[linux-2.6-block.git] / drivers / cxl / security.c

// SPDX-License-Identifier: GPL-2.0-only
/* Copyright(c) 2022 Intel Corporation. All rights reserved. */
#include <linux/libnvdimm.h>
#include <asm/unaligned.h>
#include <linux/module.h>
#include <linux/async.h>
#include <linux/slab.h>
#include <linux/memregion.h>
#include "cxlmem.h"
#include "cxl.h"

static unsigned long cxl_pmem_get_security_flags(struct nvdimm *nvdimm,
						 enum nvdimm_passphrase_type ptype)
{
	struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
	struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
	struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
	unsigned long security_flags = 0;
	struct cxl_get_security_output {
		__le32 flags;
	} out;
	struct cxl_mbox_cmd mbox_cmd;
	u32 sec_out;
	int rc;

	mbox_cmd = (struct cxl_mbox_cmd) {
		.opcode = CXL_MBOX_OP_GET_SECURITY_STATE,
		.size_out = sizeof(out),
		.payload_out = &out,
	};

	rc = cxl_internal_send_cmd(mds, &mbox_cmd);
	if (rc < 0)
		return 0;

	sec_out = le32_to_cpu(out.flags);
	/* cache security state */
	mds->security.state = sec_out;

	if (ptype == NVDIMM_MASTER) {
		if (sec_out & CXL_PMEM_SEC_STATE_MASTER_PASS_SET)
			set_bit(NVDIMM_SECURITY_UNLOCKED, &security_flags);
		else
			set_bit(NVDIMM_SECURITY_DISABLED, &security_flags);
		if (sec_out & CXL_PMEM_SEC_STATE_MASTER_PLIMIT)
			set_bit(NVDIMM_SECURITY_FROZEN, &security_flags);
		return security_flags;
	}

	if (sec_out & CXL_PMEM_SEC_STATE_USER_PASS_SET) {
		if (sec_out & CXL_PMEM_SEC_STATE_FROZEN ||
		    sec_out & CXL_PMEM_SEC_STATE_USER_PLIMIT)
			set_bit(NVDIMM_SECURITY_FROZEN, &security_flags);

		if (sec_out & CXL_PMEM_SEC_STATE_LOCKED)
			set_bit(NVDIMM_SECURITY_LOCKED, &security_flags);
		else
			set_bit(NVDIMM_SECURITY_UNLOCKED, &security_flags);
	} else {
		set_bit(NVDIMM_SECURITY_DISABLED, &security_flags);
	}

	return security_flags;
}

static int cxl_pmem_security_change_key(struct nvdimm *nvdimm,
					const struct nvdimm_key_data *old_data,
					const struct nvdimm_key_data *new_data,
					enum nvdimm_passphrase_type ptype)
{
	struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
	struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
	struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
	struct cxl_mbox_cmd mbox_cmd;
	struct cxl_set_pass set_pass;

	set_pass = (struct cxl_set_pass) {
		.type = ptype == NVDIMM_MASTER ? CXL_PMEM_SEC_PASS_MASTER :
						 CXL_PMEM_SEC_PASS_USER,
	};
	memcpy(set_pass.old_pass, old_data->data, NVDIMM_PASSPHRASE_LEN);
	memcpy(set_pass.new_pass, new_data->data, NVDIMM_PASSPHRASE_LEN);

	mbox_cmd = (struct cxl_mbox_cmd) {
		.opcode = CXL_MBOX_OP_SET_PASSPHRASE,
		.size_in = sizeof(set_pass),
		.payload_in = &set_pass,
	};

	return cxl_internal_send_cmd(mds, &mbox_cmd);
}

static int __cxl_pmem_security_disable(struct nvdimm *nvdimm,
				       const struct nvdimm_key_data *key_data,
				       enum nvdimm_passphrase_type ptype)
{
	struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
	struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
	struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
	struct cxl_disable_pass dis_pass;
	struct cxl_mbox_cmd mbox_cmd;

	dis_pass = (struct cxl_disable_pass) {
		.type = ptype == NVDIMM_MASTER ? CXL_PMEM_SEC_PASS_MASTER :
						 CXL_PMEM_SEC_PASS_USER,
	};
	memcpy(dis_pass.pass, key_data->data, NVDIMM_PASSPHRASE_LEN);

	mbox_cmd = (struct cxl_mbox_cmd) {
		.opcode = CXL_MBOX_OP_DISABLE_PASSPHRASE,
		.size_in = sizeof(dis_pass),
		.payload_in = &dis_pass,
	};

	return cxl_internal_send_cmd(mds, &mbox_cmd);
}

static int cxl_pmem_security_disable(struct nvdimm *nvdimm,
				     const struct nvdimm_key_data *key_data)
{
	return __cxl_pmem_security_disable(nvdimm, key_data, NVDIMM_USER);
}

static int cxl_pmem_security_disable_master(struct nvdimm *nvdimm,
					    const struct nvdimm_key_data *key_data)
{
	return __cxl_pmem_security_disable(nvdimm, key_data, NVDIMM_MASTER);
}

static int cxl_pmem_security_freeze(struct nvdimm *nvdimm)
{
	struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
	struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
	struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
	struct cxl_mbox_cmd mbox_cmd = {
		.opcode = CXL_MBOX_OP_FREEZE_SECURITY,
	};

	return cxl_internal_send_cmd(mds, &mbox_cmd);
}

static int cxl_pmem_security_unlock(struct nvdimm *nvdimm,
				    const struct nvdimm_key_data *key_data)
{
	struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
	struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
	struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
	u8 pass[NVDIMM_PASSPHRASE_LEN];
	struct cxl_mbox_cmd mbox_cmd;
	int rc;

	memcpy(pass, key_data->data, NVDIMM_PASSPHRASE_LEN);
	mbox_cmd = (struct cxl_mbox_cmd) {
		.opcode = CXL_MBOX_OP_UNLOCK,
		.size_in = NVDIMM_PASSPHRASE_LEN,
		.payload_in = pass,
	};

	rc = cxl_internal_send_cmd(mds, &mbox_cmd);
	if (rc < 0)
		return rc;

	return 0;
}

static int cxl_pmem_security_passphrase_erase(struct nvdimm *nvdimm,
					      const struct nvdimm_key_data *key,
					      enum nvdimm_passphrase_type ptype)
{
	struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
	struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
	struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
	struct cxl_mbox_cmd mbox_cmd;
	struct cxl_pass_erase erase;
	int rc;

	erase = (struct cxl_pass_erase) {
		.type = ptype == NVDIMM_MASTER ? CXL_PMEM_SEC_PASS_MASTER :
						 CXL_PMEM_SEC_PASS_USER,
	};
	memcpy(erase.pass, key->data, NVDIMM_PASSPHRASE_LEN);
	mbox_cmd = (struct cxl_mbox_cmd) {
		.opcode = CXL_MBOX_OP_PASSPHRASE_SECURE_ERASE,
		.size_in = sizeof(erase),
		.payload_in = &erase,
	};

	rc = cxl_internal_send_cmd(mds, &mbox_cmd);
	if (rc < 0)
		return rc;

	return 0;
}

static const struct nvdimm_security_ops __cxl_security_ops = {
	.get_flags = cxl_pmem_get_security_flags,
	.change_key = cxl_pmem_security_change_key,
	.disable = cxl_pmem_security_disable,
	.freeze = cxl_pmem_security_freeze,
	.unlock = cxl_pmem_security_unlock,
	.erase = cxl_pmem_security_passphrase_erase,
	.disable_master = cxl_pmem_security_disable_master,
};

const struct nvdimm_security_ops *cxl_security_ops = &__cxl_security_ops;
Commit	Line	Data
32828115 DJ	1	// SPDX-License-Identifier: GPL-2.0-only
	2	/* Copyright(c) 2022 Intel Corporation. All rights reserved. */
	3	#include <linux/libnvdimm.h>
	4	#include <asm/unaligned.h>
	5	#include <linux/module.h>
	6	#include <linux/async.h>
	7	#include <linux/slab.h>
2bb692f7	8	#include <linux/memregion.h>
32828115 DJ	9	#include "cxlmem.h"
	10	#include "cxl.h"
	11
	12	static unsigned long cxl_pmem_get_security_flags(struct nvdimm *nvdimm,
	13	enum nvdimm_passphrase_type ptype)
	14	{
	15	struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
	16	struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
59f8d151	17	struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
32828115	18	unsigned long security_flags = 0;
f5ee4cc1 DW	19	struct cxl_get_security_output {
	20	__le32 flags;
	21	} out;
5331cdf4	22	struct cxl_mbox_cmd mbox_cmd;
32828115 DJ	23	u32 sec_out;
	24	int rc;
	25
5331cdf4 DW	26	mbox_cmd = (struct cxl_mbox_cmd) {
	27	.opcode = CXL_MBOX_OP_GET_SECURITY_STATE,
	28	.size_out = sizeof(out),
	29	.payload_out = &out,
	30	};
	31
59f8d151	32	rc = cxl_internal_send_cmd(mds, &mbox_cmd);
32828115 DJ	33	if (rc < 0)
	34	return 0;
	35
f5ee4cc1	36	sec_out = le32_to_cpu(out.flags);
9968c9dd	37	/* cache security state */
aeaefabc	38	mds->security.state = sec_out;
9968c9dd	39
32828115 DJ	40	if (ptype == NVDIMM_MASTER) {
	41	if (sec_out & CXL_PMEM_SEC_STATE_MASTER_PASS_SET)
	42	set_bit(NVDIMM_SECURITY_UNLOCKED, &security_flags);
	43	else
	44	set_bit(NVDIMM_SECURITY_DISABLED, &security_flags);
	45	if (sec_out & CXL_PMEM_SEC_STATE_MASTER_PLIMIT)
	46	set_bit(NVDIMM_SECURITY_FROZEN, &security_flags);
	47	return security_flags;
	48	}
	49
	50	if (sec_out & CXL_PMEM_SEC_STATE_USER_PASS_SET) {
	51	if (sec_out & CXL_PMEM_SEC_STATE_FROZEN \|\|
	52	sec_out & CXL_PMEM_SEC_STATE_USER_PLIMIT)
	53	set_bit(NVDIMM_SECURITY_FROZEN, &security_flags);
	54
	55	if (sec_out & CXL_PMEM_SEC_STATE_LOCKED)
	56	set_bit(NVDIMM_SECURITY_LOCKED, &security_flags);
	57	else
	58	set_bit(NVDIMM_SECURITY_UNLOCKED, &security_flags);
	59	} else {
	60	set_bit(NVDIMM_SECURITY_DISABLED, &security_flags);
	61	}
	62
	63	return security_flags;
	64	}
	65
99746940 DJ	66	static int cxl_pmem_security_change_key(struct nvdimm *nvdimm,
	67	const struct nvdimm_key_data *old_data,
	68	const struct nvdimm_key_data *new_data,
	69	enum nvdimm_passphrase_type ptype)
	70	{
	71	struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
	72	struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
59f8d151	73	struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
5331cdf4	74	struct cxl_mbox_cmd mbox_cmd;
99746940	75	struct cxl_set_pass set_pass;
99746940	76
5331cdf4 DW	77	set_pass = (struct cxl_set_pass) {
	78	.type = ptype == NVDIMM_MASTER ? CXL_PMEM_SEC_PASS_MASTER :
	79	CXL_PMEM_SEC_PASS_USER,
	80	};
99746940 DJ	81	memcpy(set_pass.old_pass, old_data->data, NVDIMM_PASSPHRASE_LEN);
	82	memcpy(set_pass.new_pass, new_data->data, NVDIMM_PASSPHRASE_LEN);
	83
5331cdf4 DW	84	mbox_cmd = (struct cxl_mbox_cmd) {
	85	.opcode = CXL_MBOX_OP_SET_PASSPHRASE,
	86	.size_in = sizeof(set_pass),
	87	.payload_in = &set_pass,
	88	};
	89
59f8d151	90	return cxl_internal_send_cmd(mds, &mbox_cmd);
99746940 DJ	91	}
99746940 DJ	92
dcedadfa DJ	93	static int __cxl_pmem_security_disable(struct nvdimm *nvdimm,
	94	const struct nvdimm_key_data *key_data,
	95	enum nvdimm_passphrase_type ptype)
c4ef680d DJ	96	{
	97	struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
	98	struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
59f8d151	99	struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
c4ef680d	100	struct cxl_disable_pass dis_pass;
5331cdf4	101	struct cxl_mbox_cmd mbox_cmd;
c4ef680d	102
5331cdf4 DW	103	dis_pass = (struct cxl_disable_pass) {
	104	.type = ptype == NVDIMM_MASTER ? CXL_PMEM_SEC_PASS_MASTER :
	105	CXL_PMEM_SEC_PASS_USER,
	106	};
c4ef680d DJ	107	memcpy(dis_pass.pass, key_data->data, NVDIMM_PASSPHRASE_LEN);
c4ef680d DJ	108
5331cdf4 DW	109	mbox_cmd = (struct cxl_mbox_cmd) {
	110	.opcode = CXL_MBOX_OP_DISABLE_PASSPHRASE,
	111	.size_in = sizeof(dis_pass),
	112	.payload_in = &dis_pass,
	113	};
	114
59f8d151	115	return cxl_internal_send_cmd(mds, &mbox_cmd);
c4ef680d DJ	116	}
c4ef680d DJ	117
dcedadfa DJ	118	static int cxl_pmem_security_disable(struct nvdimm *nvdimm,
	119	const struct nvdimm_key_data *key_data)
	120	{
	121	return __cxl_pmem_security_disable(nvdimm, key_data, NVDIMM_USER);
	122	}
	123
	124	static int cxl_pmem_security_disable_master(struct nvdimm *nvdimm,
	125	const struct nvdimm_key_data *key_data)
	126	{
	127	return __cxl_pmem_security_disable(nvdimm, key_data, NVDIMM_MASTER);
	128	}
	129
a072f7b7 DJ	130	static int cxl_pmem_security_freeze(struct nvdimm *nvdimm)
	131	{
	132	struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
	133	struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
59f8d151	134	struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
5331cdf4 DW	135	struct cxl_mbox_cmd mbox_cmd = {
	136	.opcode = CXL_MBOX_OP_FREEZE_SECURITY,
	137	};
a072f7b7	138
59f8d151	139	return cxl_internal_send_cmd(mds, &mbox_cmd);
a072f7b7 DJ	140	}
a072f7b7 DJ	141
2bb692f7 DJ	142	static int cxl_pmem_security_unlock(struct nvdimm *nvdimm,
	143	const struct nvdimm_key_data *key_data)
	144	{
	145	struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
	146	struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
59f8d151	147	struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
2bb692f7	148	u8 pass[NVDIMM_PASSPHRASE_LEN];
5331cdf4	149	struct cxl_mbox_cmd mbox_cmd;
2bb692f7 DJ	150	int rc;
2bb692f7 DJ	151
2bb692f7	152	memcpy(pass, key_data->data, NVDIMM_PASSPHRASE_LEN);
5331cdf4 DW	153	mbox_cmd = (struct cxl_mbox_cmd) {
	154	.opcode = CXL_MBOX_OP_UNLOCK,
	155	.size_in = NVDIMM_PASSPHRASE_LEN,
	156	.payload_in = pass,
	157	};
	158
59f8d151	159	rc = cxl_internal_send_cmd(mds, &mbox_cmd);
2bb692f7 DJ	160	if (rc < 0)
	161	return rc;
	162
2bb692f7 DJ	163	return 0;
	164	}
	165
3b502e88 DJ	166	static int cxl_pmem_security_passphrase_erase(struct nvdimm *nvdimm,
	167	const struct nvdimm_key_data *key,
	168	enum nvdimm_passphrase_type ptype)
	169	{
	170	struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
	171	struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
59f8d151	172	struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
5331cdf4	173	struct cxl_mbox_cmd mbox_cmd;
3b502e88 DJ	174	struct cxl_pass_erase erase;
	175	int rc;
	176
5331cdf4 DW	177	erase = (struct cxl_pass_erase) {
	178	.type = ptype == NVDIMM_MASTER ? CXL_PMEM_SEC_PASS_MASTER :
	179	CXL_PMEM_SEC_PASS_USER,
	180	};
3b502e88	181	memcpy(erase.pass, key->data, NVDIMM_PASSPHRASE_LEN);
5331cdf4 DW	182	mbox_cmd = (struct cxl_mbox_cmd) {
	183	.opcode = CXL_MBOX_OP_PASSPHRASE_SECURE_ERASE,
	184	.size_in = sizeof(erase),
	185	.payload_in = &erase,
	186	};
	187
59f8d151	188	rc = cxl_internal_send_cmd(mds, &mbox_cmd);
3b502e88 DJ	189	if (rc < 0)
	190	return rc;
	191
3b502e88 DJ	192	return 0;
	193	}
	194
32828115 DJ	195	static const struct nvdimm_security_ops __cxl_security_ops = {
32828115 DJ	196	.get_flags = cxl_pmem_get_security_flags,
99746940	197	.change_key = cxl_pmem_security_change_key,
c4ef680d	198	.disable = cxl_pmem_security_disable,
a072f7b7	199	.freeze = cxl_pmem_security_freeze,
2bb692f7	200	.unlock = cxl_pmem_security_unlock,
3b502e88	201	.erase = cxl_pmem_security_passphrase_erase,
dcedadfa	202	.disable_master = cxl_pmem_security_disable_master,
32828115 DJ	203	};
	204
	205	const struct nvdimm_security_ops *cxl_security_ops = &__cxl_security_ops;