1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright © 2016 Intel Corporation
4  *
5  * Authors:
6  *    Scott  Bauer      <scott.bauer@intel.com>
7  *    Rafael Antognolli <rafael.antognolli@intel.com>
8  */
9 
10 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
11 
12 #include <linux/delay.h>
13 #include <linux/device.h>
14 #include <linux/kernel.h>
15 #include <linux/list.h>
16 #include <linux/blkdev.h>
17 #include <linux/slab.h>
18 #include <linux/uaccess.h>
19 #include <uapi/linux/sed-opal.h>
20 #include <linux/sed-opal.h>
21 #include <linux/sed-opal-key.h>
22 #include <linux/string.h>
23 #include <linux/kdev_t.h>
24 #include <linux/key.h>
25 #include <linux/key-type.h>
26 #include <keys/user-type.h>
27 
28 #include "opal_proto.h"
29 
30 #define IO_BUFFER_LENGTH 2048
31 #define MAX_TOKS 64
32 
33 /* Number of bytes needed by cmd_finalize. */
34 #define CMD_FINALIZE_BYTES_NEEDED 7
35 
36 static struct key *sed_opal_keyring;
37 
38 struct opal_step {
39 	int (*fn)(struct opal_dev *dev, void *data);
40 	void *data;
41 };
42 typedef int (cont_fn)(struct opal_dev *dev);
43 
44 enum opal_atom_width {
45 	OPAL_WIDTH_TINY,
46 	OPAL_WIDTH_SHORT,
47 	OPAL_WIDTH_MEDIUM,
48 	OPAL_WIDTH_LONG,
49 	OPAL_WIDTH_TOKEN
50 };
51 
52 /*
53  * On the parsed response, we don't store again the toks that are already
54  * stored in the response buffer. Instead, for each token, we just store a
55  * pointer to the position in the buffer where the token starts, and the size
56  * of the token in bytes.
57  */
58 struct opal_resp_tok {
59 	const u8 *pos;
60 	size_t len;
61 	enum opal_response_token type;
62 	enum opal_atom_width width;
63 	union {
64 		u64 u;
65 		s64 s;
66 	} stored;
67 };
68 
69 /*
70  * From the response header it's not possible to know how many tokens there are
71  * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
72  * if we start dealing with messages that have more than that, we can increase
73  * this number. This is done to avoid having to make two passes through the
74  * response, the first one counting how many tokens we have and the second one
75  * actually storing the positions.
76  */
77 struct parsed_resp {
78 	int num;
79 	struct opal_resp_tok toks[MAX_TOKS];
80 };
81 
82 struct opal_dev {
83 	u32 flags;
84 
85 	void *data;
86 	sec_send_recv *send_recv;
87 
88 	struct mutex dev_lock;
89 	u16 comid;
90 	u32 hsn;
91 	u32 tsn;
92 	u64 align; /* alignment granularity */
93 	u64 lowest_lba;
94 	u32 logical_block_size;
95 	u8  align_required; /* ALIGN: 0 or 1 */
96 
97 	size_t pos;
98 	u8 *cmd;
99 	u8 *resp;
100 
101 	struct parsed_resp parsed;
102 	size_t prev_d_len;
103 	void *prev_data;
104 
105 	struct list_head unlk_lst;
106 };
107 
108 
109 static const u8 opaluid[][OPAL_UID_LENGTH] = {
110 	/* users */
111 	[OPAL_SMUID_UID] =
112 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
113 	[OPAL_THISSP_UID] =
114 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
115 	[OPAL_ADMINSP_UID] =
116 		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
117 	[OPAL_LOCKINGSP_UID] =
118 		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
119 	[OPAL_ENTERPRISE_LOCKINGSP_UID] =
120 		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
121 	[OPAL_ANYBODY_UID] =
122 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
123 	[OPAL_SID_UID] =
124 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
125 	[OPAL_ADMIN1_UID] =
126 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
127 	[OPAL_USER1_UID] =
128 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
129 	[OPAL_USER2_UID] =
130 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
131 	[OPAL_PSID_UID] =
132 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
133 	[OPAL_ENTERPRISE_BANDMASTER0_UID] =
134 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
135 	[OPAL_ENTERPRISE_ERASEMASTER_UID] =
136 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
137 
138 	/* tables */
139 	[OPAL_TABLE_TABLE] =
140 		{ 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01 },
141 	[OPAL_LOCKINGRANGE_GLOBAL] =
142 		{ 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
143 	[OPAL_LOCKINGRANGE_ACE_START_TO_KEY] =
144 		{ 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xD0, 0x01 },
145 	[OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
146 		{ 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
147 	[OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
148 		{ 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
149 	[OPAL_MBRCONTROL] =
150 		{ 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
151 	[OPAL_MBR] =
152 		{ 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
153 	[OPAL_AUTHORITY_TABLE] =
154 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
155 	[OPAL_C_PIN_TABLE] =
156 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
157 	[OPAL_LOCKING_INFO_TABLE] =
158 		{ 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
159 	[OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
160 		{ 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
161 	[OPAL_DATASTORE] =
162 		{ 0x00, 0x00, 0x10, 0x01, 0x00, 0x00, 0x00, 0x00 },
163 
164 	/* C_PIN_TABLE object ID's */
165 	[OPAL_C_PIN_MSID] =
166 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
167 	[OPAL_C_PIN_SID] =
168 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
169 	[OPAL_C_PIN_ADMIN1] =
170 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
171 
172 	/* half UID's (only first 4 bytes used) */
173 	[OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
174 		{ 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
175 	[OPAL_HALF_UID_BOOLEAN_ACE] =
176 		{ 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
177 
178 	/* special value for omitted optional parameter */
179 	[OPAL_UID_HEXFF] =
180 		{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
181 };
182 
183 /*
184  * TCG Storage SSC Methods.
185  * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
186  * Section: 6.3 Assigned UIDs
187  */
188 static const u8 opalmethod[][OPAL_METHOD_LENGTH] = {
189 	[OPAL_PROPERTIES] =
190 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
191 	[OPAL_STARTSESSION] =
192 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
193 	[OPAL_REVERT] =
194 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
195 	[OPAL_ACTIVATE] =
196 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
197 	[OPAL_EGET] =
198 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
199 	[OPAL_ESET] =
200 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
201 	[OPAL_NEXT] =
202 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
203 	[OPAL_EAUTHENTICATE] =
204 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
205 	[OPAL_GETACL] =
206 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
207 	[OPAL_GENKEY] =
208 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
209 	[OPAL_REVERTSP] =
210 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
211 	[OPAL_GET] =
212 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
213 	[OPAL_SET] =
214 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
215 	[OPAL_AUTHENTICATE] =
216 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
217 	[OPAL_RANDOM] =
218 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
219 	[OPAL_ERASE] =
220 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
221 };
222 
223 static int end_opal_session_error(struct opal_dev *dev);
224 static int opal_discovery0_step(struct opal_dev *dev);
225 
226 struct opal_suspend_data {
227 	struct opal_lock_unlock unlk;
228 	u8 lr;
229 	struct list_head node;
230 };
231 
232 /*
233  * Derived from:
234  * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
235  * Section: 5.1.5 Method Status Codes
236  */
237 static const char * const opal_errors[] = {
238 	"Success",
239 	"Not Authorized",
240 	"Unknown Error",
241 	"SP Busy",
242 	"SP Failed",
243 	"SP Disabled",
244 	"SP Frozen",
245 	"No Sessions Available",
246 	"Uniqueness Conflict",
247 	"Insufficient Space",
248 	"Insufficient Rows",
249 	"Invalid Function",
250 	"Invalid Parameter",
251 	"Invalid Reference",
252 	"Unknown Error",
253 	"TPER Malfunction",
254 	"Transaction Failure",
255 	"Response Overflow",
256 	"Authority Locked Out",
257 };
258 
opal_error_to_human(int error)259 static const char *opal_error_to_human(int error)
260 {
261 	if (error == 0x3f)
262 		return "Failed";
263 
264 	if (error >= ARRAY_SIZE(opal_errors) || error < 0)
265 		return "Unknown Error";
266 
267 	return opal_errors[error];
268 }
269 
print_buffer(const u8 * ptr,u32 length)270 static void print_buffer(const u8 *ptr, u32 length)
271 {
272 #ifdef DEBUG
273 	print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
274 	pr_debug("\n");
275 #endif
276 }
277 
278 /*
279  * Allocate/update a SED Opal key and add it to the SED Opal keyring.
280  */
update_sed_opal_key(const char * desc,u_char * key_data,int keylen)281 static int update_sed_opal_key(const char *desc, u_char *key_data, int keylen)
282 {
283 	key_ref_t kr;
284 
285 	if (!sed_opal_keyring)
286 		return -ENOKEY;
287 
288 	kr = key_create_or_update(make_key_ref(sed_opal_keyring, true), "user",
289 				  desc, (const void *)key_data, keylen,
290 				  KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_WRITE,
291 				  KEY_ALLOC_NOT_IN_QUOTA | KEY_ALLOC_BUILT_IN |
292 					KEY_ALLOC_BYPASS_RESTRICTION);
293 	if (IS_ERR(kr)) {
294 		pr_err("Error adding SED key (%ld)\n", PTR_ERR(kr));
295 		return PTR_ERR(kr);
296 	}
297 
298 	return 0;
299 }
300 
301 /*
302  * Read a SED Opal key from the SED Opal keyring.
303  */
read_sed_opal_key(const char * key_name,u_char * buffer,int buflen)304 static int read_sed_opal_key(const char *key_name, u_char *buffer, int buflen)
305 {
306 	int ret;
307 	key_ref_t kref;
308 	struct key *key;
309 
310 	if (!sed_opal_keyring)
311 		return -ENOKEY;
312 
313 	kref = keyring_search(make_key_ref(sed_opal_keyring, true),
314 			      &key_type_user, key_name, true);
315 
316 	if (IS_ERR(kref))
317 		return PTR_ERR(kref);
318 
319 	key = key_ref_to_ptr(kref);
320 	down_read(&key->sem);
321 	ret = key_validate(key);
322 	if (ret == 0) {
323 		if (buflen > key->datalen)
324 			buflen = key->datalen;
325 
326 		ret = key->type->read(key, (char *)buffer, buflen);
327 	}
328 	up_read(&key->sem);
329 
330 	key_ref_put(kref);
331 
332 	return ret;
333 }
334 
opal_get_key(struct opal_dev * dev,struct opal_key * key)335 static int opal_get_key(struct opal_dev *dev, struct opal_key *key)
336 {
337 	int ret = 0;
338 
339 	switch (key->key_type) {
340 	case OPAL_INCLUDED:
341 		/* the key is ready to use */
342 		break;
343 	case OPAL_KEYRING:
344 		/* the key is in the keyring */
345 		ret = read_sed_opal_key(OPAL_AUTH_KEY, key->key, OPAL_KEY_MAX);
346 		if (ret > 0) {
347 			if (ret > U8_MAX) {
348 				ret = -ENOSPC;
349 				goto error;
350 			}
351 			key->key_len = ret;
352 			key->key_type = OPAL_INCLUDED;
353 		}
354 		break;
355 	default:
356 		ret = -EINVAL;
357 		break;
358 	}
359 	if (ret < 0)
360 		goto error;
361 
362 	/* must have a PEK by now or it's an error */
363 	if (key->key_type != OPAL_INCLUDED || key->key_len == 0) {
364 		ret = -EINVAL;
365 		goto error;
366 	}
367 	return 0;
368 error:
369 	pr_debug("Error getting password: %d\n", ret);
370 	return ret;
371 }
372 
check_tper(const void * data)373 static bool check_tper(const void *data)
374 {
375 	const struct d0_tper_features *tper = data;
376 	u8 flags = tper->supported_features;
377 
378 	if (!(flags & TPER_SYNC_SUPPORTED)) {
379 		pr_debug("TPer sync not supported. flags = %d\n",
380 			 tper->supported_features);
381 		return false;
382 	}
383 
384 	return true;
385 }
386 
check_lcksuppt(const void * data)387 static bool check_lcksuppt(const void *data)
388 {
389 	const struct d0_locking_features *lfeat = data;
390 	u8 sup_feat = lfeat->supported_features;
391 
392 	return !!(sup_feat & LOCKING_SUPPORTED_MASK);
393 }
394 
check_lckenabled(const void * data)395 static bool check_lckenabled(const void *data)
396 {
397 	const struct d0_locking_features *lfeat = data;
398 	u8 sup_feat = lfeat->supported_features;
399 
400 	return !!(sup_feat & LOCKING_ENABLED_MASK);
401 }
402 
check_locked(const void * data)403 static bool check_locked(const void *data)
404 {
405 	const struct d0_locking_features *lfeat = data;
406 	u8 sup_feat = lfeat->supported_features;
407 
408 	return !!(sup_feat & LOCKED_MASK);
409 }
410 
check_mbrenabled(const void * data)411 static bool check_mbrenabled(const void *data)
412 {
413 	const struct d0_locking_features *lfeat = data;
414 	u8 sup_feat = lfeat->supported_features;
415 
416 	return !!(sup_feat & MBR_ENABLED_MASK);
417 }
418 
check_mbrdone(const void * data)419 static bool check_mbrdone(const void *data)
420 {
421 	const struct d0_locking_features *lfeat = data;
422 	u8 sup_feat = lfeat->supported_features;
423 
424 	return !!(sup_feat & MBR_DONE_MASK);
425 }
426 
check_sum(const void * data)427 static bool check_sum(const void *data)
428 {
429 	const struct d0_single_user_mode *sum = data;
430 	u32 nlo = be32_to_cpu(sum->num_locking_objects);
431 
432 	if (nlo == 0) {
433 		pr_debug("Need at least one locking object.\n");
434 		return false;
435 	}
436 
437 	pr_debug("Number of locking objects: %d\n", nlo);
438 
439 	return true;
440 }
441 
get_comid_v100(const void * data)442 static u16 get_comid_v100(const void *data)
443 {
444 	const struct d0_opal_v100 *v100 = data;
445 
446 	return be16_to_cpu(v100->baseComID);
447 }
448 
get_comid_v200(const void * data)449 static u16 get_comid_v200(const void *data)
450 {
451 	const struct d0_opal_v200 *v200 = data;
452 
453 	return be16_to_cpu(v200->baseComID);
454 }
455 
opal_send_cmd(struct opal_dev * dev)456 static int opal_send_cmd(struct opal_dev *dev)
457 {
458 	return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
459 			      dev->cmd, IO_BUFFER_LENGTH,
460 			      true);
461 }
462 
opal_recv_cmd(struct opal_dev * dev)463 static int opal_recv_cmd(struct opal_dev *dev)
464 {
465 	return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
466 			      dev->resp, IO_BUFFER_LENGTH,
467 			      false);
468 }
469 
opal_recv_check(struct opal_dev * dev)470 static int opal_recv_check(struct opal_dev *dev)
471 {
472 	size_t buflen = IO_BUFFER_LENGTH;
473 	void *buffer = dev->resp;
474 	struct opal_header *hdr = buffer;
475 	int ret;
476 
477 	do {
478 		pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
479 			 hdr->cp.outstandingData,
480 			 hdr->cp.minTransfer);
481 
482 		if (hdr->cp.outstandingData == 0 ||
483 		    hdr->cp.minTransfer != 0)
484 			return 0;
485 
486 		memset(buffer, 0, buflen);
487 		ret = opal_recv_cmd(dev);
488 	} while (!ret);
489 
490 	return ret;
491 }
492 
opal_send_recv(struct opal_dev * dev,cont_fn * cont)493 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
494 {
495 	int ret;
496 
497 	ret = opal_send_cmd(dev);
498 	if (ret)
499 		return ret;
500 	ret = opal_recv_cmd(dev);
501 	if (ret)
502 		return ret;
503 	ret = opal_recv_check(dev);
504 	if (ret)
505 		return ret;
506 	return cont(dev);
507 }
508 
check_geometry(struct opal_dev * dev,const void * data)509 static void check_geometry(struct opal_dev *dev, const void *data)
510 {
511 	const struct d0_geometry_features *geo = data;
512 
513 	dev->align = be64_to_cpu(geo->alignment_granularity);
514 	dev->lowest_lba = be64_to_cpu(geo->lowest_aligned_lba);
515 	dev->logical_block_size = be32_to_cpu(geo->logical_block_size);
516 	dev->align_required = geo->reserved01 & 1;
517 }
518 
execute_step(struct opal_dev * dev,const struct opal_step * step,size_t stepIndex)519 static int execute_step(struct opal_dev *dev,
520 			const struct opal_step *step, size_t stepIndex)
521 {
522 	int error = step->fn(dev, step->data);
523 
524 	if (error) {
525 		pr_debug("Step %zu (%pS) failed with error %d: %s\n",
526 			 stepIndex, step->fn, error,
527 			 opal_error_to_human(error));
528 	}
529 
530 	return error;
531 }
532 
execute_steps(struct opal_dev * dev,const struct opal_step * steps,size_t n_steps)533 static int execute_steps(struct opal_dev *dev,
534 			 const struct opal_step *steps, size_t n_steps)
535 {
536 	size_t state = 0;
537 	int error;
538 
539 	/* first do a discovery0 */
540 	error = opal_discovery0_step(dev);
541 	if (error)
542 		return error;
543 
544 	for (state = 0; state < n_steps; state++) {
545 		error = execute_step(dev, &steps[state], state);
546 		if (error)
547 			goto out_error;
548 	}
549 
550 	return 0;
551 
552 out_error:
553 	/*
554 	 * For each OPAL command the first step in steps starts some sort of
555 	 * session. If an error occurred in the initial discovery0 or if an
556 	 * error occurred in the first step (and thus stopping the loop with
557 	 * state == 0) then there was an error before or during the attempt to
558 	 * start a session. Therefore we shouldn't attempt to terminate a
559 	 * session, as one has not yet been created.
560 	 */
561 	if (state > 0)
562 		end_opal_session_error(dev);
563 
564 	return error;
565 }
566 
opal_discovery0_end(struct opal_dev * dev,void * data)567 static int opal_discovery0_end(struct opal_dev *dev, void *data)
568 {
569 	struct opal_discovery *discv_out = data; /* may be NULL */
570 	u8 __user *buf_out;
571 	u64 len_out;
572 	bool found_com_id = false, supported = true, single_user = false;
573 	const struct d0_header *hdr = (struct d0_header *)dev->resp;
574 	const u8 *epos = dev->resp, *cpos = dev->resp;
575 	u16 comid = 0;
576 	u32 hlen = be32_to_cpu(hdr->length);
577 
578 	print_buffer(dev->resp, hlen);
579 	dev->flags &= OPAL_FL_SUPPORTED;
580 
581 	if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
582 		pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
583 			 sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
584 		return -EFAULT;
585 	}
586 
587 	if (discv_out) {
588 		buf_out = (u8 __user *)(uintptr_t)discv_out->data;
589 		len_out = min_t(u64, discv_out->size, hlen);
590 		if (buf_out && copy_to_user(buf_out, dev->resp, len_out))
591 			return -EFAULT;
592 
593 		discv_out->size = hlen; /* actual size of data */
594 	}
595 
596 	epos += hlen; /* end of buffer */
597 	cpos += sizeof(*hdr); /* current position on buffer */
598 
599 	while (cpos < epos && supported) {
600 		const struct d0_features *body =
601 			(const struct d0_features *)cpos;
602 
603 		switch (be16_to_cpu(body->code)) {
604 		case FC_TPER:
605 			supported = check_tper(body->features);
606 			break;
607 		case FC_SINGLEUSER:
608 			single_user = check_sum(body->features);
609 			if (single_user)
610 				dev->flags |= OPAL_FL_SUM_SUPPORTED;
611 			break;
612 		case FC_GEOMETRY:
613 			check_geometry(dev, body);
614 			break;
615 		case FC_LOCKING:
616 			if (check_lcksuppt(body->features))
617 				dev->flags |= OPAL_FL_LOCKING_SUPPORTED;
618 			if (check_lckenabled(body->features))
619 				dev->flags |= OPAL_FL_LOCKING_ENABLED;
620 			if (check_locked(body->features))
621 				dev->flags |= OPAL_FL_LOCKED;
622 			if (check_mbrenabled(body->features))
623 				dev->flags |= OPAL_FL_MBR_ENABLED;
624 			if (check_mbrdone(body->features))
625 				dev->flags |= OPAL_FL_MBR_DONE;
626 			break;
627 		case FC_ENTERPRISE:
628 		case FC_DATASTORE:
629 			/* some ignored properties */
630 			pr_debug("Found OPAL feature description: %d\n",
631 				 be16_to_cpu(body->code));
632 			break;
633 		case FC_OPALV100:
634 			comid = get_comid_v100(body->features);
635 			found_com_id = true;
636 			break;
637 		case FC_OPALV200:
638 			comid = get_comid_v200(body->features);
639 			found_com_id = true;
640 			break;
641 		case 0xbfff ... 0xffff:
642 			/* vendor specific, just ignore */
643 			break;
644 		default:
645 			pr_debug("OPAL Unknown feature: %d\n",
646 				 be16_to_cpu(body->code));
647 
648 		}
649 		cpos += body->length + 4;
650 	}
651 
652 	if (!supported) {
653 		pr_debug("This device is not Opal enabled. Not Supported!\n");
654 		return -EOPNOTSUPP;
655 	}
656 
657 	if (!single_user)
658 		pr_debug("Device doesn't support single user mode\n");
659 
660 
661 	if (!found_com_id) {
662 		pr_debug("Could not find OPAL comid for device. Returning early\n");
663 		return -EOPNOTSUPP;
664 	}
665 
666 	dev->comid = comid;
667 
668 	return 0;
669 }
670 
opal_discovery0(struct opal_dev * dev,void * data)671 static int opal_discovery0(struct opal_dev *dev, void *data)
672 {
673 	int ret;
674 
675 	memset(dev->resp, 0, IO_BUFFER_LENGTH);
676 	dev->comid = OPAL_DISCOVERY_COMID;
677 	ret = opal_recv_cmd(dev);
678 	if (ret)
679 		return ret;
680 
681 	return opal_discovery0_end(dev, data);
682 }
683 
opal_discovery0_step(struct opal_dev * dev)684 static int opal_discovery0_step(struct opal_dev *dev)
685 {
686 	const struct opal_step discovery0_step = {
687 		opal_discovery0, NULL
688 	};
689 
690 	return execute_step(dev, &discovery0_step, 0);
691 }
692 
remaining_size(struct opal_dev * cmd)693 static size_t remaining_size(struct opal_dev *cmd)
694 {
695 	return IO_BUFFER_LENGTH - cmd->pos;
696 }
697 
can_add(int * err,struct opal_dev * cmd,size_t len)698 static bool can_add(int *err, struct opal_dev *cmd, size_t len)
699 {
700 	if (*err)
701 		return false;
702 
703 	if (remaining_size(cmd) < len) {
704 		pr_debug("Error adding %zu bytes: end of buffer.\n", len);
705 		*err = -ERANGE;
706 		return false;
707 	}
708 
709 	return true;
710 }
711 
add_token_u8(int * err,struct opal_dev * cmd,u8 tok)712 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
713 {
714 	if (!can_add(err, cmd, 1))
715 		return;
716 
717 	cmd->cmd[cmd->pos++] = tok;
718 }
719 
add_short_atom_header(struct opal_dev * cmd,bool bytestring,bool has_sign,int len)720 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
721 				  bool has_sign, int len)
722 {
723 	u8 atom;
724 	int err = 0;
725 
726 	atom = SHORT_ATOM_ID;
727 	atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
728 	atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
729 	atom |= len & SHORT_ATOM_LEN_MASK;
730 
731 	add_token_u8(&err, cmd, atom);
732 }
733 
add_medium_atom_header(struct opal_dev * cmd,bool bytestring,bool has_sign,int len)734 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
735 				   bool has_sign, int len)
736 {
737 	u8 header0;
738 
739 	header0 = MEDIUM_ATOM_ID;
740 	header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
741 	header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
742 	header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
743 
744 	cmd->cmd[cmd->pos++] = header0;
745 	cmd->cmd[cmd->pos++] = len;
746 }
747 
add_token_u64(int * err,struct opal_dev * cmd,u64 number)748 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
749 {
750 	size_t len;
751 	int msb;
752 
753 	if (!(number & ~TINY_ATOM_DATA_MASK)) {
754 		add_token_u8(err, cmd, number);
755 		return;
756 	}
757 
758 	msb = fls64(number);
759 	len = DIV_ROUND_UP(msb, 8);
760 
761 	if (!can_add(err, cmd, len + 1)) {
762 		pr_debug("Error adding u64: end of buffer.\n");
763 		return;
764 	}
765 	add_short_atom_header(cmd, false, false, len);
766 	while (len--)
767 		add_token_u8(err, cmd, number >> (len * 8));
768 }
769 
add_bytestring_header(int * err,struct opal_dev * cmd,size_t len)770 static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len)
771 {
772 	size_t header_len = 1;
773 	bool is_short_atom = true;
774 
775 	if (len & ~SHORT_ATOM_LEN_MASK) {
776 		header_len = 2;
777 		is_short_atom = false;
778 	}
779 
780 	if (!can_add(err, cmd, header_len + len)) {
781 		pr_debug("Error adding bytestring: end of buffer.\n");
782 		return NULL;
783 	}
784 
785 	if (is_short_atom)
786 		add_short_atom_header(cmd, true, false, len);
787 	else
788 		add_medium_atom_header(cmd, true, false, len);
789 
790 	return &cmd->cmd[cmd->pos];
791 }
792 
add_token_bytestring(int * err,struct opal_dev * cmd,const u8 * bytestring,size_t len)793 static void add_token_bytestring(int *err, struct opal_dev *cmd,
794 				 const u8 *bytestring, size_t len)
795 {
796 	u8 *start;
797 
798 	start = add_bytestring_header(err, cmd, len);
799 	if (!start)
800 		return;
801 	memcpy(start, bytestring, len);
802 	cmd->pos += len;
803 }
804 
build_locking_range(u8 * buffer,size_t length,u8 lr)805 static int build_locking_range(u8 *buffer, size_t length, u8 lr)
806 {
807 	if (length > OPAL_UID_LENGTH) {
808 		pr_debug("Can't build locking range. Length OOB\n");
809 		return -ERANGE;
810 	}
811 
812 	memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
813 
814 	if (lr == 0)
815 		return 0;
816 
817 	buffer[5] = LOCKING_RANGE_NON_GLOBAL;
818 	buffer[7] = lr;
819 
820 	return 0;
821 }
822 
build_locking_user(u8 * buffer,size_t length,u8 lr)823 static int build_locking_user(u8 *buffer, size_t length, u8 lr)
824 {
825 	if (length > OPAL_UID_LENGTH) {
826 		pr_debug("Can't build locking range user. Length OOB\n");
827 		return -ERANGE;
828 	}
829 
830 	memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
831 
832 	buffer[7] = lr + 1;
833 
834 	return 0;
835 }
836 
set_comid(struct opal_dev * cmd,u16 comid)837 static void set_comid(struct opal_dev *cmd, u16 comid)
838 {
839 	struct opal_header *hdr = (struct opal_header *)cmd->cmd;
840 
841 	hdr->cp.extendedComID[0] = comid >> 8;
842 	hdr->cp.extendedComID[1] = comid;
843 	hdr->cp.extendedComID[2] = 0;
844 	hdr->cp.extendedComID[3] = 0;
845 }
846 
cmd_finalize(struct opal_dev * cmd,u32 hsn,u32 tsn)847 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
848 {
849 	struct opal_header *hdr;
850 	int err = 0;
851 
852 	/*
853 	 * Close the parameter list opened from cmd_start.
854 	 * The number of bytes added must be equal to
855 	 * CMD_FINALIZE_BYTES_NEEDED.
856 	 */
857 	add_token_u8(&err, cmd, OPAL_ENDLIST);
858 
859 	add_token_u8(&err, cmd, OPAL_ENDOFDATA);
860 	add_token_u8(&err, cmd, OPAL_STARTLIST);
861 	add_token_u8(&err, cmd, 0);
862 	add_token_u8(&err, cmd, 0);
863 	add_token_u8(&err, cmd, 0);
864 	add_token_u8(&err, cmd, OPAL_ENDLIST);
865 
866 	if (err) {
867 		pr_debug("Error finalizing command.\n");
868 		return -EFAULT;
869 	}
870 
871 	hdr = (struct opal_header *) cmd->cmd;
872 
873 	hdr->pkt.tsn = cpu_to_be32(tsn);
874 	hdr->pkt.hsn = cpu_to_be32(hsn);
875 
876 	hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
877 	while (cmd->pos % 4) {
878 		if (cmd->pos >= IO_BUFFER_LENGTH) {
879 			pr_debug("Error: Buffer overrun\n");
880 			return -ERANGE;
881 		}
882 		cmd->cmd[cmd->pos++] = 0;
883 	}
884 	hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
885 				      sizeof(hdr->pkt));
886 	hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
887 
888 	return 0;
889 }
890 
response_get_token(const struct parsed_resp * resp,int n)891 static const struct opal_resp_tok *response_get_token(
892 				const struct parsed_resp *resp,
893 				int n)
894 {
895 	const struct opal_resp_tok *tok;
896 
897 	if (!resp) {
898 		pr_debug("Response is NULL\n");
899 		return ERR_PTR(-EINVAL);
900 	}
901 
902 	if (n >= resp->num) {
903 		pr_debug("Token number doesn't exist: %d, resp: %d\n",
904 			 n, resp->num);
905 		return ERR_PTR(-EINVAL);
906 	}
907 
908 	tok = &resp->toks[n];
909 	if (tok->len == 0) {
910 		pr_debug("Token length must be non-zero\n");
911 		return ERR_PTR(-EINVAL);
912 	}
913 
914 	return tok;
915 }
916 
response_parse_tiny(struct opal_resp_tok * tok,const u8 * pos)917 static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
918 				   const u8 *pos)
919 {
920 	tok->pos = pos;
921 	tok->len = 1;
922 	tok->width = OPAL_WIDTH_TINY;
923 
924 	if (pos[0] & TINY_ATOM_SIGNED) {
925 		tok->type = OPAL_DTA_TOKENID_SINT;
926 	} else {
927 		tok->type = OPAL_DTA_TOKENID_UINT;
928 		tok->stored.u = pos[0] & 0x3f;
929 	}
930 
931 	return tok->len;
932 }
933 
response_parse_short(struct opal_resp_tok * tok,const u8 * pos)934 static ssize_t response_parse_short(struct opal_resp_tok *tok,
935 				    const u8 *pos)
936 {
937 	tok->pos = pos;
938 	tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
939 	tok->width = OPAL_WIDTH_SHORT;
940 
941 	if (pos[0] & SHORT_ATOM_BYTESTRING) {
942 		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
943 	} else if (pos[0] & SHORT_ATOM_SIGNED) {
944 		tok->type = OPAL_DTA_TOKENID_SINT;
945 	} else {
946 		u64 u_integer = 0;
947 		ssize_t i, b = 0;
948 
949 		tok->type = OPAL_DTA_TOKENID_UINT;
950 		if (tok->len > 9) {
951 			pr_debug("uint64 with more than 8 bytes\n");
952 			return -EINVAL;
953 		}
954 		for (i = tok->len - 1; i > 0; i--) {
955 			u_integer |= ((u64)pos[i] << (8 * b));
956 			b++;
957 		}
958 		tok->stored.u = u_integer;
959 	}
960 
961 	return tok->len;
962 }
963 
response_parse_medium(struct opal_resp_tok * tok,const u8 * pos)964 static ssize_t response_parse_medium(struct opal_resp_tok *tok,
965 				     const u8 *pos)
966 {
967 	tok->pos = pos;
968 	tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
969 	tok->width = OPAL_WIDTH_MEDIUM;
970 
971 	if (pos[0] & MEDIUM_ATOM_BYTESTRING)
972 		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
973 	else if (pos[0] & MEDIUM_ATOM_SIGNED)
974 		tok->type = OPAL_DTA_TOKENID_SINT;
975 	else
976 		tok->type = OPAL_DTA_TOKENID_UINT;
977 
978 	return tok->len;
979 }
980 
response_parse_long(struct opal_resp_tok * tok,const u8 * pos)981 static ssize_t response_parse_long(struct opal_resp_tok *tok,
982 				   const u8 *pos)
983 {
984 	tok->pos = pos;
985 	tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
986 	tok->width = OPAL_WIDTH_LONG;
987 
988 	if (pos[0] & LONG_ATOM_BYTESTRING)
989 		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
990 	else if (pos[0] & LONG_ATOM_SIGNED)
991 		tok->type = OPAL_DTA_TOKENID_SINT;
992 	else
993 		tok->type = OPAL_DTA_TOKENID_UINT;
994 
995 	return tok->len;
996 }
997 
response_parse_token(struct opal_resp_tok * tok,const u8 * pos)998 static ssize_t response_parse_token(struct opal_resp_tok *tok,
999 				    const u8 *pos)
1000 {
1001 	tok->pos = pos;
1002 	tok->len = 1;
1003 	tok->type = OPAL_DTA_TOKENID_TOKEN;
1004 	tok->width = OPAL_WIDTH_TOKEN;
1005 
1006 	return tok->len;
1007 }
1008 
response_parse(const u8 * buf,size_t length,struct parsed_resp * resp)1009 static int response_parse(const u8 *buf, size_t length,
1010 			  struct parsed_resp *resp)
1011 {
1012 	const struct opal_header *hdr;
1013 	struct opal_resp_tok *iter;
1014 	int num_entries = 0;
1015 	int total;
1016 	ssize_t token_length;
1017 	const u8 *pos;
1018 	u32 clen, plen, slen;
1019 
1020 	if (!buf)
1021 		return -EFAULT;
1022 
1023 	if (!resp)
1024 		return -EFAULT;
1025 
1026 	hdr = (struct opal_header *)buf;
1027 	pos = buf;
1028 	pos += sizeof(*hdr);
1029 
1030 	clen = be32_to_cpu(hdr->cp.length);
1031 	plen = be32_to_cpu(hdr->pkt.length);
1032 	slen = be32_to_cpu(hdr->subpkt.length);
1033 	pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
1034 		 clen, plen, slen);
1035 
1036 	if (clen == 0 || plen == 0 || slen == 0 ||
1037 	    slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
1038 		pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
1039 			 clen, plen, slen);
1040 		print_buffer(pos, sizeof(*hdr));
1041 		return -EINVAL;
1042 	}
1043 
1044 	if (pos > buf + length)
1045 		return -EFAULT;
1046 
1047 	iter = resp->toks;
1048 	total = slen;
1049 	print_buffer(pos, total);
1050 	while (total > 0) {
1051 		if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
1052 			token_length = response_parse_tiny(iter, pos);
1053 		else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
1054 			token_length = response_parse_short(iter, pos);
1055 		else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
1056 			token_length = response_parse_medium(iter, pos);
1057 		else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
1058 			token_length = response_parse_long(iter, pos);
1059 		else if (pos[0] == EMPTY_ATOM_BYTE) /* empty atom */
1060 			token_length = 1;
1061 		else /* TOKEN */
1062 			token_length = response_parse_token(iter, pos);
1063 
1064 		if (token_length < 0)
1065 			return token_length;
1066 
1067 		if (pos[0] != EMPTY_ATOM_BYTE)
1068 			num_entries++;
1069 
1070 		pos += token_length;
1071 		total -= token_length;
1072 		iter++;
1073 	}
1074 
1075 	resp->num = num_entries;
1076 
1077 	return 0;
1078 }
1079 
response_get_string(const struct parsed_resp * resp,int n,const char ** store)1080 static size_t response_get_string(const struct parsed_resp *resp, int n,
1081 				  const char **store)
1082 {
1083 	u8 skip;
1084 	const struct opal_resp_tok *tok;
1085 
1086 	*store = NULL;
1087 	tok = response_get_token(resp, n);
1088 	if (IS_ERR(tok))
1089 		return 0;
1090 
1091 	if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) {
1092 		pr_debug("Token is not a byte string!\n");
1093 		return 0;
1094 	}
1095 
1096 	switch (tok->width) {
1097 	case OPAL_WIDTH_TINY:
1098 	case OPAL_WIDTH_SHORT:
1099 		skip = 1;
1100 		break;
1101 	case OPAL_WIDTH_MEDIUM:
1102 		skip = 2;
1103 		break;
1104 	case OPAL_WIDTH_LONG:
1105 		skip = 4;
1106 		break;
1107 	default:
1108 		pr_debug("Token has invalid width!\n");
1109 		return 0;
1110 	}
1111 
1112 	*store = tok->pos + skip;
1113 
1114 	return tok->len - skip;
1115 }
1116 
response_get_u64(const struct parsed_resp * resp,int n)1117 static u64 response_get_u64(const struct parsed_resp *resp, int n)
1118 {
1119 	const struct opal_resp_tok *tok;
1120 
1121 	tok = response_get_token(resp, n);
1122 	if (IS_ERR(tok))
1123 		return 0;
1124 
1125 	if (tok->type != OPAL_DTA_TOKENID_UINT) {
1126 		pr_debug("Token is not unsigned int: %d\n", tok->type);
1127 		return 0;
1128 	}
1129 
1130 	if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) {
1131 		pr_debug("Atom is not short or tiny: %d\n", tok->width);
1132 		return 0;
1133 	}
1134 
1135 	return tok->stored.u;
1136 }
1137 
response_token_matches(const struct opal_resp_tok * token,u8 match)1138 static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
1139 {
1140 	if (IS_ERR(token) ||
1141 	    token->type != OPAL_DTA_TOKENID_TOKEN ||
1142 	    token->pos[0] != match)
1143 		return false;
1144 	return true;
1145 }
1146 
response_status(const struct parsed_resp * resp)1147 static u8 response_status(const struct parsed_resp *resp)
1148 {
1149 	const struct opal_resp_tok *tok;
1150 
1151 	tok = response_get_token(resp, 0);
1152 	if (response_token_matches(tok, OPAL_ENDOFSESSION))
1153 		return 0;
1154 
1155 	if (resp->num < 5)
1156 		return DTAERROR_NO_METHOD_STATUS;
1157 
1158 	tok = response_get_token(resp, resp->num - 5);
1159 	if (!response_token_matches(tok, OPAL_STARTLIST))
1160 		return DTAERROR_NO_METHOD_STATUS;
1161 
1162 	tok = response_get_token(resp, resp->num - 1);
1163 	if (!response_token_matches(tok, OPAL_ENDLIST))
1164 		return DTAERROR_NO_METHOD_STATUS;
1165 
1166 	return response_get_u64(resp, resp->num - 4);
1167 }
1168 
1169 /* Parses and checks for errors */
parse_and_check_status(struct opal_dev * dev)1170 static int parse_and_check_status(struct opal_dev *dev)
1171 {
1172 	int error;
1173 
1174 	print_buffer(dev->cmd, dev->pos);
1175 
1176 	error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
1177 	if (error) {
1178 		pr_debug("Couldn't parse response.\n");
1179 		return error;
1180 	}
1181 
1182 	return response_status(&dev->parsed);
1183 }
1184 
clear_opal_cmd(struct opal_dev * dev)1185 static void clear_opal_cmd(struct opal_dev *dev)
1186 {
1187 	dev->pos = sizeof(struct opal_header);
1188 	memset(dev->cmd, 0, IO_BUFFER_LENGTH);
1189 }
1190 
cmd_start(struct opal_dev * dev,const u8 * uid,const u8 * method)1191 static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method)
1192 {
1193 	int err = 0;
1194 
1195 	clear_opal_cmd(dev);
1196 	set_comid(dev, dev->comid);
1197 
1198 	add_token_u8(&err, dev, OPAL_CALL);
1199 	add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1200 	add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH);
1201 
1202 	/*
1203 	 * Every method call is followed by its parameters enclosed within
1204 	 * OPAL_STARTLIST and OPAL_ENDLIST tokens. We automatically open the
1205 	 * parameter list here and close it later in cmd_finalize.
1206 	 */
1207 	add_token_u8(&err, dev, OPAL_STARTLIST);
1208 
1209 	return err;
1210 }
1211 
start_opal_session_cont(struct opal_dev * dev)1212 static int start_opal_session_cont(struct opal_dev *dev)
1213 {
1214 	u32 hsn, tsn;
1215 	int error;
1216 
1217 	error = parse_and_check_status(dev);
1218 	if (error)
1219 		return error;
1220 
1221 	hsn = response_get_u64(&dev->parsed, 4);
1222 	tsn = response_get_u64(&dev->parsed, 5);
1223 
1224 	if (hsn != GENERIC_HOST_SESSION_NUM || tsn < FIRST_TPER_SESSION_NUM) {
1225 		pr_debug("Couldn't authenticate session\n");
1226 		return -EPERM;
1227 	}
1228 
1229 	dev->hsn = hsn;
1230 	dev->tsn = tsn;
1231 
1232 	return 0;
1233 }
1234 
add_suspend_info(struct opal_dev * dev,struct opal_suspend_data * sus)1235 static void add_suspend_info(struct opal_dev *dev,
1236 			     struct opal_suspend_data *sus)
1237 {
1238 	struct opal_suspend_data *iter;
1239 
1240 	list_for_each_entry(iter, &dev->unlk_lst, node) {
1241 		if (iter->lr == sus->lr) {
1242 			list_del(&iter->node);
1243 			kfree(iter);
1244 			break;
1245 		}
1246 	}
1247 	list_add_tail(&sus->node, &dev->unlk_lst);
1248 }
1249 
end_session_cont(struct opal_dev * dev)1250 static int end_session_cont(struct opal_dev *dev)
1251 {
1252 	dev->hsn = 0;
1253 	dev->tsn = 0;
1254 
1255 	return parse_and_check_status(dev);
1256 }
1257 
finalize_and_send(struct opal_dev * dev,cont_fn cont)1258 static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1259 {
1260 	int ret;
1261 
1262 	ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1263 	if (ret) {
1264 		pr_debug("Error finalizing command buffer: %d\n", ret);
1265 		return ret;
1266 	}
1267 
1268 	print_buffer(dev->cmd, dev->pos);
1269 
1270 	return opal_send_recv(dev, cont);
1271 }
1272 
generic_get_columns(struct opal_dev * dev,const u8 * table,u64 start_column,u64 end_column)1273 static int generic_get_columns(struct opal_dev *dev, const u8 *table,
1274 			       u64 start_column, u64 end_column)
1275 {
1276 	int err;
1277 
1278 	err = cmd_start(dev, table, opalmethod[OPAL_GET]);
1279 
1280 	add_token_u8(&err, dev, OPAL_STARTLIST);
1281 
1282 	add_token_u8(&err, dev, OPAL_STARTNAME);
1283 	add_token_u8(&err, dev, OPAL_STARTCOLUMN);
1284 	add_token_u64(&err, dev, start_column);
1285 	add_token_u8(&err, dev, OPAL_ENDNAME);
1286 
1287 	add_token_u8(&err, dev, OPAL_STARTNAME);
1288 	add_token_u8(&err, dev, OPAL_ENDCOLUMN);
1289 	add_token_u64(&err, dev, end_column);
1290 	add_token_u8(&err, dev, OPAL_ENDNAME);
1291 
1292 	add_token_u8(&err, dev, OPAL_ENDLIST);
1293 
1294 	if (err)
1295 		return err;
1296 
1297 	return finalize_and_send(dev, parse_and_check_status);
1298 }
1299 
1300 /*
1301  * request @column from table @table on device @dev. On success, the column
1302  * data will be available in dev->resp->tok[4]
1303  */
generic_get_column(struct opal_dev * dev,const u8 * table,u64 column)1304 static int generic_get_column(struct opal_dev *dev, const u8 *table,
1305 			      u64 column)
1306 {
1307 	return generic_get_columns(dev, table, column, column);
1308 }
1309 
1310 /*
1311  * see TCG SAS 5.3.2.3 for a description of the available columns
1312  *
1313  * the result is provided in dev->resp->tok[4]
1314  */
generic_get_table_info(struct opal_dev * dev,const u8 * table_uid,u64 column)1315 static int generic_get_table_info(struct opal_dev *dev, const u8 *table_uid,
1316 				  u64 column)
1317 {
1318 	u8 uid[OPAL_UID_LENGTH];
1319 	const unsigned int half = OPAL_UID_LENGTH_HALF;
1320 
1321 	/* sed-opal UIDs can be split in two halves:
1322 	 *  first:  actual table index
1323 	 *  second: relative index in the table
1324 	 * so we have to get the first half of the OPAL_TABLE_TABLE and use the
1325 	 * first part of the target table as relative index into that table
1326 	 */
1327 	memcpy(uid, opaluid[OPAL_TABLE_TABLE], half);
1328 	memcpy(uid + half, table_uid, half);
1329 
1330 	return generic_get_column(dev, uid, column);
1331 }
1332 
gen_key(struct opal_dev * dev,void * data)1333 static int gen_key(struct opal_dev *dev, void *data)
1334 {
1335 	u8 uid[OPAL_UID_LENGTH];
1336 	int err;
1337 
1338 	memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1339 	kfree(dev->prev_data);
1340 	dev->prev_data = NULL;
1341 
1342 	err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]);
1343 
1344 	if (err) {
1345 		pr_debug("Error building gen key command\n");
1346 		return err;
1347 
1348 	}
1349 
1350 	return finalize_and_send(dev, parse_and_check_status);
1351 }
1352 
get_active_key_cont(struct opal_dev * dev)1353 static int get_active_key_cont(struct opal_dev *dev)
1354 {
1355 	const char *activekey;
1356 	size_t keylen;
1357 	int error;
1358 
1359 	error = parse_and_check_status(dev);
1360 	if (error)
1361 		return error;
1362 
1363 	keylen = response_get_string(&dev->parsed, 4, &activekey);
1364 	if (!activekey) {
1365 		pr_debug("%s: Couldn't extract the Activekey from the response\n",
1366 			 __func__);
1367 		return OPAL_INVAL_PARAM;
1368 	}
1369 
1370 	dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1371 
1372 	if (!dev->prev_data)
1373 		return -ENOMEM;
1374 
1375 	dev->prev_d_len = keylen;
1376 
1377 	return 0;
1378 }
1379 
get_active_key(struct opal_dev * dev,void * data)1380 static int get_active_key(struct opal_dev *dev, void *data)
1381 {
1382 	u8 uid[OPAL_UID_LENGTH];
1383 	int err;
1384 	u8 *lr = data;
1385 
1386 	err = build_locking_range(uid, sizeof(uid), *lr);
1387 	if (err)
1388 		return err;
1389 
1390 	err = generic_get_column(dev, uid, OPAL_ACTIVEKEY);
1391 	if (err)
1392 		return err;
1393 
1394 	return get_active_key_cont(dev);
1395 }
1396 
generic_table_write_data(struct opal_dev * dev,const u64 data,u64 offset,u64 size,const u8 * uid)1397 static int generic_table_write_data(struct opal_dev *dev, const u64 data,
1398 				    u64 offset, u64 size, const u8 *uid)
1399 {
1400 	const u8 __user *src = (u8 __user *)(uintptr_t)data;
1401 	u8 *dst;
1402 	u64 len;
1403 	size_t off = 0;
1404 	int err;
1405 
1406 	/* do we fit in the available space? */
1407 	err = generic_get_table_info(dev, uid, OPAL_TABLE_ROWS);
1408 	if (err) {
1409 		pr_debug("Couldn't get the table size\n");
1410 		return err;
1411 	}
1412 
1413 	len = response_get_u64(&dev->parsed, 4);
1414 	if (size > len || offset > len - size) {
1415 		pr_debug("Does not fit in the table (%llu vs. %llu)\n",
1416 			  offset + size, len);
1417 		return -ENOSPC;
1418 	}
1419 
1420 	/* do the actual transmission(s) */
1421 	while (off < size) {
1422 		err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1423 		add_token_u8(&err, dev, OPAL_STARTNAME);
1424 		add_token_u8(&err, dev, OPAL_WHERE);
1425 		add_token_u64(&err, dev, offset + off);
1426 		add_token_u8(&err, dev, OPAL_ENDNAME);
1427 
1428 		add_token_u8(&err, dev, OPAL_STARTNAME);
1429 		add_token_u8(&err, dev, OPAL_VALUES);
1430 
1431 		/*
1432 		 * The bytestring header is either 1 or 2 bytes, so assume 2.
1433 		 * There also needs to be enough space to accommodate the
1434 		 * trailing OPAL_ENDNAME (1 byte) and tokens added by
1435 		 * cmd_finalize.
1436 		 */
1437 		len = min(remaining_size(dev) - (2+1+CMD_FINALIZE_BYTES_NEEDED),
1438 			  (size_t)(size - off));
1439 		pr_debug("Write bytes %zu+%llu/%llu\n", off, len, size);
1440 
1441 		dst = add_bytestring_header(&err, dev, len);
1442 		if (!dst)
1443 			break;
1444 
1445 		if (copy_from_user(dst, src + off, len)) {
1446 			err = -EFAULT;
1447 			break;
1448 		}
1449 
1450 		dev->pos += len;
1451 
1452 		add_token_u8(&err, dev, OPAL_ENDNAME);
1453 		if (err)
1454 			break;
1455 
1456 		err = finalize_and_send(dev, parse_and_check_status);
1457 		if (err)
1458 			break;
1459 
1460 		off += len;
1461 	}
1462 
1463 	return err;
1464 }
1465 
generic_lr_enable_disable(struct opal_dev * dev,u8 * uid,bool rle,bool wle,bool rl,bool wl)1466 static int generic_lr_enable_disable(struct opal_dev *dev,
1467 				     u8 *uid, bool rle, bool wle,
1468 				     bool rl, bool wl)
1469 {
1470 	int err;
1471 
1472 	err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1473 
1474 	add_token_u8(&err, dev, OPAL_STARTNAME);
1475 	add_token_u8(&err, dev, OPAL_VALUES);
1476 	add_token_u8(&err, dev, OPAL_STARTLIST);
1477 
1478 	add_token_u8(&err, dev, OPAL_STARTNAME);
1479 	add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1480 	add_token_u8(&err, dev, rle);
1481 	add_token_u8(&err, dev, OPAL_ENDNAME);
1482 
1483 	add_token_u8(&err, dev, OPAL_STARTNAME);
1484 	add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1485 	add_token_u8(&err, dev, wle);
1486 	add_token_u8(&err, dev, OPAL_ENDNAME);
1487 
1488 	add_token_u8(&err, dev, OPAL_STARTNAME);
1489 	add_token_u8(&err, dev, OPAL_READLOCKED);
1490 	add_token_u8(&err, dev, rl);
1491 	add_token_u8(&err, dev, OPAL_ENDNAME);
1492 
1493 	add_token_u8(&err, dev, OPAL_STARTNAME);
1494 	add_token_u8(&err, dev, OPAL_WRITELOCKED);
1495 	add_token_u8(&err, dev, wl);
1496 	add_token_u8(&err, dev, OPAL_ENDNAME);
1497 
1498 	add_token_u8(&err, dev, OPAL_ENDLIST);
1499 	add_token_u8(&err, dev, OPAL_ENDNAME);
1500 
1501 	return err;
1502 }
1503 
enable_global_lr(struct opal_dev * dev,u8 * uid,struct opal_user_lr_setup * setup)1504 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1505 				   struct opal_user_lr_setup *setup)
1506 {
1507 	int err;
1508 
1509 	err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1510 					0, 0);
1511 	if (err)
1512 		pr_debug("Failed to create enable global lr command\n");
1513 
1514 	return err;
1515 }
1516 
setup_locking_range(struct opal_dev * dev,void * data)1517 static int setup_locking_range(struct opal_dev *dev, void *data)
1518 {
1519 	u8 uid[OPAL_UID_LENGTH];
1520 	struct opal_user_lr_setup *setup = data;
1521 	u8 lr;
1522 	int err;
1523 
1524 	lr = setup->session.opal_key.lr;
1525 	err = build_locking_range(uid, sizeof(uid), lr);
1526 	if (err)
1527 		return err;
1528 
1529 	if (lr == 0)
1530 		err = enable_global_lr(dev, uid, setup);
1531 	else {
1532 		err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1533 
1534 		add_token_u8(&err, dev, OPAL_STARTNAME);
1535 		add_token_u8(&err, dev, OPAL_VALUES);
1536 		add_token_u8(&err, dev, OPAL_STARTLIST);
1537 
1538 		add_token_u8(&err, dev, OPAL_STARTNAME);
1539 		add_token_u8(&err, dev, OPAL_RANGESTART);
1540 		add_token_u64(&err, dev, setup->range_start);
1541 		add_token_u8(&err, dev, OPAL_ENDNAME);
1542 
1543 		add_token_u8(&err, dev, OPAL_STARTNAME);
1544 		add_token_u8(&err, dev, OPAL_RANGELENGTH);
1545 		add_token_u64(&err, dev, setup->range_length);
1546 		add_token_u8(&err, dev, OPAL_ENDNAME);
1547 
1548 		add_token_u8(&err, dev, OPAL_STARTNAME);
1549 		add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1550 		add_token_u64(&err, dev, !!setup->RLE);
1551 		add_token_u8(&err, dev, OPAL_ENDNAME);
1552 
1553 		add_token_u8(&err, dev, OPAL_STARTNAME);
1554 		add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1555 		add_token_u64(&err, dev, !!setup->WLE);
1556 		add_token_u8(&err, dev, OPAL_ENDNAME);
1557 
1558 		add_token_u8(&err, dev, OPAL_ENDLIST);
1559 		add_token_u8(&err, dev, OPAL_ENDNAME);
1560 	}
1561 	if (err) {
1562 		pr_debug("Error building Setup Locking range command.\n");
1563 		return err;
1564 	}
1565 
1566 	return finalize_and_send(dev, parse_and_check_status);
1567 }
1568 
response_get_column(const struct parsed_resp * resp,int * iter,u8 column,u64 * value)1569 static int response_get_column(const struct parsed_resp *resp,
1570 			       int *iter,
1571 			       u8 column,
1572 			       u64 *value)
1573 {
1574 	const struct opal_resp_tok *tok;
1575 	int n = *iter;
1576 	u64 val;
1577 
1578 	tok = response_get_token(resp, n);
1579 	if (IS_ERR(tok))
1580 		return PTR_ERR(tok);
1581 
1582 	if (!response_token_matches(tok, OPAL_STARTNAME)) {
1583 		pr_debug("Unexpected response token type %d.\n", n);
1584 		return OPAL_INVAL_PARAM;
1585 	}
1586 	n++;
1587 
1588 	if (response_get_u64(resp, n) != column) {
1589 		pr_debug("Token %d does not match expected column %u.\n",
1590 			 n, column);
1591 		return OPAL_INVAL_PARAM;
1592 	}
1593 	n++;
1594 
1595 	val = response_get_u64(resp, n);
1596 	n++;
1597 
1598 	tok = response_get_token(resp, n);
1599 	if (IS_ERR(tok))
1600 		return PTR_ERR(tok);
1601 
1602 	if (!response_token_matches(tok, OPAL_ENDNAME)) {
1603 		pr_debug("Unexpected response token type %d.\n", n);
1604 		return OPAL_INVAL_PARAM;
1605 	}
1606 	n++;
1607 
1608 	*value = val;
1609 	*iter = n;
1610 
1611 	return 0;
1612 }
1613 
locking_range_status(struct opal_dev * dev,void * data)1614 static int locking_range_status(struct opal_dev *dev, void *data)
1615 {
1616 	u8 lr_buffer[OPAL_UID_LENGTH];
1617 	u64 resp;
1618 	bool rlocked, wlocked;
1619 	int err, tok_n = 2;
1620 	struct opal_lr_status *lrst = data;
1621 
1622 	err = build_locking_range(lr_buffer, sizeof(lr_buffer),
1623 				  lrst->session.opal_key.lr);
1624 	if (err)
1625 		return err;
1626 
1627 	err = generic_get_columns(dev, lr_buffer, OPAL_RANGESTART,
1628 				  OPAL_WRITELOCKED);
1629 	if (err) {
1630 		pr_debug("Couldn't get lr %u table columns %d to %d.\n",
1631 			 lrst->session.opal_key.lr, OPAL_RANGESTART,
1632 			 OPAL_WRITELOCKED);
1633 		return err;
1634 	}
1635 
1636 	/* range start */
1637 	err = response_get_column(&dev->parsed, &tok_n, OPAL_RANGESTART,
1638 				  &lrst->range_start);
1639 	if (err)
1640 		return err;
1641 
1642 	/* range length */
1643 	err = response_get_column(&dev->parsed, &tok_n, OPAL_RANGELENGTH,
1644 				  &lrst->range_length);
1645 	if (err)
1646 		return err;
1647 
1648 	/* RLE */
1649 	err = response_get_column(&dev->parsed, &tok_n, OPAL_READLOCKENABLED,
1650 				  &resp);
1651 	if (err)
1652 		return err;
1653 
1654 	lrst->RLE = !!resp;
1655 
1656 	/* WLE */
1657 	err = response_get_column(&dev->parsed, &tok_n, OPAL_WRITELOCKENABLED,
1658 				  &resp);
1659 	if (err)
1660 		return err;
1661 
1662 	lrst->WLE = !!resp;
1663 
1664 	/* read locked */
1665 	err = response_get_column(&dev->parsed, &tok_n, OPAL_READLOCKED, &resp);
1666 	if (err)
1667 		return err;
1668 
1669 	rlocked = !!resp;
1670 
1671 	/* write locked */
1672 	err = response_get_column(&dev->parsed, &tok_n, OPAL_WRITELOCKED, &resp);
1673 	if (err)
1674 		return err;
1675 
1676 	wlocked = !!resp;
1677 
1678 	/* opal_lock_state can not map 'read locked' only state. */
1679 	lrst->l_state = OPAL_RW;
1680 	if (rlocked && wlocked)
1681 		lrst->l_state = OPAL_LK;
1682 	else if (wlocked)
1683 		lrst->l_state = OPAL_RO;
1684 	else if (rlocked) {
1685 		pr_debug("Can not report read locked only state.\n");
1686 		return -EINVAL;
1687 	}
1688 
1689 	return 0;
1690 }
1691 
start_generic_opal_session(struct opal_dev * dev,enum opal_uid auth,enum opal_uid sp_type,const char * key,u8 key_len)1692 static int start_generic_opal_session(struct opal_dev *dev,
1693 				      enum opal_uid auth,
1694 				      enum opal_uid sp_type,
1695 				      const char *key,
1696 				      u8 key_len)
1697 {
1698 	u32 hsn;
1699 	int err;
1700 
1701 	if (key == NULL && auth != OPAL_ANYBODY_UID)
1702 		return OPAL_INVAL_PARAM;
1703 
1704 	hsn = GENERIC_HOST_SESSION_NUM;
1705 	err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1706 			opalmethod[OPAL_STARTSESSION]);
1707 
1708 	add_token_u64(&err, dev, hsn);
1709 	add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1710 	add_token_u8(&err, dev, 1);
1711 
1712 	switch (auth) {
1713 	case OPAL_ANYBODY_UID:
1714 		break;
1715 	case OPAL_ADMIN1_UID:
1716 	case OPAL_SID_UID:
1717 	case OPAL_PSID_UID:
1718 		add_token_u8(&err, dev, OPAL_STARTNAME);
1719 		add_token_u8(&err, dev, 0); /* HostChallenge */
1720 		add_token_bytestring(&err, dev, key, key_len);
1721 		add_token_u8(&err, dev, OPAL_ENDNAME);
1722 		add_token_u8(&err, dev, OPAL_STARTNAME);
1723 		add_token_u8(&err, dev, 3); /* HostSignAuth */
1724 		add_token_bytestring(&err, dev, opaluid[auth],
1725 				     OPAL_UID_LENGTH);
1726 		add_token_u8(&err, dev, OPAL_ENDNAME);
1727 		break;
1728 	default:
1729 		pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1730 		return OPAL_INVAL_PARAM;
1731 	}
1732 
1733 	if (err) {
1734 		pr_debug("Error building start adminsp session command.\n");
1735 		return err;
1736 	}
1737 
1738 	return finalize_and_send(dev, start_opal_session_cont);
1739 }
1740 
start_anybodyASP_opal_session(struct opal_dev * dev,void * data)1741 static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1742 {
1743 	return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1744 					  OPAL_ADMINSP_UID, NULL, 0);
1745 }
1746 
start_SIDASP_opal_session(struct opal_dev * dev,void * data)1747 static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1748 {
1749 	int ret;
1750 	const u8 *key = dev->prev_data;
1751 
1752 	if (!key) {
1753 		const struct opal_key *okey = data;
1754 
1755 		ret = start_generic_opal_session(dev, OPAL_SID_UID,
1756 						 OPAL_ADMINSP_UID,
1757 						 okey->key,
1758 						 okey->key_len);
1759 	} else {
1760 		ret = start_generic_opal_session(dev, OPAL_SID_UID,
1761 						 OPAL_ADMINSP_UID,
1762 						 key, dev->prev_d_len);
1763 		kfree(key);
1764 		dev->prev_data = NULL;
1765 	}
1766 
1767 	return ret;
1768 }
1769 
start_admin1LSP_opal_session(struct opal_dev * dev,void * data)1770 static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1771 {
1772 	struct opal_key *key = data;
1773 
1774 	return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1775 					  OPAL_LOCKINGSP_UID,
1776 					  key->key, key->key_len);
1777 }
1778 
start_PSID_opal_session(struct opal_dev * dev,void * data)1779 static int start_PSID_opal_session(struct opal_dev *dev, void *data)
1780 {
1781 	const struct opal_key *okey = data;
1782 
1783 	return start_generic_opal_session(dev, OPAL_PSID_UID,
1784 					  OPAL_ADMINSP_UID,
1785 					  okey->key,
1786 					  okey->key_len);
1787 }
1788 
start_auth_opal_session(struct opal_dev * dev,void * data)1789 static int start_auth_opal_session(struct opal_dev *dev, void *data)
1790 {
1791 	struct opal_session_info *session = data;
1792 	u8 lk_ul_user[OPAL_UID_LENGTH];
1793 	size_t keylen = session->opal_key.key_len;
1794 	int err = 0;
1795 
1796 	u8 *key = session->opal_key.key;
1797 	u32 hsn = GENERIC_HOST_SESSION_NUM;
1798 
1799 	if (session->sum)
1800 		err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1801 					 session->opal_key.lr);
1802 	else if (session->who != OPAL_ADMIN1 && !session->sum)
1803 		err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1804 					 session->who - 1);
1805 	else
1806 		memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1807 
1808 	if (err)
1809 		return err;
1810 
1811 	err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1812 			opalmethod[OPAL_STARTSESSION]);
1813 
1814 	add_token_u64(&err, dev, hsn);
1815 	add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1816 			     OPAL_UID_LENGTH);
1817 	add_token_u8(&err, dev, 1);
1818 	add_token_u8(&err, dev, OPAL_STARTNAME);
1819 	add_token_u8(&err, dev, 0);
1820 	add_token_bytestring(&err, dev, key, keylen);
1821 	add_token_u8(&err, dev, OPAL_ENDNAME);
1822 	add_token_u8(&err, dev, OPAL_STARTNAME);
1823 	add_token_u8(&err, dev, 3);
1824 	add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1825 	add_token_u8(&err, dev, OPAL_ENDNAME);
1826 
1827 	if (err) {
1828 		pr_debug("Error building STARTSESSION command.\n");
1829 		return err;
1830 	}
1831 
1832 	return finalize_and_send(dev, start_opal_session_cont);
1833 }
1834 
revert_tper(struct opal_dev * dev,void * data)1835 static int revert_tper(struct opal_dev *dev, void *data)
1836 {
1837 	int err;
1838 
1839 	err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID],
1840 			opalmethod[OPAL_REVERT]);
1841 	if (err) {
1842 		pr_debug("Error building REVERT TPER command.\n");
1843 		return err;
1844 	}
1845 
1846 	return finalize_and_send(dev, parse_and_check_status);
1847 }
1848 
internal_activate_user(struct opal_dev * dev,void * data)1849 static int internal_activate_user(struct opal_dev *dev, void *data)
1850 {
1851 	struct opal_session_info *session = data;
1852 	u8 uid[OPAL_UID_LENGTH];
1853 	int err;
1854 
1855 	memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1856 	uid[7] = session->who;
1857 
1858 	err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1859 	add_token_u8(&err, dev, OPAL_STARTNAME);
1860 	add_token_u8(&err, dev, OPAL_VALUES);
1861 	add_token_u8(&err, dev, OPAL_STARTLIST);
1862 	add_token_u8(&err, dev, OPAL_STARTNAME);
1863 	add_token_u8(&err, dev, 5); /* Enabled */
1864 	add_token_u8(&err, dev, OPAL_TRUE);
1865 	add_token_u8(&err, dev, OPAL_ENDNAME);
1866 	add_token_u8(&err, dev, OPAL_ENDLIST);
1867 	add_token_u8(&err, dev, OPAL_ENDNAME);
1868 
1869 	if (err) {
1870 		pr_debug("Error building Activate UserN command.\n");
1871 		return err;
1872 	}
1873 
1874 	return finalize_and_send(dev, parse_and_check_status);
1875 }
1876 
revert_lsp(struct opal_dev * dev,void * data)1877 static int revert_lsp(struct opal_dev *dev, void *data)
1878 {
1879 	struct opal_revert_lsp *rev = data;
1880 	int err;
1881 
1882 	err = cmd_start(dev, opaluid[OPAL_THISSP_UID],
1883 			opalmethod[OPAL_REVERTSP]);
1884 	add_token_u8(&err, dev, OPAL_STARTNAME);
1885 	add_token_u64(&err, dev, OPAL_KEEP_GLOBAL_RANGE_KEY);
1886 	add_token_u8(&err, dev, (rev->options & OPAL_PRESERVE) ?
1887 			OPAL_TRUE : OPAL_FALSE);
1888 	add_token_u8(&err, dev, OPAL_ENDNAME);
1889 	if (err) {
1890 		pr_debug("Error building REVERT SP command.\n");
1891 		return err;
1892 	}
1893 
1894 	return finalize_and_send(dev, parse_and_check_status);
1895 }
1896 
erase_locking_range(struct opal_dev * dev,void * data)1897 static int erase_locking_range(struct opal_dev *dev, void *data)
1898 {
1899 	struct opal_session_info *session = data;
1900 	u8 uid[OPAL_UID_LENGTH];
1901 	int err;
1902 
1903 	if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1904 		return -ERANGE;
1905 
1906 	err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]);
1907 
1908 	if (err) {
1909 		pr_debug("Error building Erase Locking Range Command.\n");
1910 		return err;
1911 	}
1912 
1913 	return finalize_and_send(dev, parse_and_check_status);
1914 }
1915 
set_mbr_done(struct opal_dev * dev,void * data)1916 static int set_mbr_done(struct opal_dev *dev, void *data)
1917 {
1918 	u8 *mbr_done_tf = data;
1919 	int err;
1920 
1921 	err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1922 			opalmethod[OPAL_SET]);
1923 
1924 	add_token_u8(&err, dev, OPAL_STARTNAME);
1925 	add_token_u8(&err, dev, OPAL_VALUES);
1926 	add_token_u8(&err, dev, OPAL_STARTLIST);
1927 	add_token_u8(&err, dev, OPAL_STARTNAME);
1928 	add_token_u8(&err, dev, OPAL_MBRDONE);
1929 	add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */
1930 	add_token_u8(&err, dev, OPAL_ENDNAME);
1931 	add_token_u8(&err, dev, OPAL_ENDLIST);
1932 	add_token_u8(&err, dev, OPAL_ENDNAME);
1933 
1934 	if (err) {
1935 		pr_debug("Error Building set MBR Done command\n");
1936 		return err;
1937 	}
1938 
1939 	return finalize_and_send(dev, parse_and_check_status);
1940 }
1941 
set_mbr_enable_disable(struct opal_dev * dev,void * data)1942 static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1943 {
1944 	u8 *mbr_en_dis = data;
1945 	int err;
1946 
1947 	err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1948 			opalmethod[OPAL_SET]);
1949 
1950 	add_token_u8(&err, dev, OPAL_STARTNAME);
1951 	add_token_u8(&err, dev, OPAL_VALUES);
1952 	add_token_u8(&err, dev, OPAL_STARTLIST);
1953 	add_token_u8(&err, dev, OPAL_STARTNAME);
1954 	add_token_u8(&err, dev, OPAL_MBRENABLE);
1955 	add_token_u8(&err, dev, *mbr_en_dis);
1956 	add_token_u8(&err, dev, OPAL_ENDNAME);
1957 	add_token_u8(&err, dev, OPAL_ENDLIST);
1958 	add_token_u8(&err, dev, OPAL_ENDNAME);
1959 
1960 	if (err) {
1961 		pr_debug("Error Building set MBR done command\n");
1962 		return err;
1963 	}
1964 
1965 	return finalize_and_send(dev, parse_and_check_status);
1966 }
1967 
write_shadow_mbr(struct opal_dev * dev,void * data)1968 static int write_shadow_mbr(struct opal_dev *dev, void *data)
1969 {
1970 	struct opal_shadow_mbr *shadow = data;
1971 
1972 	return generic_table_write_data(dev, shadow->data, shadow->offset,
1973 					shadow->size, opaluid[OPAL_MBR]);
1974 }
1975 
generic_pw_cmd(u8 * key,size_t key_len,u8 * cpin_uid,struct opal_dev * dev)1976 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1977 			  struct opal_dev *dev)
1978 {
1979 	int err;
1980 
1981 	err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]);
1982 
1983 	add_token_u8(&err, dev, OPAL_STARTNAME);
1984 	add_token_u8(&err, dev, OPAL_VALUES);
1985 	add_token_u8(&err, dev, OPAL_STARTLIST);
1986 	add_token_u8(&err, dev, OPAL_STARTNAME);
1987 	add_token_u8(&err, dev, OPAL_PIN);
1988 	add_token_bytestring(&err, dev, key, key_len);
1989 	add_token_u8(&err, dev, OPAL_ENDNAME);
1990 	add_token_u8(&err, dev, OPAL_ENDLIST);
1991 	add_token_u8(&err, dev, OPAL_ENDNAME);
1992 
1993 	return err;
1994 }
1995 
set_new_pw(struct opal_dev * dev,void * data)1996 static int set_new_pw(struct opal_dev *dev, void *data)
1997 {
1998 	u8 cpin_uid[OPAL_UID_LENGTH];
1999 	struct opal_session_info *usr = data;
2000 
2001 	memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
2002 
2003 	if (usr->who != OPAL_ADMIN1) {
2004 		cpin_uid[5] = 0x03;
2005 		if (usr->sum)
2006 			cpin_uid[7] = usr->opal_key.lr + 1;
2007 		else
2008 			cpin_uid[7] = usr->who;
2009 	}
2010 
2011 	if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
2012 			   cpin_uid, dev)) {
2013 		pr_debug("Error building set password command.\n");
2014 		return -ERANGE;
2015 	}
2016 
2017 	return finalize_and_send(dev, parse_and_check_status);
2018 }
2019 
set_sid_cpin_pin(struct opal_dev * dev,void * data)2020 static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
2021 {
2022 	u8 cpin_uid[OPAL_UID_LENGTH];
2023 	struct opal_key *key = data;
2024 
2025 	memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
2026 
2027 	if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
2028 		pr_debug("Error building Set SID cpin\n");
2029 		return -ERANGE;
2030 	}
2031 	return finalize_and_send(dev, parse_and_check_status);
2032 }
2033 
add_authority_object_ref(int * err,struct opal_dev * dev,const u8 * uid,size_t uid_len)2034 static void add_authority_object_ref(int *err,
2035 				     struct opal_dev *dev,
2036 				     const u8 *uid,
2037 				     size_t uid_len)
2038 {
2039 	add_token_u8(err, dev, OPAL_STARTNAME);
2040 	add_token_bytestring(err, dev,
2041 			     opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
2042 			     OPAL_UID_LENGTH/2);
2043 	add_token_bytestring(err, dev, uid, uid_len);
2044 	add_token_u8(err, dev, OPAL_ENDNAME);
2045 }
2046 
add_boolean_object_ref(int * err,struct opal_dev * dev,u8 boolean_op)2047 static void add_boolean_object_ref(int *err,
2048 				   struct opal_dev *dev,
2049 				   u8 boolean_op)
2050 {
2051 	add_token_u8(err, dev, OPAL_STARTNAME);
2052 	add_token_bytestring(err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
2053 			     OPAL_UID_LENGTH/2);
2054 	add_token_u8(err, dev, boolean_op);
2055 	add_token_u8(err, dev, OPAL_ENDNAME);
2056 }
2057 
set_lr_boolean_ace(struct opal_dev * dev,unsigned int opal_uid,u8 lr,const u8 * users,size_t users_len)2058 static int set_lr_boolean_ace(struct opal_dev *dev,
2059 			      unsigned int opal_uid,
2060 			      u8 lr,
2061 			      const u8 *users,
2062 			      size_t users_len)
2063 {
2064 	u8 lr_buffer[OPAL_UID_LENGTH];
2065 	u8 user_uid[OPAL_UID_LENGTH];
2066 	u8 u;
2067 	int err;
2068 
2069 	memcpy(lr_buffer, opaluid[opal_uid], OPAL_UID_LENGTH);
2070 	lr_buffer[7] = lr;
2071 
2072 	err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
2073 
2074 	add_token_u8(&err, dev, OPAL_STARTNAME);
2075 	add_token_u8(&err, dev, OPAL_VALUES);
2076 
2077 	add_token_u8(&err, dev, OPAL_STARTLIST);
2078 	add_token_u8(&err, dev, OPAL_STARTNAME);
2079 	add_token_u8(&err, dev, 3);
2080 
2081 	add_token_u8(&err, dev, OPAL_STARTLIST);
2082 
2083 	for (u = 0; u < users_len; u++) {
2084 		if (users[u] == OPAL_ADMIN1)
2085 			memcpy(user_uid, opaluid[OPAL_ADMIN1_UID],
2086 			       OPAL_UID_LENGTH);
2087 		else {
2088 			memcpy(user_uid, opaluid[OPAL_USER1_UID],
2089 			       OPAL_UID_LENGTH);
2090 			user_uid[7] = users[u];
2091 		}
2092 
2093 		add_authority_object_ref(&err, dev, user_uid, sizeof(user_uid));
2094 
2095 		/*
2096 		 * Add boolean operator in postfix only with
2097 		 * two or more authorities being added in ACE
2098 		 * expresion.
2099 		 * */
2100 		if (u > 0)
2101 			add_boolean_object_ref(&err, dev, OPAL_BOOLEAN_OR);
2102 	}
2103 
2104 	add_token_u8(&err, dev, OPAL_ENDLIST);
2105 	add_token_u8(&err, dev, OPAL_ENDNAME);
2106 	add_token_u8(&err, dev, OPAL_ENDLIST);
2107 	add_token_u8(&err, dev, OPAL_ENDNAME);
2108 
2109 	return err;
2110 }
2111 
add_user_to_lr(struct opal_dev * dev,void * data)2112 static int add_user_to_lr(struct opal_dev *dev, void *data)
2113 {
2114 	int err;
2115 	struct opal_lock_unlock *lkul = data;
2116 	const u8 users[] = {
2117 		lkul->session.who
2118 	};
2119 
2120 	err = set_lr_boolean_ace(dev,
2121 				 lkul->l_state == OPAL_RW ?
2122 					OPAL_LOCKINGRANGE_ACE_WRLOCKED :
2123 					OPAL_LOCKINGRANGE_ACE_RDLOCKED,
2124 				 lkul->session.opal_key.lr, users,
2125 				 ARRAY_SIZE(users));
2126 	if (err) {
2127 		pr_debug("Error building add user to locking range command.\n");
2128 		return err;
2129 	}
2130 
2131 	return finalize_and_send(dev, parse_and_check_status);
2132 }
2133 
add_user_to_lr_ace(struct opal_dev * dev,void * data)2134 static int add_user_to_lr_ace(struct opal_dev *dev, void *data)
2135 {
2136 	int err;
2137 	struct opal_lock_unlock *lkul = data;
2138 	const u8 users[] = {
2139 		OPAL_ADMIN1,
2140 		lkul->session.who
2141 	};
2142 
2143 	err = set_lr_boolean_ace(dev, OPAL_LOCKINGRANGE_ACE_START_TO_KEY,
2144 				 lkul->session.opal_key.lr, users,
2145 				 ARRAY_SIZE(users));
2146 
2147 	if (err) {
2148 		pr_debug("Error building add user to locking ranges ACEs.\n");
2149 		return err;
2150 	}
2151 
2152 	return finalize_and_send(dev, parse_and_check_status);
2153 }
2154 
lock_unlock_locking_range(struct opal_dev * dev,void * data)2155 static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
2156 {
2157 	u8 lr_buffer[OPAL_UID_LENGTH];
2158 	struct opal_lock_unlock *lkul = data;
2159 	u8 read_locked = 1, write_locked = 1;
2160 	int err;
2161 
2162 	if (build_locking_range(lr_buffer, sizeof(lr_buffer),
2163 				lkul->session.opal_key.lr) < 0)
2164 		return -ERANGE;
2165 
2166 	switch (lkul->l_state) {
2167 	case OPAL_RO:
2168 		read_locked = 0;
2169 		write_locked = 1;
2170 		break;
2171 	case OPAL_RW:
2172 		read_locked = 0;
2173 		write_locked = 0;
2174 		break;
2175 	case OPAL_LK:
2176 		/* vars are initialized to locked */
2177 		break;
2178 	default:
2179 		pr_debug("Tried to set an invalid locking state... returning to uland\n");
2180 		return OPAL_INVAL_PARAM;
2181 	}
2182 
2183 	err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
2184 
2185 	add_token_u8(&err, dev, OPAL_STARTNAME);
2186 	add_token_u8(&err, dev, OPAL_VALUES);
2187 	add_token_u8(&err, dev, OPAL_STARTLIST);
2188 
2189 	add_token_u8(&err, dev, OPAL_STARTNAME);
2190 	add_token_u8(&err, dev, OPAL_READLOCKED);
2191 	add_token_u8(&err, dev, read_locked);
2192 	add_token_u8(&err, dev, OPAL_ENDNAME);
2193 
2194 	add_token_u8(&err, dev, OPAL_STARTNAME);
2195 	add_token_u8(&err, dev, OPAL_WRITELOCKED);
2196 	add_token_u8(&err, dev, write_locked);
2197 	add_token_u8(&err, dev, OPAL_ENDNAME);
2198 
2199 	add_token_u8(&err, dev, OPAL_ENDLIST);
2200 	add_token_u8(&err, dev, OPAL_ENDNAME);
2201 
2202 	if (err) {
2203 		pr_debug("Error building SET command.\n");
2204 		return err;
2205 	}
2206 
2207 	return finalize_and_send(dev, parse_and_check_status);
2208 }
2209 
2210 
lock_unlock_locking_range_sum(struct opal_dev * dev,void * data)2211 static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
2212 {
2213 	u8 lr_buffer[OPAL_UID_LENGTH];
2214 	u8 read_locked = 1, write_locked = 1;
2215 	struct opal_lock_unlock *lkul = data;
2216 	int ret;
2217 
2218 	clear_opal_cmd(dev);
2219 	set_comid(dev, dev->comid);
2220 
2221 	if (build_locking_range(lr_buffer, sizeof(lr_buffer),
2222 				lkul->session.opal_key.lr) < 0)
2223 		return -ERANGE;
2224 
2225 	switch (lkul->l_state) {
2226 	case OPAL_RO:
2227 		read_locked = 0;
2228 		write_locked = 1;
2229 		break;
2230 	case OPAL_RW:
2231 		read_locked = 0;
2232 		write_locked = 0;
2233 		break;
2234 	case OPAL_LK:
2235 		/* vars are initialized to locked */
2236 		break;
2237 	default:
2238 		pr_debug("Tried to set an invalid locking state.\n");
2239 		return OPAL_INVAL_PARAM;
2240 	}
2241 	ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
2242 					read_locked, write_locked);
2243 
2244 	if (ret < 0) {
2245 		pr_debug("Error building SET command.\n");
2246 		return ret;
2247 	}
2248 
2249 	return finalize_and_send(dev, parse_and_check_status);
2250 }
2251 
activate_lsp(struct opal_dev * dev,void * data)2252 static int activate_lsp(struct opal_dev *dev, void *data)
2253 {
2254 	struct opal_lr_act *opal_act = data;
2255 	u8 user_lr[OPAL_UID_LENGTH];
2256 	int err, i;
2257 
2258 	err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID],
2259 			opalmethod[OPAL_ACTIVATE]);
2260 
2261 	if (opal_act->sum) {
2262 		err = build_locking_range(user_lr, sizeof(user_lr),
2263 					  opal_act->lr[0]);
2264 		if (err)
2265 			return err;
2266 
2267 		add_token_u8(&err, dev, OPAL_STARTNAME);
2268 		add_token_u64(&err, dev, OPAL_SUM_SET_LIST);
2269 
2270 		add_token_u8(&err, dev, OPAL_STARTLIST);
2271 		add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
2272 		for (i = 1; i < opal_act->num_lrs; i++) {
2273 			user_lr[7] = opal_act->lr[i];
2274 			add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
2275 		}
2276 		add_token_u8(&err, dev, OPAL_ENDLIST);
2277 		add_token_u8(&err, dev, OPAL_ENDNAME);
2278 	}
2279 
2280 	if (err) {
2281 		pr_debug("Error building Activate LockingSP command.\n");
2282 		return err;
2283 	}
2284 
2285 	return finalize_and_send(dev, parse_and_check_status);
2286 }
2287 
2288 /* Determine if we're in the Manufactured Inactive or Active state */
get_lsp_lifecycle(struct opal_dev * dev,void * data)2289 static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
2290 {
2291 	u8 lc_status;
2292 	int err;
2293 
2294 	err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID],
2295 				 OPAL_LIFECYCLE);
2296 	if (err)
2297 		return err;
2298 
2299 	lc_status = response_get_u64(&dev->parsed, 4);
2300 	/* 0x08 is Manufactured Inactive */
2301 	/* 0x09 is Manufactured */
2302 	if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
2303 		pr_debug("Couldn't determine the status of the Lifecycle state\n");
2304 		return -ENODEV;
2305 	}
2306 
2307 	return 0;
2308 }
2309 
get_msid_cpin_pin(struct opal_dev * dev,void * data)2310 static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
2311 {
2312 	const char *msid_pin;
2313 	size_t strlen;
2314 	int err;
2315 
2316 	err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN);
2317 	if (err)
2318 		return err;
2319 
2320 	strlen = response_get_string(&dev->parsed, 4, &msid_pin);
2321 	if (!msid_pin) {
2322 		pr_debug("Couldn't extract MSID_CPIN from response\n");
2323 		return OPAL_INVAL_PARAM;
2324 	}
2325 
2326 	dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
2327 	if (!dev->prev_data)
2328 		return -ENOMEM;
2329 
2330 	dev->prev_d_len = strlen;
2331 
2332 	return 0;
2333 }
2334 
write_table_data(struct opal_dev * dev,void * data)2335 static int write_table_data(struct opal_dev *dev, void *data)
2336 {
2337 	struct opal_read_write_table *write_tbl = data;
2338 
2339 	return generic_table_write_data(dev, write_tbl->data, write_tbl->offset,
2340 					write_tbl->size, write_tbl->table_uid);
2341 }
2342 
read_table_data_cont(struct opal_dev * dev)2343 static int read_table_data_cont(struct opal_dev *dev)
2344 {
2345 	int err;
2346 	const char *data_read;
2347 
2348 	err = parse_and_check_status(dev);
2349 	if (err)
2350 		return err;
2351 
2352 	dev->prev_d_len = response_get_string(&dev->parsed, 1, &data_read);
2353 	dev->prev_data = (void *)data_read;
2354 	if (!dev->prev_data) {
2355 		pr_debug("%s: Couldn't read data from the table.\n", __func__);
2356 		return OPAL_INVAL_PARAM;
2357 	}
2358 
2359 	return 0;
2360 }
2361 
2362 /*
2363  * IO_BUFFER_LENGTH = 2048
2364  * sizeof(header) = 56
2365  * No. of Token Bytes in the Response = 11
2366  * MAX size of data that can be carried in response buffer
2367  * at a time is : 2048 - (56 + 11) = 1981 = 0x7BD.
2368  */
2369 #define OPAL_MAX_READ_TABLE (0x7BD)
2370 
read_table_data(struct opal_dev * dev,void * data)2371 static int read_table_data(struct opal_dev *dev, void *data)
2372 {
2373 	struct opal_read_write_table *read_tbl = data;
2374 	int err;
2375 	size_t off = 0, max_read_size = OPAL_MAX_READ_TABLE;
2376 	u64 table_len, len;
2377 	u64 offset = read_tbl->offset, read_size = read_tbl->size - 1;
2378 	u8 __user *dst;
2379 
2380 	err = generic_get_table_info(dev, read_tbl->table_uid, OPAL_TABLE_ROWS);
2381 	if (err) {
2382 		pr_debug("Couldn't get the table size\n");
2383 		return err;
2384 	}
2385 
2386 	table_len = response_get_u64(&dev->parsed, 4);
2387 
2388 	/* Check if the user is trying to read from the table limits */
2389 	if (read_size > table_len || offset > table_len - read_size) {
2390 		pr_debug("Read size exceeds the Table size limits (%llu vs. %llu)\n",
2391 			  offset + read_size, table_len);
2392 		return -EINVAL;
2393 	}
2394 
2395 	while (off < read_size) {
2396 		err = cmd_start(dev, read_tbl->table_uid, opalmethod[OPAL_GET]);
2397 
2398 		add_token_u8(&err, dev, OPAL_STARTLIST);
2399 		add_token_u8(&err, dev, OPAL_STARTNAME);
2400 		add_token_u8(&err, dev, OPAL_STARTROW);
2401 		add_token_u64(&err, dev, offset + off); /* start row value */
2402 		add_token_u8(&err, dev, OPAL_ENDNAME);
2403 
2404 		add_token_u8(&err, dev, OPAL_STARTNAME);
2405 		add_token_u8(&err, dev, OPAL_ENDROW);
2406 
2407 		len = min(max_read_size, (size_t)(read_size - off));
2408 		add_token_u64(&err, dev, offset + off + len); /* end row value
2409 							       */
2410 		add_token_u8(&err, dev, OPAL_ENDNAME);
2411 		add_token_u8(&err, dev, OPAL_ENDLIST);
2412 
2413 		if (err) {
2414 			pr_debug("Error building read table data command.\n");
2415 			break;
2416 		}
2417 
2418 		err = finalize_and_send(dev, read_table_data_cont);
2419 		if (err)
2420 			break;
2421 
2422 		/* len+1: This includes the NULL terminator at the end*/
2423 		if (dev->prev_d_len > len + 1) {
2424 			err = -EOVERFLOW;
2425 			break;
2426 		}
2427 
2428 		dst = (u8 __user *)(uintptr_t)read_tbl->data;
2429 		if (copy_to_user(dst + off, dev->prev_data, dev->prev_d_len)) {
2430 			pr_debug("Error copying data to userspace\n");
2431 			err = -EFAULT;
2432 			break;
2433 		}
2434 		dev->prev_data = NULL;
2435 
2436 		off += len;
2437 	}
2438 
2439 	return err;
2440 }
2441 
end_opal_session(struct opal_dev * dev,void * data)2442 static int end_opal_session(struct opal_dev *dev, void *data)
2443 {
2444 	int err = 0;
2445 
2446 	clear_opal_cmd(dev);
2447 	set_comid(dev, dev->comid);
2448 	add_token_u8(&err, dev, OPAL_ENDOFSESSION);
2449 
2450 	if (err < 0)
2451 		return err;
2452 
2453 	return finalize_and_send(dev, end_session_cont);
2454 }
2455 
end_opal_session_error(struct opal_dev * dev)2456 static int end_opal_session_error(struct opal_dev *dev)
2457 {
2458 	const struct opal_step error_end_session = {
2459 		end_opal_session,
2460 	};
2461 
2462 	return execute_step(dev, &error_end_session, 0);
2463 }
2464 
setup_opal_dev(struct opal_dev * dev)2465 static inline void setup_opal_dev(struct opal_dev *dev)
2466 {
2467 	dev->tsn = 0;
2468 	dev->hsn = 0;
2469 	dev->prev_data = NULL;
2470 }
2471 
check_opal_support(struct opal_dev * dev)2472 static int check_opal_support(struct opal_dev *dev)
2473 {
2474 	int ret;
2475 
2476 	mutex_lock(&dev->dev_lock);
2477 	setup_opal_dev(dev);
2478 	ret = opal_discovery0_step(dev);
2479 	if (!ret)
2480 		dev->flags |= OPAL_FL_SUPPORTED;
2481 	mutex_unlock(&dev->dev_lock);
2482 
2483 	return ret;
2484 }
2485 
clean_opal_dev(struct opal_dev * dev)2486 static void clean_opal_dev(struct opal_dev *dev)
2487 {
2488 
2489 	struct opal_suspend_data *suspend, *next;
2490 
2491 	mutex_lock(&dev->dev_lock);
2492 	list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
2493 		list_del(&suspend->node);
2494 		kfree(suspend);
2495 	}
2496 	mutex_unlock(&dev->dev_lock);
2497 }
2498 
free_opal_dev(struct opal_dev * dev)2499 void free_opal_dev(struct opal_dev *dev)
2500 {
2501 	if (!dev)
2502 		return;
2503 
2504 	clean_opal_dev(dev);
2505 	kfree(dev->resp);
2506 	kfree(dev->cmd);
2507 	kfree(dev);
2508 }
2509 EXPORT_SYMBOL(free_opal_dev);
2510 
init_opal_dev(void * data,sec_send_recv * send_recv)2511 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2512 {
2513 	struct opal_dev *dev;
2514 
2515 	dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2516 	if (!dev)
2517 		return NULL;
2518 
2519 	/*
2520 	 * Presumably DMA-able buffers must be cache-aligned. Kmalloc makes
2521 	 * sure the allocated buffer is DMA-safe in that regard.
2522 	 */
2523 	dev->cmd = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2524 	if (!dev->cmd)
2525 		goto err_free_dev;
2526 
2527 	dev->resp = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2528 	if (!dev->resp)
2529 		goto err_free_cmd;
2530 
2531 	INIT_LIST_HEAD(&dev->unlk_lst);
2532 	mutex_init(&dev->dev_lock);
2533 	dev->flags = 0;
2534 	dev->data = data;
2535 	dev->send_recv = send_recv;
2536 	if (check_opal_support(dev) != 0) {
2537 		pr_debug("Opal is not supported on this device\n");
2538 		goto err_free_resp;
2539 	}
2540 
2541 	return dev;
2542 
2543 err_free_resp:
2544 	kfree(dev->resp);
2545 
2546 err_free_cmd:
2547 	kfree(dev->cmd);
2548 
2549 err_free_dev:
2550 	kfree(dev);
2551 
2552 	return NULL;
2553 }
2554 EXPORT_SYMBOL(init_opal_dev);
2555 
opal_secure_erase_locking_range(struct opal_dev * dev,struct opal_session_info * opal_session)2556 static int opal_secure_erase_locking_range(struct opal_dev *dev,
2557 					   struct opal_session_info *opal_session)
2558 {
2559 	const struct opal_step erase_steps[] = {
2560 		{ start_auth_opal_session, opal_session },
2561 		{ get_active_key, &opal_session->opal_key.lr },
2562 		{ gen_key, },
2563 		{ end_opal_session, }
2564 	};
2565 	int ret;
2566 
2567 	ret = opal_get_key(dev, &opal_session->opal_key);
2568 	if (ret)
2569 		return ret;
2570 	mutex_lock(&dev->dev_lock);
2571 	setup_opal_dev(dev);
2572 	ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2573 	mutex_unlock(&dev->dev_lock);
2574 
2575 	return ret;
2576 }
2577 
opal_get_discv(struct opal_dev * dev,struct opal_discovery * discv)2578 static int opal_get_discv(struct opal_dev *dev, struct opal_discovery *discv)
2579 {
2580 	const struct opal_step discovery0_step = {
2581 		opal_discovery0, discv
2582 	};
2583 	int ret;
2584 
2585 	mutex_lock(&dev->dev_lock);
2586 	setup_opal_dev(dev);
2587 	ret = execute_step(dev, &discovery0_step, 0);
2588 	mutex_unlock(&dev->dev_lock);
2589 	if (ret)
2590 		return ret;
2591 	return discv->size; /* modified to actual length of data */
2592 }
2593 
opal_revertlsp(struct opal_dev * dev,struct opal_revert_lsp * rev)2594 static int opal_revertlsp(struct opal_dev *dev, struct opal_revert_lsp *rev)
2595 {
2596 	/* controller will terminate session */
2597 	const struct opal_step steps[] = {
2598 		{ start_admin1LSP_opal_session, &rev->key },
2599 		{ revert_lsp, rev }
2600 	};
2601 	int ret;
2602 
2603 	ret = opal_get_key(dev, &rev->key);
2604 	if (ret)
2605 		return ret;
2606 	mutex_lock(&dev->dev_lock);
2607 	setup_opal_dev(dev);
2608 	ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2609 	mutex_unlock(&dev->dev_lock);
2610 
2611 	return ret;
2612 }
2613 
opal_erase_locking_range(struct opal_dev * dev,struct opal_session_info * opal_session)2614 static int opal_erase_locking_range(struct opal_dev *dev,
2615 				    struct opal_session_info *opal_session)
2616 {
2617 	const struct opal_step erase_steps[] = {
2618 		{ start_auth_opal_session, opal_session },
2619 		{ erase_locking_range, opal_session },
2620 		{ end_opal_session, }
2621 	};
2622 	int ret;
2623 
2624 	ret = opal_get_key(dev, &opal_session->opal_key);
2625 	if (ret)
2626 		return ret;
2627 	mutex_lock(&dev->dev_lock);
2628 	setup_opal_dev(dev);
2629 	ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2630 	mutex_unlock(&dev->dev_lock);
2631 
2632 	return ret;
2633 }
2634 
opal_enable_disable_shadow_mbr(struct opal_dev * dev,struct opal_mbr_data * opal_mbr)2635 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2636 					  struct opal_mbr_data *opal_mbr)
2637 {
2638 	u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ?
2639 		OPAL_TRUE : OPAL_FALSE;
2640 
2641 	const struct opal_step mbr_steps[] = {
2642 		{ start_admin1LSP_opal_session, &opal_mbr->key },
2643 		{ set_mbr_done, &enable_disable },
2644 		{ end_opal_session, },
2645 		{ start_admin1LSP_opal_session, &opal_mbr->key },
2646 		{ set_mbr_enable_disable, &enable_disable },
2647 		{ end_opal_session, }
2648 	};
2649 	int ret;
2650 
2651 	if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2652 	    opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2653 		return -EINVAL;
2654 
2655 	ret = opal_get_key(dev, &opal_mbr->key);
2656 	if (ret)
2657 		return ret;
2658 	mutex_lock(&dev->dev_lock);
2659 	setup_opal_dev(dev);
2660 	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2661 	mutex_unlock(&dev->dev_lock);
2662 
2663 	return ret;
2664 }
2665 
opal_set_mbr_done(struct opal_dev * dev,struct opal_mbr_done * mbr_done)2666 static int opal_set_mbr_done(struct opal_dev *dev,
2667 			     struct opal_mbr_done *mbr_done)
2668 {
2669 	u8 mbr_done_tf = mbr_done->done_flag == OPAL_MBR_DONE ?
2670 		OPAL_TRUE : OPAL_FALSE;
2671 
2672 	const struct opal_step mbr_steps[] = {
2673 		{ start_admin1LSP_opal_session, &mbr_done->key },
2674 		{ set_mbr_done, &mbr_done_tf },
2675 		{ end_opal_session, }
2676 	};
2677 	int ret;
2678 
2679 	if (mbr_done->done_flag != OPAL_MBR_DONE &&
2680 	    mbr_done->done_flag != OPAL_MBR_NOT_DONE)
2681 		return -EINVAL;
2682 
2683 	ret = opal_get_key(dev, &mbr_done->key);
2684 	if (ret)
2685 		return ret;
2686 	mutex_lock(&dev->dev_lock);
2687 	setup_opal_dev(dev);
2688 	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2689 	mutex_unlock(&dev->dev_lock);
2690 
2691 	return ret;
2692 }
2693 
opal_write_shadow_mbr(struct opal_dev * dev,struct opal_shadow_mbr * info)2694 static int opal_write_shadow_mbr(struct opal_dev *dev,
2695 				 struct opal_shadow_mbr *info)
2696 {
2697 	const struct opal_step mbr_steps[] = {
2698 		{ start_admin1LSP_opal_session, &info->key },
2699 		{ write_shadow_mbr, info },
2700 		{ end_opal_session, }
2701 	};
2702 	int ret;
2703 
2704 	if (info->size == 0)
2705 		return 0;
2706 
2707 	ret = opal_get_key(dev, &info->key);
2708 	if (ret)
2709 		return ret;
2710 	mutex_lock(&dev->dev_lock);
2711 	setup_opal_dev(dev);
2712 	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2713 	mutex_unlock(&dev->dev_lock);
2714 
2715 	return ret;
2716 }
2717 
opal_save(struct opal_dev * dev,struct opal_lock_unlock * lk_unlk)2718 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2719 {
2720 	struct opal_suspend_data *suspend;
2721 
2722 	suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2723 	if (!suspend)
2724 		return -ENOMEM;
2725 
2726 	suspend->unlk = *lk_unlk;
2727 	suspend->lr = lk_unlk->session.opal_key.lr;
2728 
2729 	mutex_lock(&dev->dev_lock);
2730 	setup_opal_dev(dev);
2731 	add_suspend_info(dev, suspend);
2732 	mutex_unlock(&dev->dev_lock);
2733 
2734 	return 0;
2735 }
2736 
opal_add_user_to_lr(struct opal_dev * dev,struct opal_lock_unlock * lk_unlk)2737 static int opal_add_user_to_lr(struct opal_dev *dev,
2738 			       struct opal_lock_unlock *lk_unlk)
2739 {
2740 	const struct opal_step steps[] = {
2741 		{ start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2742 		{ add_user_to_lr, lk_unlk },
2743 		{ add_user_to_lr_ace, lk_unlk },
2744 		{ end_opal_session, }
2745 	};
2746 	int ret;
2747 
2748 	if (lk_unlk->l_state != OPAL_RO &&
2749 	    lk_unlk->l_state != OPAL_RW) {
2750 		pr_debug("Locking state was not RO or RW\n");
2751 		return -EINVAL;
2752 	}
2753 
2754 	if (lk_unlk->session.who < OPAL_USER1 ||
2755 	    lk_unlk->session.who > OPAL_USER9) {
2756 		pr_debug("Authority was not within the range of users: %d\n",
2757 			 lk_unlk->session.who);
2758 		return -EINVAL;
2759 	}
2760 
2761 	if (lk_unlk->session.sum) {
2762 		pr_debug("%s not supported in sum. Use setup locking range\n",
2763 			 __func__);
2764 		return -EINVAL;
2765 	}
2766 
2767 	ret = opal_get_key(dev, &lk_unlk->session.opal_key);
2768 	if (ret)
2769 		return ret;
2770 	mutex_lock(&dev->dev_lock);
2771 	setup_opal_dev(dev);
2772 	ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2773 	mutex_unlock(&dev->dev_lock);
2774 
2775 	return ret;
2776 }
2777 
opal_reverttper(struct opal_dev * dev,struct opal_key * opal,bool psid)2778 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psid)
2779 {
2780 	/* controller will terminate session */
2781 	const struct opal_step revert_steps[] = {
2782 		{ start_SIDASP_opal_session, opal },
2783 		{ revert_tper, }
2784 	};
2785 	const struct opal_step psid_revert_steps[] = {
2786 		{ start_PSID_opal_session, opal },
2787 		{ revert_tper, }
2788 	};
2789 
2790 	int ret;
2791 
2792 	ret = opal_get_key(dev, opal);
2793 
2794 	if (ret)
2795 		return ret;
2796 	mutex_lock(&dev->dev_lock);
2797 	setup_opal_dev(dev);
2798 	if (psid)
2799 		ret = execute_steps(dev, psid_revert_steps,
2800 				    ARRAY_SIZE(psid_revert_steps));
2801 	else
2802 		ret = execute_steps(dev, revert_steps,
2803 				    ARRAY_SIZE(revert_steps));
2804 	mutex_unlock(&dev->dev_lock);
2805 
2806 	/*
2807 	 * If we successfully reverted lets clean
2808 	 * any saved locking ranges.
2809 	 */
2810 	if (!ret)
2811 		clean_opal_dev(dev);
2812 
2813 	return ret;
2814 }
2815 
__opal_lock_unlock(struct opal_dev * dev,struct opal_lock_unlock * lk_unlk)2816 static int __opal_lock_unlock(struct opal_dev *dev,
2817 			      struct opal_lock_unlock *lk_unlk)
2818 {
2819 	const struct opal_step unlock_steps[] = {
2820 		{ start_auth_opal_session, &lk_unlk->session },
2821 		{ lock_unlock_locking_range, lk_unlk },
2822 		{ end_opal_session, }
2823 	};
2824 	const struct opal_step unlock_sum_steps[] = {
2825 		{ start_auth_opal_session, &lk_unlk->session },
2826 		{ lock_unlock_locking_range_sum, lk_unlk },
2827 		{ end_opal_session, }
2828 	};
2829 
2830 	if (lk_unlk->session.sum)
2831 		return execute_steps(dev, unlock_sum_steps,
2832 				     ARRAY_SIZE(unlock_sum_steps));
2833 	else
2834 		return execute_steps(dev, unlock_steps,
2835 				     ARRAY_SIZE(unlock_steps));
2836 }
2837 
__opal_set_mbr_done(struct opal_dev * dev,struct opal_key * key)2838 static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2839 {
2840 	u8 mbr_done_tf = OPAL_TRUE;
2841 	const struct opal_step mbrdone_step[] = {
2842 		{ start_admin1LSP_opal_session, key },
2843 		{ set_mbr_done, &mbr_done_tf },
2844 		{ end_opal_session, }
2845 	};
2846 
2847 	return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step));
2848 }
2849 
opal_lock_check_for_saved_key(struct opal_dev * dev,struct opal_lock_unlock * lk_unlk)2850 static void opal_lock_check_for_saved_key(struct opal_dev *dev,
2851 			    struct opal_lock_unlock *lk_unlk)
2852 {
2853 	struct opal_suspend_data *iter;
2854 
2855 	if (lk_unlk->l_state != OPAL_LK ||
2856 			lk_unlk->session.opal_key.key_len > 0)
2857 		return;
2858 
2859 	/*
2860 	 * Usually when closing a crypto device (eg: dm-crypt with LUKS) the
2861 	 * volume key is not required, as it requires root privileges anyway,
2862 	 * and root can deny access to a disk in many ways regardless.
2863 	 * Requiring the volume key to lock the device is a peculiarity of the
2864 	 * OPAL specification. Given we might already have saved the key if
2865 	 * the user requested it via the 'IOC_OPAL_SAVE' ioctl, we can use
2866 	 * that key to lock the device if no key was provided here, the
2867 	 * locking range matches and the appropriate flag was passed with
2868 	 * 'IOC_OPAL_SAVE'.
2869 	 * This allows integrating OPAL with tools and libraries that are used
2870 	 * to the common behaviour and do not ask for the volume key when
2871 	 * closing a device.
2872 	 */
2873 	setup_opal_dev(dev);
2874 	list_for_each_entry(iter, &dev->unlk_lst, node) {
2875 		if ((iter->unlk.flags & OPAL_SAVE_FOR_LOCK) &&
2876 				iter->lr == lk_unlk->session.opal_key.lr &&
2877 				iter->unlk.session.opal_key.key_len > 0) {
2878 			lk_unlk->session.opal_key.key_len =
2879 				iter->unlk.session.opal_key.key_len;
2880 			memcpy(lk_unlk->session.opal_key.key,
2881 				iter->unlk.session.opal_key.key,
2882 				iter->unlk.session.opal_key.key_len);
2883 			break;
2884 		}
2885 	}
2886 }
2887 
opal_lock_unlock(struct opal_dev * dev,struct opal_lock_unlock * lk_unlk)2888 static int opal_lock_unlock(struct opal_dev *dev,
2889 			    struct opal_lock_unlock *lk_unlk)
2890 {
2891 	int ret;
2892 
2893 	if (lk_unlk->session.who > OPAL_USER9)
2894 		return -EINVAL;
2895 
2896 	mutex_lock(&dev->dev_lock);
2897 	opal_lock_check_for_saved_key(dev, lk_unlk);
2898 	ret = opal_get_key(dev, &lk_unlk->session.opal_key);
2899 	if (!ret)
2900 		ret = __opal_lock_unlock(dev, lk_unlk);
2901 	mutex_unlock(&dev->dev_lock);
2902 
2903 	return ret;
2904 }
2905 
opal_take_ownership(struct opal_dev * dev,struct opal_key * opal)2906 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2907 {
2908 	const struct opal_step owner_steps[] = {
2909 		{ start_anybodyASP_opal_session, },
2910 		{ get_msid_cpin_pin, },
2911 		{ end_opal_session, },
2912 		{ start_SIDASP_opal_session, opal },
2913 		{ set_sid_cpin_pin, opal },
2914 		{ end_opal_session, }
2915 	};
2916 	int ret;
2917 
2918 	if (!dev)
2919 		return -ENODEV;
2920 
2921 	ret = opal_get_key(dev, opal);
2922 	if (ret)
2923 		return ret;
2924 	mutex_lock(&dev->dev_lock);
2925 	setup_opal_dev(dev);
2926 	ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
2927 	mutex_unlock(&dev->dev_lock);
2928 
2929 	return ret;
2930 }
2931 
opal_activate_lsp(struct opal_dev * dev,struct opal_lr_act * opal_lr_act)2932 static int opal_activate_lsp(struct opal_dev *dev,
2933 			     struct opal_lr_act *opal_lr_act)
2934 {
2935 	const struct opal_step active_steps[] = {
2936 		{ start_SIDASP_opal_session, &opal_lr_act->key },
2937 		{ get_lsp_lifecycle, },
2938 		{ activate_lsp, opal_lr_act },
2939 		{ end_opal_session, }
2940 	};
2941 	int ret;
2942 
2943 	if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2944 		return -EINVAL;
2945 
2946 	ret = opal_get_key(dev, &opal_lr_act->key);
2947 	if (ret)
2948 		return ret;
2949 	mutex_lock(&dev->dev_lock);
2950 	setup_opal_dev(dev);
2951 	ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
2952 	mutex_unlock(&dev->dev_lock);
2953 
2954 	return ret;
2955 }
2956 
opal_setup_locking_range(struct opal_dev * dev,struct opal_user_lr_setup * opal_lrs)2957 static int opal_setup_locking_range(struct opal_dev *dev,
2958 				    struct opal_user_lr_setup *opal_lrs)
2959 {
2960 	const struct opal_step lr_steps[] = {
2961 		{ start_auth_opal_session, &opal_lrs->session },
2962 		{ setup_locking_range, opal_lrs },
2963 		{ end_opal_session, }
2964 	};
2965 	int ret;
2966 
2967 	ret = opal_get_key(dev, &opal_lrs->session.opal_key);
2968 	if (ret)
2969 		return ret;
2970 	mutex_lock(&dev->dev_lock);
2971 	setup_opal_dev(dev);
2972 	ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2973 	mutex_unlock(&dev->dev_lock);
2974 
2975 	return ret;
2976 }
2977 
opal_locking_range_status(struct opal_dev * dev,struct opal_lr_status * opal_lrst,void __user * data)2978 static int opal_locking_range_status(struct opal_dev *dev,
2979 			  struct opal_lr_status *opal_lrst,
2980 			  void __user *data)
2981 {
2982 	const struct opal_step lr_steps[] = {
2983 		{ start_auth_opal_session, &opal_lrst->session },
2984 		{ locking_range_status, opal_lrst },
2985 		{ end_opal_session, }
2986 	};
2987 	int ret;
2988 
2989 	mutex_lock(&dev->dev_lock);
2990 	setup_opal_dev(dev);
2991 	ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2992 	mutex_unlock(&dev->dev_lock);
2993 
2994 	/* skip session info when copying back to uspace */
2995 	if (!ret && copy_to_user(data + offsetof(struct opal_lr_status, range_start),
2996 				(void *)opal_lrst + offsetof(struct opal_lr_status, range_start),
2997 				sizeof(*opal_lrst) - offsetof(struct opal_lr_status, range_start))) {
2998 		pr_debug("Error copying status to userspace\n");
2999 		return -EFAULT;
3000 	}
3001 
3002 	return ret;
3003 }
3004 
opal_set_new_pw(struct opal_dev * dev,struct opal_new_pw * opal_pw)3005 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
3006 {
3007 	const struct opal_step pw_steps[] = {
3008 		{ start_auth_opal_session, &opal_pw->session },
3009 		{ set_new_pw, &opal_pw->new_user_pw },
3010 		{ end_opal_session, }
3011 	};
3012 	int ret;
3013 
3014 	if (opal_pw->session.who > OPAL_USER9  ||
3015 	    opal_pw->new_user_pw.who > OPAL_USER9)
3016 		return -EINVAL;
3017 
3018 	mutex_lock(&dev->dev_lock);
3019 	setup_opal_dev(dev);
3020 	ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
3021 	mutex_unlock(&dev->dev_lock);
3022 
3023 	if (ret)
3024 		return ret;
3025 
3026 	/* update keyring and key store with new password */
3027 	ret = sed_write_key(OPAL_AUTH_KEY,
3028 			    opal_pw->new_user_pw.opal_key.key,
3029 			    opal_pw->new_user_pw.opal_key.key_len);
3030 	if (ret != -EOPNOTSUPP)
3031 		pr_warn("error updating SED key: %d\n", ret);
3032 
3033 	ret = update_sed_opal_key(OPAL_AUTH_KEY,
3034 				  opal_pw->new_user_pw.opal_key.key,
3035 				  opal_pw->new_user_pw.opal_key.key_len);
3036 
3037 	return ret;
3038 }
3039 
opal_activate_user(struct opal_dev * dev,struct opal_session_info * opal_session)3040 static int opal_activate_user(struct opal_dev *dev,
3041 			      struct opal_session_info *opal_session)
3042 {
3043 	const struct opal_step act_steps[] = {
3044 		{ start_admin1LSP_opal_session, &opal_session->opal_key },
3045 		{ internal_activate_user, opal_session },
3046 		{ end_opal_session, }
3047 	};
3048 	int ret;
3049 
3050 	/* We can't activate Admin1 it's active as manufactured */
3051 	if (opal_session->who < OPAL_USER1 ||
3052 	    opal_session->who > OPAL_USER9) {
3053 		pr_debug("Who was not a valid user: %d\n", opal_session->who);
3054 		return -EINVAL;
3055 	}
3056 
3057 	ret = opal_get_key(dev, &opal_session->opal_key);
3058 	if (ret)
3059 		return ret;
3060 	mutex_lock(&dev->dev_lock);
3061 	setup_opal_dev(dev);
3062 	ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
3063 	mutex_unlock(&dev->dev_lock);
3064 
3065 	return ret;
3066 }
3067 
opal_unlock_from_suspend(struct opal_dev * dev)3068 bool opal_unlock_from_suspend(struct opal_dev *dev)
3069 {
3070 	struct opal_suspend_data *suspend;
3071 	bool was_failure = false;
3072 	int ret;
3073 
3074 	if (!dev)
3075 		return false;
3076 
3077 	if (!(dev->flags & OPAL_FL_SUPPORTED))
3078 		return false;
3079 
3080 	mutex_lock(&dev->dev_lock);
3081 	setup_opal_dev(dev);
3082 
3083 	list_for_each_entry(suspend, &dev->unlk_lst, node) {
3084 		dev->tsn = 0;
3085 		dev->hsn = 0;
3086 
3087 		ret = __opal_lock_unlock(dev, &suspend->unlk);
3088 		if (ret) {
3089 			pr_debug("Failed to unlock LR %hhu with sum %d\n",
3090 				 suspend->unlk.session.opal_key.lr,
3091 				 suspend->unlk.session.sum);
3092 			was_failure = true;
3093 		}
3094 
3095 		if (dev->flags & OPAL_FL_MBR_ENABLED) {
3096 			ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
3097 			if (ret)
3098 				pr_debug("Failed to set MBR Done in S3 resume\n");
3099 		}
3100 	}
3101 	mutex_unlock(&dev->dev_lock);
3102 
3103 	return was_failure;
3104 }
3105 EXPORT_SYMBOL(opal_unlock_from_suspend);
3106 
opal_read_table(struct opal_dev * dev,struct opal_read_write_table * rw_tbl)3107 static int opal_read_table(struct opal_dev *dev,
3108 			   struct opal_read_write_table *rw_tbl)
3109 {
3110 	const struct opal_step read_table_steps[] = {
3111 		{ start_admin1LSP_opal_session, &rw_tbl->key },
3112 		{ read_table_data, rw_tbl },
3113 		{ end_opal_session, }
3114 	};
3115 
3116 	if (!rw_tbl->size)
3117 		return 0;
3118 
3119 	return execute_steps(dev, read_table_steps,
3120 			     ARRAY_SIZE(read_table_steps));
3121 }
3122 
opal_write_table(struct opal_dev * dev,struct opal_read_write_table * rw_tbl)3123 static int opal_write_table(struct opal_dev *dev,
3124 			    struct opal_read_write_table *rw_tbl)
3125 {
3126 	const struct opal_step write_table_steps[] = {
3127 		{ start_admin1LSP_opal_session, &rw_tbl->key },
3128 		{ write_table_data, rw_tbl },
3129 		{ end_opal_session, }
3130 	};
3131 
3132 	if (!rw_tbl->size)
3133 		return 0;
3134 
3135 	return execute_steps(dev, write_table_steps,
3136 			     ARRAY_SIZE(write_table_steps));
3137 }
3138 
opal_generic_read_write_table(struct opal_dev * dev,struct opal_read_write_table * rw_tbl)3139 static int opal_generic_read_write_table(struct opal_dev *dev,
3140 					 struct opal_read_write_table *rw_tbl)
3141 {
3142 	int ret, bit_set;
3143 
3144 	ret = opal_get_key(dev, &rw_tbl->key);
3145 	if (ret)
3146 		return ret;
3147 	mutex_lock(&dev->dev_lock);
3148 	setup_opal_dev(dev);
3149 
3150 	bit_set = fls64(rw_tbl->flags) - 1;
3151 	switch (bit_set) {
3152 	case OPAL_READ_TABLE:
3153 		ret = opal_read_table(dev, rw_tbl);
3154 		break;
3155 	case OPAL_WRITE_TABLE:
3156 		ret = opal_write_table(dev, rw_tbl);
3157 		break;
3158 	default:
3159 		pr_debug("Invalid bit set in the flag (%016llx).\n",
3160 			 rw_tbl->flags);
3161 		ret = -EINVAL;
3162 		break;
3163 	}
3164 
3165 	mutex_unlock(&dev->dev_lock);
3166 
3167 	return ret;
3168 }
3169 
opal_get_status(struct opal_dev * dev,void __user * data)3170 static int opal_get_status(struct opal_dev *dev, void __user *data)
3171 {
3172 	struct opal_status sts = {0};
3173 
3174 	/*
3175 	 * check_opal_support() error is not fatal,
3176 	 * !dev->supported is a valid condition
3177 	 */
3178 	if (!check_opal_support(dev))
3179 		sts.flags = dev->flags;
3180 	if (copy_to_user(data, &sts, sizeof(sts))) {
3181 		pr_debug("Error copying status to userspace\n");
3182 		return -EFAULT;
3183 	}
3184 	return 0;
3185 }
3186 
opal_get_geometry(struct opal_dev * dev,void __user * data)3187 static int opal_get_geometry(struct opal_dev *dev, void __user *data)
3188 {
3189 	struct opal_geometry geo = {0};
3190 
3191 	if (check_opal_support(dev))
3192 		return -EINVAL;
3193 
3194 	geo.align = dev->align_required;
3195 	geo.logical_block_size = dev->logical_block_size;
3196 	geo.alignment_granularity =  dev->align;
3197 	geo.lowest_aligned_lba = dev->lowest_lba;
3198 
3199 	if (copy_to_user(data, &geo, sizeof(geo))) {
3200 		pr_debug("Error copying geometry data to userspace\n");
3201 		return -EFAULT;
3202 	}
3203 
3204 	return 0;
3205 }
3206 
sed_ioctl(struct opal_dev * dev,unsigned int cmd,void __user * arg)3207 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
3208 {
3209 	void *p;
3210 	int ret = -ENOTTY;
3211 
3212 	if (!capable(CAP_SYS_ADMIN))
3213 		return -EACCES;
3214 	if (!dev)
3215 		return -EOPNOTSUPP;
3216 	if (!(dev->flags & OPAL_FL_SUPPORTED))
3217 		return -EOPNOTSUPP;
3218 
3219 	if (cmd & IOC_IN) {
3220 		p = memdup_user(arg, _IOC_SIZE(cmd));
3221 		if (IS_ERR(p))
3222 			return PTR_ERR(p);
3223 	}
3224 
3225 	switch (cmd) {
3226 	case IOC_OPAL_SAVE:
3227 		ret = opal_save(dev, p);
3228 		break;
3229 	case IOC_OPAL_LOCK_UNLOCK:
3230 		ret = opal_lock_unlock(dev, p);
3231 		break;
3232 	case IOC_OPAL_TAKE_OWNERSHIP:
3233 		ret = opal_take_ownership(dev, p);
3234 		break;
3235 	case IOC_OPAL_ACTIVATE_LSP:
3236 		ret = opal_activate_lsp(dev, p);
3237 		break;
3238 	case IOC_OPAL_SET_PW:
3239 		ret = opal_set_new_pw(dev, p);
3240 		break;
3241 	case IOC_OPAL_ACTIVATE_USR:
3242 		ret = opal_activate_user(dev, p);
3243 		break;
3244 	case IOC_OPAL_REVERT_TPR:
3245 		ret = opal_reverttper(dev, p, false);
3246 		break;
3247 	case IOC_OPAL_LR_SETUP:
3248 		ret = opal_setup_locking_range(dev, p);
3249 		break;
3250 	case IOC_OPAL_ADD_USR_TO_LR:
3251 		ret = opal_add_user_to_lr(dev, p);
3252 		break;
3253 	case IOC_OPAL_ENABLE_DISABLE_MBR:
3254 		ret = opal_enable_disable_shadow_mbr(dev, p);
3255 		break;
3256 	case IOC_OPAL_MBR_DONE:
3257 		ret = opal_set_mbr_done(dev, p);
3258 		break;
3259 	case IOC_OPAL_WRITE_SHADOW_MBR:
3260 		ret = opal_write_shadow_mbr(dev, p);
3261 		break;
3262 	case IOC_OPAL_ERASE_LR:
3263 		ret = opal_erase_locking_range(dev, p);
3264 		break;
3265 	case IOC_OPAL_SECURE_ERASE_LR:
3266 		ret = opal_secure_erase_locking_range(dev, p);
3267 		break;
3268 	case IOC_OPAL_PSID_REVERT_TPR:
3269 		ret = opal_reverttper(dev, p, true);
3270 		break;
3271 	case IOC_OPAL_GENERIC_TABLE_RW:
3272 		ret = opal_generic_read_write_table(dev, p);
3273 		break;
3274 	case IOC_OPAL_GET_STATUS:
3275 		ret = opal_get_status(dev, arg);
3276 		break;
3277 	case IOC_OPAL_GET_LR_STATUS:
3278 		ret = opal_locking_range_status(dev, p, arg);
3279 		break;
3280 	case IOC_OPAL_GET_GEOMETRY:
3281 		ret = opal_get_geometry(dev, arg);
3282 		break;
3283 	case IOC_OPAL_REVERT_LSP:
3284 		ret = opal_revertlsp(dev, p);
3285 		break;
3286 	case IOC_OPAL_DISCOVERY:
3287 		ret = opal_get_discv(dev, p);
3288 		break;
3289 
3290 	default:
3291 		break;
3292 	}
3293 
3294 	if (cmd & IOC_IN)
3295 		kfree(p);
3296 	return ret;
3297 }
3298 EXPORT_SYMBOL_GPL(sed_ioctl);
3299 
sed_opal_init(void)3300 static int __init sed_opal_init(void)
3301 {
3302 	struct key *kr;
3303 	char init_sed_key[OPAL_KEY_MAX];
3304 	int keylen = OPAL_KEY_MAX - 1;
3305 
3306 	kr = keyring_alloc(".sed_opal",
3307 			   GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
3308 			   (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW |
3309 			   KEY_USR_READ | KEY_USR_SEARCH | KEY_USR_WRITE,
3310 			   KEY_ALLOC_NOT_IN_QUOTA,
3311 			   NULL, NULL);
3312 	if (IS_ERR(kr))
3313 		return PTR_ERR(kr);
3314 
3315 	sed_opal_keyring = kr;
3316 
3317 	if (sed_read_key(OPAL_AUTH_KEY, init_sed_key, &keylen) < 0) {
3318 		memset(init_sed_key, '\0', sizeof(init_sed_key));
3319 		keylen = OPAL_KEY_MAX - 1;
3320 	}
3321 
3322 	return update_sed_opal_key(OPAL_AUTH_KEY, init_sed_key, keylen);
3323 }
3324 late_initcall(sed_opal_init);
3325