steps));
2801 else
2802 ret = execute_steps(dev, revert_steps,
2803 ARRAY_SIZE(revert_steps));
2804 mutex_unlock(&dev->dev_lock);
2805
2806 /*
2807 * If we successfully reverted lets clean
2808 * any saved locking ranges.
2809 */
2810 if (!ret)
2811 clean_opal_dev(dev);
2812
2813 return ret;
2814 }
2815
2816 static int __opal_lock_unlock(struct opal_dev *dev,
2817 struct opal_lock_unlock *lk_unlk)
2818 {
2819 const struct opal_step unlock_steps[] = {
2820 { start_auth_opal_session, &lk_unlk->session },
2821 { lock_unlock_locking_range, lk_unlk },
2822 { end_opal_session, }
2823 };
2824 const struct opal_step unlock_sum_steps[] = {
2825 { start_auth_opal_session, &lk_unlk->session },
2826 { lock_unlock_locking_range_sum, lk_unlk },
2827 { end_opal_session, }
2828 };
2829
2830 if (lk_unlk->session.sum)
2831 return execute_steps(dev, unlock_sum_steps,
2832 ARRAY_SIZE(unlock_sum_steps));
2833 else
2834 return execute_steps(dev, unlock_steps,
2835 ARRAY_SIZE(unlock_steps));
2836 }
2837
2838 static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2839 {
2840 u8 mbr_done_tf = OPAL_TRUE;
2841 const struct opal_step mbrdone_step[] = {
2842 { start_admin1LSP_opal_session, key },
2843 { set_mbr_done, &mbr_done_tf },
2844 { end_opal_session, }
2845 };
2846
2847 return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step));
2848 }
2849
2850 static void opal_lock_check_for_saved_key(struct opal_dev *dev,
2851 struct opal_lock_unlock *lk_unlk)
2852 {
2853 struct opal_suspend_data *iter;
2854
2855 if (lk_unlk->l_state != OPAL_LK ||
2856 lk_unlk->session.opal_key.key_len > 0)
2857 return;
2858
2859 /*
2860 * Usually when closing a crypto device (eg: dm-crypt with LUKS) the
2861 * volume key is not required, as it requires root privileges anyway,
2862 * and root can deny access to a disk in many ways regardless.
2863 * Requiring the volume key to lock the device is a peculiarity of the
2864 * OPAL specification. Given we might already have saved the key if
2865 * the user requested it via the 'IOC_OPAL_SAVE' ioctl, we can use
2866 * that key to lock the device if no key was provided here, the
2867 * locking range matches and the appropriate flag was passed with
2868 * 'IOC_OPAL_SAVE'.
2869 * This allows integrating OPAL with tools and libraries that are used
2870 * to the common behaviour and do not ask for the volume key when
2871 * closing a device.
2872 */
2873 setup_opal_dev(dev);
2874 list_for_each_entry(iter, &dev->unlk_lst, node) {
2875 if ((iter->unlk.flags & OPAL_SAVE_FOR_LOCK) &&
2876 iter->lr == lk_unlk->session.opal_key.lr &&
2877 iter->unlk.session.opal_key.key_len > 0) {
2878 lk_unlk->session.opal_key.key_len =
2879 iter->unlk.session.opal_key.key_len;
2880 memcpy(lk_unlk->session.opal_key.key,
2881 iter->unlk.session.opal_key.key,
2882 iter->unlk.session.opal_key.key_len);
2883 break;
2884 }
2885 }
2886 }
2887
2888 static int opal_lock_unlock(struct opal_dev *dev,
2889 struct opal_lock_unlock *lk_unlk)
2890 {
2891 int ret;
2892
2893 if (lk_unlk->session.who > OPAL_USER9)
2894 return -EINVAL;
2895
2896 mutex_lock(&dev->dev_lock);
2897 opal_lock_check_for_saved_key(dev, lk_unlk);
2898 ret = opal_get_key(dev, &lk_unlk->session.opal_key);
2899 if (!ret)
2900 ret = __opal_lock_unlock(dev, lk_unlk);
2901 mutex_unlock(&dev->dev_lock);
2902
2903 return ret;
2904 }
2905
2906 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2907 {
2908 const struct opal_step owner_steps[] = {
2909 { start_anybodyASP_opal_session, },
2910 { get_msid_cpin_pin, },
2911 { end_opal_session, },
2912 { start_SIDASP_opal_session, opal },
2913 { set_sid_cpin_pin, opal },
2914 { end_opal_session, }
2915 };
2916 int ret;
2917
2918 if (!dev)
2919 return -ENODEV;
2920
2921 ret = opal_get_key(dev, opal);
2922 if (ret)
2923 return ret;
2924 mutex_lock(&dev->dev_lock);
2925 setup_opal_dev(dev);
2926 ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
2927 mutex_unlock(&dev->dev_lock);
2928
2929 return ret;
2930 }
2931
2932 static int opal_activate_lsp(struct opal_dev *dev,
2933 struct opal_lr_act *opal_lr_act)
2934 {
2935 const struct opal_step active_steps[] = {
2936 { start_SIDASP_opal_session, &opal_lr_act->key },
2937 { get_lsp_lifecycle, },
2938 { activate_lsp, opal_lr_act },
2939 { end_opal_session, }
2940 };
2941 int ret;
2942
2943 if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2944 return -EINVAL;
2945
2946 ret = opal_get_key(dev, &opal_lr_act->key);
2947 if (ret)
2948 return ret;
2949 mutex_lock(&dev->dev_lock);
2950 setup_opal_dev(dev);
2951 ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
2952 mutex_unlock(&dev->dev_lock);
2953
2954 return ret;
2955 }
2956
2957 static int opal_setup_locking_range(struct opal_dev *dev,
2958 struct opal_user_lr_setup *opal_lrs)
2959 {
2960 const struct opal_step lr_steps[] = {
2961 { start_auth_opal_session, &opal_lrs->session },
2962 { setup_locking_range, opal_lrs },
2963 { end_opal_session, }
2964 };
2965 int ret;
2966
2967 ret = opal_get_key(dev, &opal_lrs->session.opal_key);
2968 if (ret)
2969 return ret;
2970 mutex_lock(&dev->dev_lock);
2971 setup_opal_dev(dev);
2972 ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2973 mutex_unlock(&dev->dev_lock);
2974
2975 return ret;
2976 }
2977
2978 static int opal_locking_range_status(struct opal_dev *dev,
2979 struct opal_lr_status *opal_lrst,
2980 void __user *data)
2981 {
2982 const struct opal_step lr_steps[] = {
2983 { start_auth_opal_session, &opal_lrst->session },
2984 { locking_range_status, opal_lrst },
2985 { end_opal_session, }
2986 };
2987 int ret;
2988
2989 mutex_lock(&dev->dev_lock);
2990 setup_opal_dev(dev);
2991 ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2992 mutex_unlock(&dev->dev_lock);
2993
2994 /* skip session info when copying back to uspace */
2995 if (!ret && copy_to_user(data + offsetof(struct opal_lr_status, range_start),
2996 (void *)opal_lrst + offsetof(struct opal_lr_status, range_start),
2997 sizeof(*opal_lrst) - offsetof(struct opal_lr_status, range_start))) {
2998 pr_debug("Error copying status to userspace\n");
2999 return -EFAULT;
3000 }
3001
3002 return ret;
3003 }
3004
3005 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
3006 {
3007 const struct opal_step pw_steps[] = {
3008 { start_auth_opal_session, &opal_pw->session },
3009 { set_new_pw, &opal_pw->new_user_pw },
3010 { end_opal_session, }
3011 };
3012 int ret;
3013
3014 if (opal_pw->session.who > OPAL_USER9 ||
3015 opal_pw->new_user_pw.who > OPAL_USER9)
3016 return -EINVAL;
3017
3018 mutex_lock(&dev->dev_lock);
3019 setup_opal_dev(dev);
3020 ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
3021 mutex_unlock(&dev->dev_lock);
3022
3023 if (ret)
3024 return ret;
3025
3026 /* update keyring and key store with new password */
3027 ret = sed_write_key(OPAL_AUTH_KEY,
3028 opal_pw->new_user_pw.opal_key.key,
3029 opal_pw->new_user_pw.opal_key.key_len);
3030 if (ret != -EOPNOTSUPP)
3031 pr_warn("error updating SED key: %d\n", ret);
3032
3033 ret = update_sed_opal_key(OPAL_AUTH_KEY,
3034 opal_pw->new_user_pw.opal_key.key,
3035 opal_pw->new_user_pw.opal_key.key_len);
3036
3037 return ret;
3038 }
3039
3040 static int opal_set_new_sid_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
3041 {
3042 int ret;
3043 struct opal_key *newkey = &opal_pw->new_user_pw.opal_key;
3044 struct opal_key *oldkey = &opal_pw->session.opal_key;
3045
3046 const struct opal_step pw_steps[] = {
3047 { start_SIDASP_opal_session, oldkey },
3048 { set_sid_cpin_pin, newkey },
3049 { end_opal_session, }
3050 };
3051
3052 if (!dev)
3053 return -ENODEV;
3054
3055 mutex_lock(&dev->dev_lock);
3056 setup_opal_dev(dev);
3057 ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
3058 mutex_unlock(&dev->dev_lock);
3059
3060 return ret;
3061 }
3062
3063 static int opal_activate_user(struct opal_dev *dev,
3064 struct opal_session_info *opal_session)
3065 {
3066 const struct opal_step act_steps[] = {
3067 { start_admin1LSP_opal_session, &opal_session->opal_key },
3068 { internal_activate_user, opal_session },
3069 { end_opal_session, }
3070 };
3071 int ret;
3072
3073 /* We can't activate Admin1 it's active as manufactured */
3074 if (opal_session->who < OPAL_USER1 ||
3075 opal_session->who > OPAL_USER9) {
3076 pr_debug("Who was not a valid user: %d\n", opal_session->who);
3077 return -EINVAL;
3078 }
3079
3080 ret = opal_get_key(dev, &opal_session->opal_key);
3081 if (ret)
3082 return ret;
3083 mutex_lock(&dev->dev_lock);
3084 setup_opal_dev(dev);
3085 ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
3086 mutex_unlock(&dev->dev_lock);
3087
3088 return ret;
3089 }
3090
3091 bool opal_unlock_from_suspend(struct opal_dev *dev)
3092 {
3093 struct opal_suspend_data *suspend;
3094 bool was_failure = false;
3095 int ret;
3096
3097 if (!dev)
3098 return false;
3099
3100 if (!(dev->flags & OPAL_FL_SUPPORTED))
3101 return false;
3102
3103 mutex_lock(&dev->dev_lock);
3104 setup_opal_dev(dev);
3105
3106 list_for_each_entry(suspend, &dev->unlk_lst, node) {
3107 dev->tsn = 0;
3108 dev->hsn = 0;
3109
3110 ret = __opal_lock_unlock(dev, &suspend->unlk);
3111 if (ret) {
3112 pr_debug("Failed to unlock LR %hhu with sum %d\n",
3113 suspend->unlk.session.opal_key.lr,
3114 suspend->unlk.session.sum);
3115 was_failure = true;
3116 }
3117
3118 if (dev->flags & OPAL_FL_MBR_ENABLED) {
3119 ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
3120 if (ret)
3121 pr_debug("Failed to set MBR Done in S3 resume\n");
3122 }
3123 }
3124 mutex_unlock(&dev->dev_lock);
3125
3126 return was_failure;
3127 }
3128 EXPORT_SYMBOL(opal_unlock_from_suspend);
3129
3130 static int opal_read_table(struct opal_dev *dev,
3131 struct opal_read_write_table *rw_tbl)
3132 {
3133 const struct opal_step read_table_steps[] = {
3134 { start_admin1LSP_opal_session, &rw_tbl->key },
3135 { read_table_data, rw_tbl },
3136 { end_opal_session, }
3137 };
3138
3139 if (!rw_tbl->size)
3140 return 0;
3141
3142 return execute_steps(dev, read_table_steps,
3143 ARRAY_SIZE(read_table_steps));
3144 }
3145
3146 static int opal_write_table(struct opal_dev *dev,
3147 struct opal_read_write_table *rw_tbl)
3148 {
3149 const struct opal_step write_table_steps[] = {
3150 { start_admin1LSP_opal_session, &rw_tbl->key },
3151 { write_table_data, rw_tbl },
3152 { end_opal_session, }
3153 };
3154
3155 if (!rw_tbl->size)
3156 return 0;
3157
3158 return execute_steps(dev, write_table_steps,
3159 ARRAY_SIZE(write_table_steps));
3160 }
3161
3162 static int opal_generic_read_write_table(struct opal_dev *dev,
3163 struct opal_read_write_table *rw_tbl)
3164 {
3165 int ret, bit_set;
3166
3167 ret = opal_get_key(dev, &rw_tbl->key);
3168 if (ret)
3169 return ret;
3170 mutex_lock(&dev->dev_lock);
3171 setup_opal_dev(dev);
3172
3173 bit_set = fls64(rw_tbl->flags) - 1;
3174 switch (bit_set) {
3175 case OPAL_READ_TABLE:
3176 ret = opal_read_table(dev, rw_tbl);
3177 break;
3178 case OPAL_WRITE_TABLE:
3179 ret = opal_write_table(dev, rw_tbl);
3180 break;
3181 default:
3182 pr_debug("Invalid bit set in the flag (%016llx).\n",
3183 rw_tbl->flags);
3184 ret = -EINVAL;
3185 break;
3186 }
3187
3188 mutex_unlock(&dev->dev_lock);
3189
3190 return ret;
3191 }
3192
3193 static int opal_get_status(struct opal_dev *dev, void __user *data)
3194 {
3195 struct opal_status sts = {0};
3196
3197 /*
3198 * check_opal_support() error is not fatal,
3199 * !dev->supported is a valid condition
3200 */
3201 if (!check_opal_support(dev))
3202 sts.flags = dev->flags;
3203 if (copy_to_user(data, &sts, sizeof(sts))) {
3204 pr_debug("Error copying status to userspace\n");
3205 return -EFAULT;
3206 }
3207 return 0;
3208 }
3209
3210 static int opal_get_geometry(struct opal_dev *dev, void __user *data)
3211 {
3212 struct opal_geometry geo = {0};
3213
3214 if (check_opal_support(dev))
3215 return -EINVAL;
3216
3217 geo.align = dev->align_required;
3218 geo.logical_block_size = dev->logical_block_size;
3219 geo.alignment_granularity = dev->align;
3220 geo.lowest_aligned_lba = dev->lowest_lba;
3221
3222 if (copy_to_user(data, &geo, sizeof(geo))) {
3223 pr_debug("Error copying geometry data to userspace\n");
3224 return -EFAULT;
3225 }
3226
3227 return 0;
3228 }
3229
3230 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
3231 {
3232 void *p;
3233 int ret = -ENOTTY;
3234
3235 if (!capable(CAP_SYS_ADMIN))
3236 return -EACCES;
3237 if (!dev)
3238 return -EOPNOTSUPP;
3239 if (!(dev->flags & OPAL_FL_SUPPORTED))
3240 return -EOPNOTSUPP;
3241
3242 if (cmd & IOC_IN) {
3243 p = memdup_user(arg, _IOC_SIZE(cmd));
3244 if (IS_ERR(p))
3245 return PTR_ERR(p);
3246 }
3247
3248 switch (cmd) {
3249 case IOC_OPAL_SAVE:
3250 ret = opal_save(dev, p);
3251 break;
3252 case IOC_OPAL_LOCK_UNLOCK:
3253 ret = opal_lock_unlock(dev, p);
3254 break;
3255 case IOC_OPAL_TAKE_OWNERSHIP:
3256 ret = opal_take_ownership(dev, p);
3257 break;
3258 case IOC_OPAL_ACTIVATE_LSP:
3259 ret = opal_activate_lsp(dev, p);
3260 break;
3261 case IOC_OPAL_SET_PW:
3262 ret = opal_set_new_pw(dev, p);
3263 break;
3264 case IOC_OPAL_ACTIVATE_USR:
3265 ret = opal_activate_user(dev, p);
3266 break;
3267 case IOC_OPAL_REVERT_TPR:
3268 ret = opal_reverttper(dev, p, false);
3269 break;
3270 case IOC_OPAL_LR_SETUP:
3271 ret = opal_setup_locking_range(dev, p);
3272 break;
3273 case IOC_OPAL_ADD_USR_TO_LR:
3274 ret = opal_add_user_to_lr(dev, p);
3275 break;
3276 case IOC_OPAL_ENABLE_DISABLE_MBR:
3277 ret = opal_enable_disable_shadow_mbr(dev, p);
3278 break;
3279 case IOC_OPAL_MBR_DONE:
3280 ret = opal_set_mbr_done(dev, p);
3281 break;
3282 case IOC_OPAL_WRITE_SHADOW_MBR:
3283 ret = opal_write_shadow_mbr(dev, p);
3284 break;
3285 case IOC_OPAL_ERASE_LR:
3286 ret = opal_erase_locking_range(dev, p);
3287 break;
3288 case IOC_OPAL_SECURE_ERASE_LR:
3289 ret = opal_secure_erase_locking_range(dev, p);
3290 break;
3291 case IOC_OPAL_PSID_REVERT_TPR:
3292 ret = opal_reverttper(dev, p, true);
3293 break;
3294 case IOC_OPAL_GENERIC_TABLE_RW:
3295 ret = opal_generic_read_write_table(dev, p);
3296 break;
3297 case IOC_OPAL_GET_STATUS:
3298 ret = opal_get_status(dev, arg);
3299 break;
3300 case IOC_OPAL_GET_LR_STATUS:
3301 ret = opal_locking_range_status(dev, p, arg);
3302 break;
3303 case IOC_OPAL_GET_GEOMETRY:
3304 ret = opal_get_geometry(dev, arg);
3305 break;
3306 case IOC_OPAL_REVERT_LSP:
3307 ret = opal_revertlsp(dev, p);
3308 break;
3309 case IOC_OPAL_DISCOVERY:
3310 ret = opal_get_discv(dev, p);
3311 break;
3312 case IOC_OPAL_SET_SID_PW:
3313 ret = opal_set_new_sid_pw(dev, p);
3314 break;
3315
3316 default:
3317 break;
3318 }
3319
3320 if (cmd & IOC_IN)
3321 kfree(p);
3322 return ret;
3323 }
3324 EXPORT_SYMBOL_GPL(sed_ioctl);
3325
3326 static int __init sed_opal_init(void)
3327 {
3328 struct key *kr;
3329 char init_sed_key[OPAL_KEY_MAX];
3330 int keylen = OPAL_KEY_MAX - 1;
3331
3332 kr = keyring_alloc(".sed_opal",
3333 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
3334 (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW |
3335 KEY_USR_READ | KEY_USR_SEARCH | KEY_USR_WRITE,
3336 KEY_ALLOC_NOT_IN_QUOTA,
3337 NULL, NULL);
3338 if (IS_ERR(kr))
3339 return PTR_ERR(kr);
3340
3341 sed_opal_keyring = kr;
3342
3343 if (sed_read_key(OPAL_AUTH_KEY, init_sed_key, &keylen) < 0) {
3344 memset(init_sed_key, '\0', sizeof(init_sed_key));
3345 keylen = OPAL_KEY_MAX - 1;
3346 }
3347
3348 return update_sed_opal_key(OPAL_AUTH_KEY, init_sed_key, keylen);
3349 }
3350 late_initcall(sed_opal_init);
Kernel DRM miscellaneous fixes and cross-tree changes