1 // SPDX-License-Identifier: GPL-2.0
3 * Copyright © 2016 Intel Corporation
6 * Scott Bauer <scott.bauer@intel.com>
7 * Rafael Antognolli <rafael.antognolli@intel.com>
10 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
12 #include <linux/delay.h>
13 #include <linux/device.h>
14 #include <linux/kernel.h>
15 #include <linux/list.h>
16 #include <linux/blkdev.h>
17 #include <linux/slab.h>
18 #include <linux/uaccess.h>
19 #include <uapi/linux/sed-opal.h>
20 #include <linux/sed-opal.h>
21 #include <linux/string.h>
22 #include <linux/kdev_t.h>
24 #include "opal_proto.h"
26 #define IO_BUFFER_LENGTH 2048
29 /* Number of bytes needed by cmd_finalize. */
30 #define CMD_FINALIZE_BYTES_NEEDED 7
33 int (*fn)(struct opal_dev *dev, void *data);
36 typedef int (cont_fn)(struct opal_dev *dev);
38 enum opal_atom_width {
47 * On the parsed response, we don't store again the toks that are already
48 * stored in the response buffer. Instead, for each token, we just store a
49 * pointer to the position in the buffer where the token starts, and the size
50 * of the token in bytes.
52 struct opal_resp_tok {
55 enum opal_response_token type;
56 enum opal_atom_width width;
64 * From the response header it's not possible to know how many tokens there are
65 * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
66 * if we start dealing with messages that have more than that, we can increase
67 * this number. This is done to avoid having to make two passes through the
68 * response, the first one counting how many tokens we have and the second one
69 * actually storing the positions.
73 struct opal_resp_tok toks[MAX_TOKS];
80 sec_send_recv *send_recv;
82 struct mutex dev_lock;
86 u64 align; /* alignment granularity */
88 u32 logical_block_size;
89 u8 align_required; /* ALIGN: 0 or 1 */
95 struct parsed_resp parsed;
99 struct list_head unlk_lst;
103 static const u8 opaluid[][OPAL_UID_LENGTH] = {
106 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
108 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
110 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
111 [OPAL_LOCKINGSP_UID] =
112 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
113 [OPAL_ENTERPRISE_LOCKINGSP_UID] =
114 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
116 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
118 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
120 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
122 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
124 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
126 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
127 [OPAL_ENTERPRISE_BANDMASTER0_UID] =
128 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
129 [OPAL_ENTERPRISE_ERASEMASTER_UID] =
130 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
134 { 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01 },
135 [OPAL_LOCKINGRANGE_GLOBAL] =
136 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
137 [OPAL_LOCKINGRANGE_ACE_START_TO_KEY] =
138 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xD0, 0x01 },
139 [OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
140 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
141 [OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
142 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
144 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
146 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
147 [OPAL_AUTHORITY_TABLE] =
148 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
150 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
151 [OPAL_LOCKING_INFO_TABLE] =
152 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
153 [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
154 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
156 { 0x00, 0x00, 0x10, 0x01, 0x00, 0x00, 0x00, 0x00 },
158 /* C_PIN_TABLE object ID's */
160 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
162 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
163 [OPAL_C_PIN_ADMIN1] =
164 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
166 /* half UID's (only first 4 bytes used) */
167 [OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
168 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
169 [OPAL_HALF_UID_BOOLEAN_ACE] =
170 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
172 /* special value for omitted optional parameter */
174 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
178 * TCG Storage SSC Methods.
179 * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
180 * Section: 6.3 Assigned UIDs
182 static const u8 opalmethod[][OPAL_METHOD_LENGTH] = {
184 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
185 [OPAL_STARTSESSION] =
186 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
188 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
190 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
192 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
194 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
196 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
197 [OPAL_EAUTHENTICATE] =
198 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
200 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
202 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
204 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
206 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
208 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
209 [OPAL_AUTHENTICATE] =
210 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
212 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
214 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
217 static int end_opal_session_error(struct opal_dev *dev);
218 static int opal_discovery0_step(struct opal_dev *dev);
220 struct opal_suspend_data {
221 struct opal_lock_unlock unlk;
223 struct list_head node;
228 * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
229 * Section: 5.1.5 Method Status Codes
231 static const char * const opal_errors[] = {
239 "No Sessions Available",
240 "Uniqueness Conflict",
241 "Insufficient Space",
248 "Transaction Failure",
250 "Authority Locked Out",
253 static const char *opal_error_to_human(int error)
258 if (error >= ARRAY_SIZE(opal_errors) || error < 0)
259 return "Unknown Error";
261 return opal_errors[error];
264 static void print_buffer(const u8 *ptr, u32 length)
267 print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
272 static bool check_tper(const void *data)
274 const struct d0_tper_features *tper = data;
275 u8 flags = tper->supported_features;
277 if (!(flags & TPER_SYNC_SUPPORTED)) {
278 pr_debug("TPer sync not supported. flags = %d\n",
279 tper->supported_features);
286 static bool check_lcksuppt(const void *data)
288 const struct d0_locking_features *lfeat = data;
289 u8 sup_feat = lfeat->supported_features;
291 return !!(sup_feat & LOCKING_SUPPORTED_MASK);
294 static bool check_lckenabled(const void *data)
296 const struct d0_locking_features *lfeat = data;
297 u8 sup_feat = lfeat->supported_features;
299 return !!(sup_feat & LOCKING_ENABLED_MASK);
302 static bool check_locked(const void *data)
304 const struct d0_locking_features *lfeat = data;
305 u8 sup_feat = lfeat->supported_features;
307 return !!(sup_feat & LOCKED_MASK);
310 static bool check_mbrenabled(const void *data)
312 const struct d0_locking_features *lfeat = data;
313 u8 sup_feat = lfeat->supported_features;
315 return !!(sup_feat & MBR_ENABLED_MASK);
318 static bool check_mbrdone(const void *data)
320 const struct d0_locking_features *lfeat = data;
321 u8 sup_feat = lfeat->supported_features;
323 return !!(sup_feat & MBR_DONE_MASK);
326 static bool check_sum(const void *data)
328 const struct d0_single_user_mode *sum = data;
329 u32 nlo = be32_to_cpu(sum->num_locking_objects);
332 pr_debug("Need at least one locking object.\n");
336 pr_debug("Number of locking objects: %d\n", nlo);
341 static u16 get_comid_v100(const void *data)
343 const struct d0_opal_v100 *v100 = data;
345 return be16_to_cpu(v100->baseComID);
348 static u16 get_comid_v200(const void *data)
350 const struct d0_opal_v200 *v200 = data;
352 return be16_to_cpu(v200->baseComID);
355 static int opal_send_cmd(struct opal_dev *dev)
357 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
358 dev->cmd, IO_BUFFER_LENGTH,
362 static int opal_recv_cmd(struct opal_dev *dev)
364 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
365 dev->resp, IO_BUFFER_LENGTH,
369 static int opal_recv_check(struct opal_dev *dev)
371 size_t buflen = IO_BUFFER_LENGTH;
372 void *buffer = dev->resp;
373 struct opal_header *hdr = buffer;
377 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
378 hdr->cp.outstandingData,
379 hdr->cp.minTransfer);
381 if (hdr->cp.outstandingData == 0 ||
382 hdr->cp.minTransfer != 0)
385 memset(buffer, 0, buflen);
386 ret = opal_recv_cmd(dev);
392 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
396 ret = opal_send_cmd(dev);
399 ret = opal_recv_cmd(dev);
402 ret = opal_recv_check(dev);
408 static void check_geometry(struct opal_dev *dev, const void *data)
410 const struct d0_geometry_features *geo = data;
412 dev->align = be64_to_cpu(geo->alignment_granularity);
413 dev->lowest_lba = be64_to_cpu(geo->lowest_aligned_lba);
414 dev->logical_block_size = be32_to_cpu(geo->logical_block_size);
415 dev->align_required = geo->reserved01 & 1;
418 static int execute_step(struct opal_dev *dev,
419 const struct opal_step *step, size_t stepIndex)
421 int error = step->fn(dev, step->data);
424 pr_debug("Step %zu (%pS) failed with error %d: %s\n",
425 stepIndex, step->fn, error,
426 opal_error_to_human(error));
432 static int execute_steps(struct opal_dev *dev,
433 const struct opal_step *steps, size_t n_steps)
438 /* first do a discovery0 */
439 error = opal_discovery0_step(dev);
443 for (state = 0; state < n_steps; state++) {
444 error = execute_step(dev, &steps[state], state);
453 * For each OPAL command the first step in steps starts some sort of
454 * session. If an error occurred in the initial discovery0 or if an
455 * error occurred in the first step (and thus stopping the loop with
456 * state == 0) then there was an error before or during the attempt to
457 * start a session. Therefore we shouldn't attempt to terminate a
458 * session, as one has not yet been created.
461 end_opal_session_error(dev);
466 static int opal_discovery0_end(struct opal_dev *dev)
468 bool found_com_id = false, supported = true, single_user = false;
469 const struct d0_header *hdr = (struct d0_header *)dev->resp;
470 const u8 *epos = dev->resp, *cpos = dev->resp;
472 u32 hlen = be32_to_cpu(hdr->length);
474 print_buffer(dev->resp, hlen);
475 dev->flags &= OPAL_FL_SUPPORTED;
477 if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
478 pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
479 sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
483 epos += hlen; /* end of buffer */
484 cpos += sizeof(*hdr); /* current position on buffer */
486 while (cpos < epos && supported) {
487 const struct d0_features *body =
488 (const struct d0_features *)cpos;
490 switch (be16_to_cpu(body->code)) {
492 supported = check_tper(body->features);
495 single_user = check_sum(body->features);
497 dev->flags |= OPAL_FL_SUM_SUPPORTED;
500 check_geometry(dev, body);
503 if (check_lcksuppt(body->features))
504 dev->flags |= OPAL_FL_LOCKING_SUPPORTED;
505 if (check_lckenabled(body->features))
506 dev->flags |= OPAL_FL_LOCKING_ENABLED;
507 if (check_locked(body->features))
508 dev->flags |= OPAL_FL_LOCKED;
509 if (check_mbrenabled(body->features))
510 dev->flags |= OPAL_FL_MBR_ENABLED;
511 if (check_mbrdone(body->features))
512 dev->flags |= OPAL_FL_MBR_DONE;
516 /* some ignored properties */
517 pr_debug("Found OPAL feature description: %d\n",
518 be16_to_cpu(body->code));
521 comid = get_comid_v100(body->features);
525 comid = get_comid_v200(body->features);
528 case 0xbfff ... 0xffff:
529 /* vendor specific, just ignore */
532 pr_debug("OPAL Unknown feature: %d\n",
533 be16_to_cpu(body->code));
536 cpos += body->length + 4;
540 pr_debug("This device is not Opal enabled. Not Supported!\n");
545 pr_debug("Device doesn't support single user mode\n");
549 pr_debug("Could not find OPAL comid for device. Returning early\n");
558 static int opal_discovery0(struct opal_dev *dev, void *data)
562 memset(dev->resp, 0, IO_BUFFER_LENGTH);
563 dev->comid = OPAL_DISCOVERY_COMID;
564 ret = opal_recv_cmd(dev);
568 return opal_discovery0_end(dev);
571 static int opal_discovery0_step(struct opal_dev *dev)
573 const struct opal_step discovery0_step = {
577 return execute_step(dev, &discovery0_step, 0);
580 static size_t remaining_size(struct opal_dev *cmd)
582 return IO_BUFFER_LENGTH - cmd->pos;
585 static bool can_add(int *err, struct opal_dev *cmd, size_t len)
590 if (remaining_size(cmd) < len) {
591 pr_debug("Error adding %zu bytes: end of buffer.\n", len);
599 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
601 if (!can_add(err, cmd, 1))
604 cmd->cmd[cmd->pos++] = tok;
607 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
608 bool has_sign, int len)
613 atom = SHORT_ATOM_ID;
614 atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
615 atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
616 atom |= len & SHORT_ATOM_LEN_MASK;
618 add_token_u8(&err, cmd, atom);
621 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
622 bool has_sign, int len)
626 header0 = MEDIUM_ATOM_ID;
627 header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
628 header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
629 header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
631 cmd->cmd[cmd->pos++] = header0;
632 cmd->cmd[cmd->pos++] = len;
635 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
640 if (!(number & ~TINY_ATOM_DATA_MASK)) {
641 add_token_u8(err, cmd, number);
646 len = DIV_ROUND_UP(msb, 8);
648 if (!can_add(err, cmd, len + 1)) {
649 pr_debug("Error adding u64: end of buffer.\n");
652 add_short_atom_header(cmd, false, false, len);
654 add_token_u8(err, cmd, number >> (len * 8));
657 static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len)
659 size_t header_len = 1;
660 bool is_short_atom = true;
662 if (len & ~SHORT_ATOM_LEN_MASK) {
664 is_short_atom = false;
667 if (!can_add(err, cmd, header_len + len)) {
668 pr_debug("Error adding bytestring: end of buffer.\n");
673 add_short_atom_header(cmd, true, false, len);
675 add_medium_atom_header(cmd, true, false, len);
677 return &cmd->cmd[cmd->pos];
680 static void add_token_bytestring(int *err, struct opal_dev *cmd,
681 const u8 *bytestring, size_t len)
685 start = add_bytestring_header(err, cmd, len);
688 memcpy(start, bytestring, len);
692 static int build_locking_range(u8 *buffer, size_t length, u8 lr)
694 if (length > OPAL_UID_LENGTH) {
695 pr_debug("Can't build locking range. Length OOB\n");
699 memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
704 buffer[5] = LOCKING_RANGE_NON_GLOBAL;
710 static int build_locking_user(u8 *buffer, size_t length, u8 lr)
712 if (length > OPAL_UID_LENGTH) {
713 pr_debug("Can't build locking range user. Length OOB\n");
717 memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
724 static void set_comid(struct opal_dev *cmd, u16 comid)
726 struct opal_header *hdr = (struct opal_header *)cmd->cmd;
728 hdr->cp.extendedComID[0] = comid >> 8;
729 hdr->cp.extendedComID[1] = comid;
730 hdr->cp.extendedComID[2] = 0;
731 hdr->cp.extendedComID[3] = 0;
734 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
736 struct opal_header *hdr;
740 * Close the parameter list opened from cmd_start.
741 * The number of bytes added must be equal to
742 * CMD_FINALIZE_BYTES_NEEDED.
744 add_token_u8(&err, cmd, OPAL_ENDLIST);
746 add_token_u8(&err, cmd, OPAL_ENDOFDATA);
747 add_token_u8(&err, cmd, OPAL_STARTLIST);
748 add_token_u8(&err, cmd, 0);
749 add_token_u8(&err, cmd, 0);
750 add_token_u8(&err, cmd, 0);
751 add_token_u8(&err, cmd, OPAL_ENDLIST);
754 pr_debug("Error finalizing command.\n");
758 hdr = (struct opal_header *) cmd->cmd;
760 hdr->pkt.tsn = cpu_to_be32(tsn);
761 hdr->pkt.hsn = cpu_to_be32(hsn);
763 hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
764 while (cmd->pos % 4) {
765 if (cmd->pos >= IO_BUFFER_LENGTH) {
766 pr_debug("Error: Buffer overrun\n");
769 cmd->cmd[cmd->pos++] = 0;
771 hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
773 hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
778 static const struct opal_resp_tok *response_get_token(
779 const struct parsed_resp *resp,
782 const struct opal_resp_tok *tok;
785 pr_debug("Response is NULL\n");
786 return ERR_PTR(-EINVAL);
789 if (n >= resp->num) {
790 pr_debug("Token number doesn't exist: %d, resp: %d\n",
792 return ERR_PTR(-EINVAL);
795 tok = &resp->toks[n];
797 pr_debug("Token length must be non-zero\n");
798 return ERR_PTR(-EINVAL);
804 static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
809 tok->width = OPAL_WIDTH_TINY;
811 if (pos[0] & TINY_ATOM_SIGNED) {
812 tok->type = OPAL_DTA_TOKENID_SINT;
814 tok->type = OPAL_DTA_TOKENID_UINT;
815 tok->stored.u = pos[0] & 0x3f;
821 static ssize_t response_parse_short(struct opal_resp_tok *tok,
825 tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
826 tok->width = OPAL_WIDTH_SHORT;
828 if (pos[0] & SHORT_ATOM_BYTESTRING) {
829 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
830 } else if (pos[0] & SHORT_ATOM_SIGNED) {
831 tok->type = OPAL_DTA_TOKENID_SINT;
836 tok->type = OPAL_DTA_TOKENID_UINT;
838 pr_debug("uint64 with more than 8 bytes\n");
841 for (i = tok->len - 1; i > 0; i--) {
842 u_integer |= ((u64)pos[i] << (8 * b));
845 tok->stored.u = u_integer;
851 static ssize_t response_parse_medium(struct opal_resp_tok *tok,
855 tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
856 tok->width = OPAL_WIDTH_MEDIUM;
858 if (pos[0] & MEDIUM_ATOM_BYTESTRING)
859 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
860 else if (pos[0] & MEDIUM_ATOM_SIGNED)
861 tok->type = OPAL_DTA_TOKENID_SINT;
863 tok->type = OPAL_DTA_TOKENID_UINT;
868 static ssize_t response_parse_long(struct opal_resp_tok *tok,
872 tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
873 tok->width = OPAL_WIDTH_LONG;
875 if (pos[0] & LONG_ATOM_BYTESTRING)
876 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
877 else if (pos[0] & LONG_ATOM_SIGNED)
878 tok->type = OPAL_DTA_TOKENID_SINT;
880 tok->type = OPAL_DTA_TOKENID_UINT;
885 static ssize_t response_parse_token(struct opal_resp_tok *tok,
890 tok->type = OPAL_DTA_TOKENID_TOKEN;
891 tok->width = OPAL_WIDTH_TOKEN;
896 static int response_parse(const u8 *buf, size_t length,
897 struct parsed_resp *resp)
899 const struct opal_header *hdr;
900 struct opal_resp_tok *iter;
903 ssize_t token_length;
905 u32 clen, plen, slen;
913 hdr = (struct opal_header *)buf;
917 clen = be32_to_cpu(hdr->cp.length);
918 plen = be32_to_cpu(hdr->pkt.length);
919 slen = be32_to_cpu(hdr->subpkt.length);
920 pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
923 if (clen == 0 || plen == 0 || slen == 0 ||
924 slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
925 pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
927 print_buffer(pos, sizeof(*hdr));
931 if (pos > buf + length)
936 print_buffer(pos, total);
938 if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
939 token_length = response_parse_tiny(iter, pos);
940 else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
941 token_length = response_parse_short(iter, pos);
942 else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
943 token_length = response_parse_medium(iter, pos);
944 else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
945 token_length = response_parse_long(iter, pos);
947 token_length = response_parse_token(iter, pos);
949 if (token_length < 0)
953 total -= token_length;
958 resp->num = num_entries;
963 static size_t response_get_string(const struct parsed_resp *resp, int n,
967 const struct opal_resp_tok *tok;
970 tok = response_get_token(resp, n);
974 if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) {
975 pr_debug("Token is not a byte string!\n");
979 switch (tok->width) {
980 case OPAL_WIDTH_TINY:
981 case OPAL_WIDTH_SHORT:
984 case OPAL_WIDTH_MEDIUM:
987 case OPAL_WIDTH_LONG:
991 pr_debug("Token has invalid width!\n");
995 *store = tok->pos + skip;
997 return tok->len - skip;
1000 static u64 response_get_u64(const struct parsed_resp *resp, int n)
1002 const struct opal_resp_tok *tok;
1004 tok = response_get_token(resp, n);
1008 if (tok->type != OPAL_DTA_TOKENID_UINT) {
1009 pr_debug("Token is not unsigned int: %d\n", tok->type);
1013 if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) {
1014 pr_debug("Atom is not short or tiny: %d\n", tok->width);
1018 return tok->stored.u;
1021 static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
1023 if (IS_ERR(token) ||
1024 token->type != OPAL_DTA_TOKENID_TOKEN ||
1025 token->pos[0] != match)
1030 static u8 response_status(const struct parsed_resp *resp)
1032 const struct opal_resp_tok *tok;
1034 tok = response_get_token(resp, 0);
1035 if (response_token_matches(tok, OPAL_ENDOFSESSION))
1039 return DTAERROR_NO_METHOD_STATUS;
1041 tok = response_get_token(resp, resp->num - 5);
1042 if (!response_token_matches(tok, OPAL_STARTLIST))
1043 return DTAERROR_NO_METHOD_STATUS;
1045 tok = response_get_token(resp, resp->num - 1);
1046 if (!response_token_matches(tok, OPAL_ENDLIST))
1047 return DTAERROR_NO_METHOD_STATUS;
1049 return response_get_u64(resp, resp->num - 4);
1052 /* Parses and checks for errors */
1053 static int parse_and_check_status(struct opal_dev *dev)
1057 print_buffer(dev->cmd, dev->pos);
1059 error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
1061 pr_debug("Couldn't parse response.\n");
1065 return response_status(&dev->parsed);
1068 static void clear_opal_cmd(struct opal_dev *dev)
1070 dev->pos = sizeof(struct opal_header);
1071 memset(dev->cmd, 0, IO_BUFFER_LENGTH);
1074 static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method)
1078 clear_opal_cmd(dev);
1079 set_comid(dev, dev->comid);
1081 add_token_u8(&err, dev, OPAL_CALL);
1082 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1083 add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH);
1086 * Every method call is followed by its parameters enclosed within
1087 * OPAL_STARTLIST and OPAL_ENDLIST tokens. We automatically open the
1088 * parameter list here and close it later in cmd_finalize.
1090 add_token_u8(&err, dev, OPAL_STARTLIST);
1095 static int start_opal_session_cont(struct opal_dev *dev)
1100 error = parse_and_check_status(dev);
1104 hsn = response_get_u64(&dev->parsed, 4);
1105 tsn = response_get_u64(&dev->parsed, 5);
1107 if (hsn != GENERIC_HOST_SESSION_NUM || tsn < FIRST_TPER_SESSION_NUM) {
1108 pr_debug("Couldn't authenticate session\n");
1118 static void add_suspend_info(struct opal_dev *dev,
1119 struct opal_suspend_data *sus)
1121 struct opal_suspend_data *iter;
1123 list_for_each_entry(iter, &dev->unlk_lst, node) {
1124 if (iter->lr == sus->lr) {
1125 list_del(&iter->node);
1130 list_add_tail(&sus->node, &dev->unlk_lst);
1133 static int end_session_cont(struct opal_dev *dev)
1138 return parse_and_check_status(dev);
1141 static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1145 ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1147 pr_debug("Error finalizing command buffer: %d\n", ret);
1151 print_buffer(dev->cmd, dev->pos);
1153 return opal_send_recv(dev, cont);
1156 static int generic_get_columns(struct opal_dev *dev, const u8 *table,
1157 u64 start_column, u64 end_column)
1161 err = cmd_start(dev, table, opalmethod[OPAL_GET]);
1163 add_token_u8(&err, dev, OPAL_STARTLIST);
1165 add_token_u8(&err, dev, OPAL_STARTNAME);
1166 add_token_u8(&err, dev, OPAL_STARTCOLUMN);
1167 add_token_u64(&err, dev, start_column);
1168 add_token_u8(&err, dev, OPAL_ENDNAME);
1170 add_token_u8(&err, dev, OPAL_STARTNAME);
1171 add_token_u8(&err, dev, OPAL_ENDCOLUMN);
1172 add_token_u64(&err, dev, end_column);
1173 add_token_u8(&err, dev, OPAL_ENDNAME);
1175 add_token_u8(&err, dev, OPAL_ENDLIST);
1180 return finalize_and_send(dev, parse_and_check_status);
1184 * request @column from table @table on device @dev. On success, the column
1185 * data will be available in dev->resp->tok[4]
1187 static int generic_get_column(struct opal_dev *dev, const u8 *table,
1190 return generic_get_columns(dev, table, column, column);
1194 * see TCG SAS 5.3.2.3 for a description of the available columns
1196 * the result is provided in dev->resp->tok[4]
1198 static int generic_get_table_info(struct opal_dev *dev, const u8 *table_uid,
1201 u8 uid[OPAL_UID_LENGTH];
1202 const unsigned int half = OPAL_UID_LENGTH_HALF;
1204 /* sed-opal UIDs can be split in two halves:
1205 * first: actual table index
1206 * second: relative index in the table
1207 * so we have to get the first half of the OPAL_TABLE_TABLE and use the
1208 * first part of the target table as relative index into that table
1210 memcpy(uid, opaluid[OPAL_TABLE_TABLE], half);
1211 memcpy(uid + half, table_uid, half);
1213 return generic_get_column(dev, uid, column);
1216 static int gen_key(struct opal_dev *dev, void *data)
1218 u8 uid[OPAL_UID_LENGTH];
1221 memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1222 kfree(dev->prev_data);
1223 dev->prev_data = NULL;
1225 err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]);
1228 pr_debug("Error building gen key command\n");
1233 return finalize_and_send(dev, parse_and_check_status);
1236 static int get_active_key_cont(struct opal_dev *dev)
1238 const char *activekey;
1242 error = parse_and_check_status(dev);
1246 keylen = response_get_string(&dev->parsed, 4, &activekey);
1248 pr_debug("%s: Couldn't extract the Activekey from the response\n",
1250 return OPAL_INVAL_PARAM;
1253 dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1255 if (!dev->prev_data)
1258 dev->prev_d_len = keylen;
1263 static int get_active_key(struct opal_dev *dev, void *data)
1265 u8 uid[OPAL_UID_LENGTH];
1269 err = build_locking_range(uid, sizeof(uid), *lr);
1273 err = generic_get_column(dev, uid, OPAL_ACTIVEKEY);
1277 return get_active_key_cont(dev);
1280 static int generic_table_write_data(struct opal_dev *dev, const u64 data,
1281 u64 offset, u64 size, const u8 *uid)
1283 const u8 __user *src = (u8 __user *)(uintptr_t)data;
1289 /* do we fit in the available space? */
1290 err = generic_get_table_info(dev, uid, OPAL_TABLE_ROWS);
1292 pr_debug("Couldn't get the table size\n");
1296 len = response_get_u64(&dev->parsed, 4);
1297 if (size > len || offset > len - size) {
1298 pr_debug("Does not fit in the table (%llu vs. %llu)\n",
1299 offset + size, len);
1303 /* do the actual transmission(s) */
1304 while (off < size) {
1305 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1306 add_token_u8(&err, dev, OPAL_STARTNAME);
1307 add_token_u8(&err, dev, OPAL_WHERE);
1308 add_token_u64(&err, dev, offset + off);
1309 add_token_u8(&err, dev, OPAL_ENDNAME);
1311 add_token_u8(&err, dev, OPAL_STARTNAME);
1312 add_token_u8(&err, dev, OPAL_VALUES);
1315 * The bytestring header is either 1 or 2 bytes, so assume 2.
1316 * There also needs to be enough space to accommodate the
1317 * trailing OPAL_ENDNAME (1 byte) and tokens added by
1320 len = min(remaining_size(dev) - (2+1+CMD_FINALIZE_BYTES_NEEDED),
1321 (size_t)(size - off));
1322 pr_debug("Write bytes %zu+%llu/%llu\n", off, len, size);
1324 dst = add_bytestring_header(&err, dev, len);
1328 if (copy_from_user(dst, src + off, len)) {
1335 add_token_u8(&err, dev, OPAL_ENDNAME);
1339 err = finalize_and_send(dev, parse_and_check_status);
1349 static int generic_lr_enable_disable(struct opal_dev *dev,
1350 u8 *uid, bool rle, bool wle,
1355 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1357 add_token_u8(&err, dev, OPAL_STARTNAME);
1358 add_token_u8(&err, dev, OPAL_VALUES);
1359 add_token_u8(&err, dev, OPAL_STARTLIST);
1361 add_token_u8(&err, dev, OPAL_STARTNAME);
1362 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1363 add_token_u8(&err, dev, rle);
1364 add_token_u8(&err, dev, OPAL_ENDNAME);
1366 add_token_u8(&err, dev, OPAL_STARTNAME);
1367 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1368 add_token_u8(&err, dev, wle);
1369 add_token_u8(&err, dev, OPAL_ENDNAME);
1371 add_token_u8(&err, dev, OPAL_STARTNAME);
1372 add_token_u8(&err, dev, OPAL_READLOCKED);
1373 add_token_u8(&err, dev, rl);
1374 add_token_u8(&err, dev, OPAL_ENDNAME);
1376 add_token_u8(&err, dev, OPAL_STARTNAME);
1377 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1378 add_token_u8(&err, dev, wl);
1379 add_token_u8(&err, dev, OPAL_ENDNAME);
1381 add_token_u8(&err, dev, OPAL_ENDLIST);
1382 add_token_u8(&err, dev, OPAL_ENDNAME);
1387 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1388 struct opal_user_lr_setup *setup)
1392 err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1395 pr_debug("Failed to create enable global lr command\n");
1400 static int setup_locking_range(struct opal_dev *dev, void *data)
1402 u8 uid[OPAL_UID_LENGTH];
1403 struct opal_user_lr_setup *setup = data;
1407 lr = setup->session.opal_key.lr;
1408 err = build_locking_range(uid, sizeof(uid), lr);
1413 err = enable_global_lr(dev, uid, setup);
1415 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1417 add_token_u8(&err, dev, OPAL_STARTNAME);
1418 add_token_u8(&err, dev, OPAL_VALUES);
1419 add_token_u8(&err, dev, OPAL_STARTLIST);
1421 add_token_u8(&err, dev, OPAL_STARTNAME);
1422 add_token_u8(&err, dev, OPAL_RANGESTART);
1423 add_token_u64(&err, dev, setup->range_start);
1424 add_token_u8(&err, dev, OPAL_ENDNAME);
1426 add_token_u8(&err, dev, OPAL_STARTNAME);
1427 add_token_u8(&err, dev, OPAL_RANGELENGTH);
1428 add_token_u64(&err, dev, setup->range_length);
1429 add_token_u8(&err, dev, OPAL_ENDNAME);
1431 add_token_u8(&err, dev, OPAL_STARTNAME);
1432 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1433 add_token_u64(&err, dev, !!setup->RLE);
1434 add_token_u8(&err, dev, OPAL_ENDNAME);
1436 add_token_u8(&err, dev, OPAL_STARTNAME);
1437 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1438 add_token_u64(&err, dev, !!setup->WLE);
1439 add_token_u8(&err, dev, OPAL_ENDNAME);
1441 add_token_u8(&err, dev, OPAL_ENDLIST);
1442 add_token_u8(&err, dev, OPAL_ENDNAME);
1445 pr_debug("Error building Setup Locking range command.\n");
1449 return finalize_and_send(dev, parse_and_check_status);
1452 static int response_get_column(const struct parsed_resp *resp,
1457 const struct opal_resp_tok *tok;
1461 tok = response_get_token(resp, n);
1463 return PTR_ERR(tok);
1465 if (!response_token_matches(tok, OPAL_STARTNAME)) {
1466 pr_debug("Unexpected response token type %d.\n", n);
1467 return OPAL_INVAL_PARAM;
1471 if (response_get_u64(resp, n) != column) {
1472 pr_debug("Token %d does not match expected column %u.\n",
1474 return OPAL_INVAL_PARAM;
1478 val = response_get_u64(resp, n);
1481 tok = response_get_token(resp, n);
1483 return PTR_ERR(tok);
1485 if (!response_token_matches(tok, OPAL_ENDNAME)) {
1486 pr_debug("Unexpected response token type %d.\n", n);
1487 return OPAL_INVAL_PARAM;
1497 static int locking_range_status(struct opal_dev *dev, void *data)
1499 u8 lr_buffer[OPAL_UID_LENGTH];
1501 bool rlocked, wlocked;
1503 struct opal_lr_status *lrst = data;
1505 err = build_locking_range(lr_buffer, sizeof(lr_buffer),
1506 lrst->session.opal_key.lr);
1510 err = generic_get_columns(dev, lr_buffer, OPAL_RANGESTART,
1513 pr_debug("Couldn't get lr %u table columns %d to %d.\n",
1514 lrst->session.opal_key.lr, OPAL_RANGESTART,
1520 err = response_get_column(&dev->parsed, &tok_n, OPAL_RANGESTART,
1521 &lrst->range_start);
1526 err = response_get_column(&dev->parsed, &tok_n, OPAL_RANGELENGTH,
1527 &lrst->range_length);
1532 err = response_get_column(&dev->parsed, &tok_n, OPAL_READLOCKENABLED,
1540 err = response_get_column(&dev->parsed, &tok_n, OPAL_WRITELOCKENABLED,
1548 err = response_get_column(&dev->parsed, &tok_n, OPAL_READLOCKED, &resp);
1555 err = response_get_column(&dev->parsed, &tok_n, OPAL_WRITELOCKED, &resp);
1561 /* opal_lock_state can not map 'read locked' only state. */
1562 lrst->l_state = OPAL_RW;
1563 if (rlocked && wlocked)
1564 lrst->l_state = OPAL_LK;
1566 lrst->l_state = OPAL_RO;
1568 pr_debug("Can not report read locked only state.\n");
1575 static int start_generic_opal_session(struct opal_dev *dev,
1577 enum opal_uid sp_type,
1584 if (key == NULL && auth != OPAL_ANYBODY_UID)
1585 return OPAL_INVAL_PARAM;
1587 hsn = GENERIC_HOST_SESSION_NUM;
1588 err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1589 opalmethod[OPAL_STARTSESSION]);
1591 add_token_u64(&err, dev, hsn);
1592 add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1593 add_token_u8(&err, dev, 1);
1596 case OPAL_ANYBODY_UID:
1598 case OPAL_ADMIN1_UID:
1601 add_token_u8(&err, dev, OPAL_STARTNAME);
1602 add_token_u8(&err, dev, 0); /* HostChallenge */
1603 add_token_bytestring(&err, dev, key, key_len);
1604 add_token_u8(&err, dev, OPAL_ENDNAME);
1605 add_token_u8(&err, dev, OPAL_STARTNAME);
1606 add_token_u8(&err, dev, 3); /* HostSignAuth */
1607 add_token_bytestring(&err, dev, opaluid[auth],
1609 add_token_u8(&err, dev, OPAL_ENDNAME);
1612 pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1613 return OPAL_INVAL_PARAM;
1617 pr_debug("Error building start adminsp session command.\n");
1621 return finalize_and_send(dev, start_opal_session_cont);
1624 static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1626 return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1627 OPAL_ADMINSP_UID, NULL, 0);
1630 static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1633 const u8 *key = dev->prev_data;
1636 const struct opal_key *okey = data;
1638 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1643 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1645 key, dev->prev_d_len);
1647 dev->prev_data = NULL;
1653 static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1655 struct opal_key *key = data;
1657 return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1659 key->key, key->key_len);
1662 static int start_PSID_opal_session(struct opal_dev *dev, void *data)
1664 const struct opal_key *okey = data;
1666 return start_generic_opal_session(dev, OPAL_PSID_UID,
1672 static int start_auth_opal_session(struct opal_dev *dev, void *data)
1674 struct opal_session_info *session = data;
1675 u8 lk_ul_user[OPAL_UID_LENGTH];
1676 size_t keylen = session->opal_key.key_len;
1679 u8 *key = session->opal_key.key;
1680 u32 hsn = GENERIC_HOST_SESSION_NUM;
1683 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1684 session->opal_key.lr);
1685 else if (session->who != OPAL_ADMIN1 && !session->sum)
1686 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1689 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1694 err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1695 opalmethod[OPAL_STARTSESSION]);
1697 add_token_u64(&err, dev, hsn);
1698 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1700 add_token_u8(&err, dev, 1);
1701 add_token_u8(&err, dev, OPAL_STARTNAME);
1702 add_token_u8(&err, dev, 0);
1703 add_token_bytestring(&err, dev, key, keylen);
1704 add_token_u8(&err, dev, OPAL_ENDNAME);
1705 add_token_u8(&err, dev, OPAL_STARTNAME);
1706 add_token_u8(&err, dev, 3);
1707 add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1708 add_token_u8(&err, dev, OPAL_ENDNAME);
1711 pr_debug("Error building STARTSESSION command.\n");
1715 return finalize_and_send(dev, start_opal_session_cont);
1718 static int revert_tper(struct opal_dev *dev, void *data)
1722 err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID],
1723 opalmethod[OPAL_REVERT]);
1725 pr_debug("Error building REVERT TPER command.\n");
1729 return finalize_and_send(dev, parse_and_check_status);
1732 static int internal_activate_user(struct opal_dev *dev, void *data)
1734 struct opal_session_info *session = data;
1735 u8 uid[OPAL_UID_LENGTH];
1738 memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1739 uid[7] = session->who;
1741 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1742 add_token_u8(&err, dev, OPAL_STARTNAME);
1743 add_token_u8(&err, dev, OPAL_VALUES);
1744 add_token_u8(&err, dev, OPAL_STARTLIST);
1745 add_token_u8(&err, dev, OPAL_STARTNAME);
1746 add_token_u8(&err, dev, 5); /* Enabled */
1747 add_token_u8(&err, dev, OPAL_TRUE);
1748 add_token_u8(&err, dev, OPAL_ENDNAME);
1749 add_token_u8(&err, dev, OPAL_ENDLIST);
1750 add_token_u8(&err, dev, OPAL_ENDNAME);
1753 pr_debug("Error building Activate UserN command.\n");
1757 return finalize_and_send(dev, parse_and_check_status);
1760 static int erase_locking_range(struct opal_dev *dev, void *data)
1762 struct opal_session_info *session = data;
1763 u8 uid[OPAL_UID_LENGTH];
1766 if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1769 err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]);
1772 pr_debug("Error building Erase Locking Range Command.\n");
1776 return finalize_and_send(dev, parse_and_check_status);
1779 static int set_mbr_done(struct opal_dev *dev, void *data)
1781 u8 *mbr_done_tf = data;
1784 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1785 opalmethod[OPAL_SET]);
1787 add_token_u8(&err, dev, OPAL_STARTNAME);
1788 add_token_u8(&err, dev, OPAL_VALUES);
1789 add_token_u8(&err, dev, OPAL_STARTLIST);
1790 add_token_u8(&err, dev, OPAL_STARTNAME);
1791 add_token_u8(&err, dev, OPAL_MBRDONE);
1792 add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */
1793 add_token_u8(&err, dev, OPAL_ENDNAME);
1794 add_token_u8(&err, dev, OPAL_ENDLIST);
1795 add_token_u8(&err, dev, OPAL_ENDNAME);
1798 pr_debug("Error Building set MBR Done command\n");
1802 return finalize_and_send(dev, parse_and_check_status);
1805 static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1807 u8 *mbr_en_dis = data;
1810 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1811 opalmethod[OPAL_SET]);
1813 add_token_u8(&err, dev, OPAL_STARTNAME);
1814 add_token_u8(&err, dev, OPAL_VALUES);
1815 add_token_u8(&err, dev, OPAL_STARTLIST);
1816 add_token_u8(&err, dev, OPAL_STARTNAME);
1817 add_token_u8(&err, dev, OPAL_MBRENABLE);
1818 add_token_u8(&err, dev, *mbr_en_dis);
1819 add_token_u8(&err, dev, OPAL_ENDNAME);
1820 add_token_u8(&err, dev, OPAL_ENDLIST);
1821 add_token_u8(&err, dev, OPAL_ENDNAME);
1824 pr_debug("Error Building set MBR done command\n");
1828 return finalize_and_send(dev, parse_and_check_status);
1831 static int write_shadow_mbr(struct opal_dev *dev, void *data)
1833 struct opal_shadow_mbr *shadow = data;
1835 return generic_table_write_data(dev, shadow->data, shadow->offset,
1836 shadow->size, opaluid[OPAL_MBR]);
1839 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1840 struct opal_dev *dev)
1844 err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]);
1846 add_token_u8(&err, dev, OPAL_STARTNAME);
1847 add_token_u8(&err, dev, OPAL_VALUES);
1848 add_token_u8(&err, dev, OPAL_STARTLIST);
1849 add_token_u8(&err, dev, OPAL_STARTNAME);
1850 add_token_u8(&err, dev, OPAL_PIN);
1851 add_token_bytestring(&err, dev, key, key_len);
1852 add_token_u8(&err, dev, OPAL_ENDNAME);
1853 add_token_u8(&err, dev, OPAL_ENDLIST);
1854 add_token_u8(&err, dev, OPAL_ENDNAME);
1859 static int set_new_pw(struct opal_dev *dev, void *data)
1861 u8 cpin_uid[OPAL_UID_LENGTH];
1862 struct opal_session_info *usr = data;
1864 memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1866 if (usr->who != OPAL_ADMIN1) {
1869 cpin_uid[7] = usr->opal_key.lr + 1;
1871 cpin_uid[7] = usr->who;
1874 if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
1876 pr_debug("Error building set password command.\n");
1880 return finalize_and_send(dev, parse_and_check_status);
1883 static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
1885 u8 cpin_uid[OPAL_UID_LENGTH];
1886 struct opal_key *key = data;
1888 memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
1890 if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
1891 pr_debug("Error building Set SID cpin\n");
1894 return finalize_and_send(dev, parse_and_check_status);
1897 static void add_authority_object_ref(int *err,
1898 struct opal_dev *dev,
1902 add_token_u8(err, dev, OPAL_STARTNAME);
1903 add_token_bytestring(err, dev,
1904 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1906 add_token_bytestring(err, dev, uid, uid_len);
1907 add_token_u8(err, dev, OPAL_ENDNAME);
1910 static void add_boolean_object_ref(int *err,
1911 struct opal_dev *dev,
1914 add_token_u8(err, dev, OPAL_STARTNAME);
1915 add_token_bytestring(err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
1917 add_token_u8(err, dev, boolean_op);
1918 add_token_u8(err, dev, OPAL_ENDNAME);
1921 static int set_lr_boolean_ace(struct opal_dev *dev,
1922 unsigned int opal_uid,
1927 u8 lr_buffer[OPAL_UID_LENGTH];
1928 u8 user_uid[OPAL_UID_LENGTH];
1932 memcpy(lr_buffer, opaluid[opal_uid], OPAL_UID_LENGTH);
1935 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1937 add_token_u8(&err, dev, OPAL_STARTNAME);
1938 add_token_u8(&err, dev, OPAL_VALUES);
1940 add_token_u8(&err, dev, OPAL_STARTLIST);
1941 add_token_u8(&err, dev, OPAL_STARTNAME);
1942 add_token_u8(&err, dev, 3);
1944 add_token_u8(&err, dev, OPAL_STARTLIST);
1946 for (u = 0; u < users_len; u++) {
1947 if (users[u] == OPAL_ADMIN1)
1948 memcpy(user_uid, opaluid[OPAL_ADMIN1_UID],
1951 memcpy(user_uid, opaluid[OPAL_USER1_UID],
1953 user_uid[7] = users[u];
1956 add_authority_object_ref(&err, dev, user_uid, sizeof(user_uid));
1959 * Add boolean operator in postfix only with
1960 * two or more authorities being added in ACE
1964 add_boolean_object_ref(&err, dev, OPAL_BOOLEAN_OR);
1967 add_token_u8(&err, dev, OPAL_ENDLIST);
1968 add_token_u8(&err, dev, OPAL_ENDNAME);
1969 add_token_u8(&err, dev, OPAL_ENDLIST);
1970 add_token_u8(&err, dev, OPAL_ENDNAME);
1975 static int add_user_to_lr(struct opal_dev *dev, void *data)
1978 struct opal_lock_unlock *lkul = data;
1979 const u8 users[] = {
1983 err = set_lr_boolean_ace(dev,
1984 lkul->l_state == OPAL_RW ?
1985 OPAL_LOCKINGRANGE_ACE_WRLOCKED :
1986 OPAL_LOCKINGRANGE_ACE_RDLOCKED,
1987 lkul->session.opal_key.lr, users,
1990 pr_debug("Error building add user to locking range command.\n");
1994 return finalize_and_send(dev, parse_and_check_status);
1997 static int add_user_to_lr_ace(struct opal_dev *dev, void *data)
2000 struct opal_lock_unlock *lkul = data;
2001 const u8 users[] = {
2006 err = set_lr_boolean_ace(dev, OPAL_LOCKINGRANGE_ACE_START_TO_KEY,
2007 lkul->session.opal_key.lr, users,
2011 pr_debug("Error building add user to locking ranges ACEs.\n");
2015 return finalize_and_send(dev, parse_and_check_status);
2018 static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
2020 u8 lr_buffer[OPAL_UID_LENGTH];
2021 struct opal_lock_unlock *lkul = data;
2022 u8 read_locked = 1, write_locked = 1;
2025 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
2026 lkul->session.opal_key.lr) < 0)
2029 switch (lkul->l_state) {
2039 /* vars are initialized to locked */
2042 pr_debug("Tried to set an invalid locking state... returning to uland\n");
2043 return OPAL_INVAL_PARAM;
2046 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
2048 add_token_u8(&err, dev, OPAL_STARTNAME);
2049 add_token_u8(&err, dev, OPAL_VALUES);
2050 add_token_u8(&err, dev, OPAL_STARTLIST);
2052 add_token_u8(&err, dev, OPAL_STARTNAME);
2053 add_token_u8(&err, dev, OPAL_READLOCKED);
2054 add_token_u8(&err, dev, read_locked);
2055 add_token_u8(&err, dev, OPAL_ENDNAME);
2057 add_token_u8(&err, dev, OPAL_STARTNAME);
2058 add_token_u8(&err, dev, OPAL_WRITELOCKED);
2059 add_token_u8(&err, dev, write_locked);
2060 add_token_u8(&err, dev, OPAL_ENDNAME);
2062 add_token_u8(&err, dev, OPAL_ENDLIST);
2063 add_token_u8(&err, dev, OPAL_ENDNAME);
2066 pr_debug("Error building SET command.\n");
2070 return finalize_and_send(dev, parse_and_check_status);
2074 static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
2076 u8 lr_buffer[OPAL_UID_LENGTH];
2077 u8 read_locked = 1, write_locked = 1;
2078 struct opal_lock_unlock *lkul = data;
2081 clear_opal_cmd(dev);
2082 set_comid(dev, dev->comid);
2084 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
2085 lkul->session.opal_key.lr) < 0)
2088 switch (lkul->l_state) {
2098 /* vars are initialized to locked */
2101 pr_debug("Tried to set an invalid locking state.\n");
2102 return OPAL_INVAL_PARAM;
2104 ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
2105 read_locked, write_locked);
2108 pr_debug("Error building SET command.\n");
2112 return finalize_and_send(dev, parse_and_check_status);
2115 static int activate_lsp(struct opal_dev *dev, void *data)
2117 struct opal_lr_act *opal_act = data;
2118 u8 user_lr[OPAL_UID_LENGTH];
2121 err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID],
2122 opalmethod[OPAL_ACTIVATE]);
2124 if (opal_act->sum) {
2125 err = build_locking_range(user_lr, sizeof(user_lr),
2130 add_token_u8(&err, dev, OPAL_STARTNAME);
2131 add_token_u64(&err, dev, OPAL_SUM_SET_LIST);
2133 add_token_u8(&err, dev, OPAL_STARTLIST);
2134 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
2135 for (i = 1; i < opal_act->num_lrs; i++) {
2136 user_lr[7] = opal_act->lr[i];
2137 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
2139 add_token_u8(&err, dev, OPAL_ENDLIST);
2140 add_token_u8(&err, dev, OPAL_ENDNAME);
2144 pr_debug("Error building Activate LockingSP command.\n");
2148 return finalize_and_send(dev, parse_and_check_status);
2151 /* Determine if we're in the Manufactured Inactive or Active state */
2152 static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
2157 err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID],
2162 lc_status = response_get_u64(&dev->parsed, 4);
2163 /* 0x08 is Manufactured Inactive */
2164 /* 0x09 is Manufactured */
2165 if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
2166 pr_debug("Couldn't determine the status of the Lifecycle state\n");
2173 static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
2175 const char *msid_pin;
2179 err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN);
2183 strlen = response_get_string(&dev->parsed, 4, &msid_pin);
2185 pr_debug("Couldn't extract MSID_CPIN from response\n");
2186 return OPAL_INVAL_PARAM;
2189 dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
2190 if (!dev->prev_data)
2193 dev->prev_d_len = strlen;
2198 static int write_table_data(struct opal_dev *dev, void *data)
2200 struct opal_read_write_table *write_tbl = data;
2202 return generic_table_write_data(dev, write_tbl->data, write_tbl->offset,
2203 write_tbl->size, write_tbl->table_uid);
2206 static int read_table_data_cont(struct opal_dev *dev)
2209 const char *data_read;
2211 err = parse_and_check_status(dev);
2215 dev->prev_d_len = response_get_string(&dev->parsed, 1, &data_read);
2216 dev->prev_data = (void *)data_read;
2217 if (!dev->prev_data) {
2218 pr_debug("%s: Couldn't read data from the table.\n", __func__);
2219 return OPAL_INVAL_PARAM;
2226 * IO_BUFFER_LENGTH = 2048
2227 * sizeof(header) = 56
2228 * No. of Token Bytes in the Response = 11
2229 * MAX size of data that can be carried in response buffer
2230 * at a time is : 2048 - (56 + 11) = 1981 = 0x7BD.
2232 #define OPAL_MAX_READ_TABLE (0x7BD)
2234 static int read_table_data(struct opal_dev *dev, void *data)
2236 struct opal_read_write_table *read_tbl = data;
2238 size_t off = 0, max_read_size = OPAL_MAX_READ_TABLE;
2240 u64 offset = read_tbl->offset, read_size = read_tbl->size - 1;
2243 err = generic_get_table_info(dev, read_tbl->table_uid, OPAL_TABLE_ROWS);
2245 pr_debug("Couldn't get the table size\n");
2249 table_len = response_get_u64(&dev->parsed, 4);
2251 /* Check if the user is trying to read from the table limits */
2252 if (read_size > table_len || offset > table_len - read_size) {
2253 pr_debug("Read size exceeds the Table size limits (%llu vs. %llu)\n",
2254 offset + read_size, table_len);
2258 while (off < read_size) {
2259 err = cmd_start(dev, read_tbl->table_uid, opalmethod[OPAL_GET]);
2261 add_token_u8(&err, dev, OPAL_STARTLIST);
2262 add_token_u8(&err, dev, OPAL_STARTNAME);
2263 add_token_u8(&err, dev, OPAL_STARTROW);
2264 add_token_u64(&err, dev, offset + off); /* start row value */
2265 add_token_u8(&err, dev, OPAL_ENDNAME);
2267 add_token_u8(&err, dev, OPAL_STARTNAME);
2268 add_token_u8(&err, dev, OPAL_ENDROW);
2270 len = min(max_read_size, (size_t)(read_size - off));
2271 add_token_u64(&err, dev, offset + off + len); /* end row value
2273 add_token_u8(&err, dev, OPAL_ENDNAME);
2274 add_token_u8(&err, dev, OPAL_ENDLIST);
2277 pr_debug("Error building read table data command.\n");
2281 err = finalize_and_send(dev, read_table_data_cont);
2285 /* len+1: This includes the NULL terminator at the end*/
2286 if (dev->prev_d_len > len + 1) {
2291 dst = (u8 __user *)(uintptr_t)read_tbl->data;
2292 if (copy_to_user(dst + off, dev->prev_data, dev->prev_d_len)) {
2293 pr_debug("Error copying data to userspace\n");
2297 dev->prev_data = NULL;
2305 static int end_opal_session(struct opal_dev *dev, void *data)
2309 clear_opal_cmd(dev);
2310 set_comid(dev, dev->comid);
2311 add_token_u8(&err, dev, OPAL_ENDOFSESSION);
2316 return finalize_and_send(dev, end_session_cont);
2319 static int end_opal_session_error(struct opal_dev *dev)
2321 const struct opal_step error_end_session = {
2325 return execute_step(dev, &error_end_session, 0);
2328 static inline void setup_opal_dev(struct opal_dev *dev)
2332 dev->prev_data = NULL;
2335 static int check_opal_support(struct opal_dev *dev)
2339 mutex_lock(&dev->dev_lock);
2340 setup_opal_dev(dev);
2341 ret = opal_discovery0_step(dev);
2343 dev->flags |= OPAL_FL_SUPPORTED;
2344 mutex_unlock(&dev->dev_lock);
2349 static void clean_opal_dev(struct opal_dev *dev)
2352 struct opal_suspend_data *suspend, *next;
2354 mutex_lock(&dev->dev_lock);
2355 list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
2356 list_del(&suspend->node);
2359 mutex_unlock(&dev->dev_lock);
2362 void free_opal_dev(struct opal_dev *dev)
2367 clean_opal_dev(dev);
2372 EXPORT_SYMBOL(free_opal_dev);
2374 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2376 struct opal_dev *dev;
2378 dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2383 * Presumably DMA-able buffers must be cache-aligned. Kmalloc makes
2384 * sure the allocated buffer is DMA-safe in that regard.
2386 dev->cmd = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2390 dev->resp = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2394 INIT_LIST_HEAD(&dev->unlk_lst);
2395 mutex_init(&dev->dev_lock);
2398 dev->send_recv = send_recv;
2399 if (check_opal_support(dev) != 0) {
2400 pr_debug("Opal is not supported on this device\n");
2417 EXPORT_SYMBOL(init_opal_dev);
2419 static int opal_secure_erase_locking_range(struct opal_dev *dev,
2420 struct opal_session_info *opal_session)
2422 const struct opal_step erase_steps[] = {
2423 { start_auth_opal_session, opal_session },
2424 { get_active_key, &opal_session->opal_key.lr },
2426 { end_opal_session, }
2430 mutex_lock(&dev->dev_lock);
2431 setup_opal_dev(dev);
2432 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2433 mutex_unlock(&dev->dev_lock);
2438 static int opal_erase_locking_range(struct opal_dev *dev,
2439 struct opal_session_info *opal_session)
2441 const struct opal_step erase_steps[] = {
2442 { start_auth_opal_session, opal_session },
2443 { erase_locking_range, opal_session },
2444 { end_opal_session, }
2448 mutex_lock(&dev->dev_lock);
2449 setup_opal_dev(dev);
2450 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2451 mutex_unlock(&dev->dev_lock);
2456 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2457 struct opal_mbr_data *opal_mbr)
2459 u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ?
2460 OPAL_TRUE : OPAL_FALSE;
2462 const struct opal_step mbr_steps[] = {
2463 { start_admin1LSP_opal_session, &opal_mbr->key },
2464 { set_mbr_done, &enable_disable },
2465 { end_opal_session, },
2466 { start_admin1LSP_opal_session, &opal_mbr->key },
2467 { set_mbr_enable_disable, &enable_disable },
2468 { end_opal_session, }
2472 if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2473 opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2476 mutex_lock(&dev->dev_lock);
2477 setup_opal_dev(dev);
2478 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2479 mutex_unlock(&dev->dev_lock);
2484 static int opal_set_mbr_done(struct opal_dev *dev,
2485 struct opal_mbr_done *mbr_done)
2487 u8 mbr_done_tf = mbr_done->done_flag == OPAL_MBR_DONE ?
2488 OPAL_TRUE : OPAL_FALSE;
2490 const struct opal_step mbr_steps[] = {
2491 { start_admin1LSP_opal_session, &mbr_done->key },
2492 { set_mbr_done, &mbr_done_tf },
2493 { end_opal_session, }
2497 if (mbr_done->done_flag != OPAL_MBR_DONE &&
2498 mbr_done->done_flag != OPAL_MBR_NOT_DONE)
2501 mutex_lock(&dev->dev_lock);
2502 setup_opal_dev(dev);
2503 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2504 mutex_unlock(&dev->dev_lock);
2509 static int opal_write_shadow_mbr(struct opal_dev *dev,
2510 struct opal_shadow_mbr *info)
2512 const struct opal_step mbr_steps[] = {
2513 { start_admin1LSP_opal_session, &info->key },
2514 { write_shadow_mbr, info },
2515 { end_opal_session, }
2519 if (info->size == 0)
2522 mutex_lock(&dev->dev_lock);
2523 setup_opal_dev(dev);
2524 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2525 mutex_unlock(&dev->dev_lock);
2530 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2532 struct opal_suspend_data *suspend;
2534 suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2538 suspend->unlk = *lk_unlk;
2539 suspend->lr = lk_unlk->session.opal_key.lr;
2541 mutex_lock(&dev->dev_lock);
2542 setup_opal_dev(dev);
2543 add_suspend_info(dev, suspend);
2544 mutex_unlock(&dev->dev_lock);
2549 static int opal_add_user_to_lr(struct opal_dev *dev,
2550 struct opal_lock_unlock *lk_unlk)
2552 const struct opal_step steps[] = {
2553 { start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2554 { add_user_to_lr, lk_unlk },
2555 { add_user_to_lr_ace, lk_unlk },
2556 { end_opal_session, }
2560 if (lk_unlk->l_state != OPAL_RO &&
2561 lk_unlk->l_state != OPAL_RW) {
2562 pr_debug("Locking state was not RO or RW\n");
2566 if (lk_unlk->session.who < OPAL_USER1 ||
2567 lk_unlk->session.who > OPAL_USER9) {
2568 pr_debug("Authority was not within the range of users: %d\n",
2569 lk_unlk->session.who);
2573 if (lk_unlk->session.sum) {
2574 pr_debug("%s not supported in sum. Use setup locking range\n",
2579 mutex_lock(&dev->dev_lock);
2580 setup_opal_dev(dev);
2581 ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2582 mutex_unlock(&dev->dev_lock);
2587 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psid)
2589 /* controller will terminate session */
2590 const struct opal_step revert_steps[] = {
2591 { start_SIDASP_opal_session, opal },
2594 const struct opal_step psid_revert_steps[] = {
2595 { start_PSID_opal_session, opal },
2601 mutex_lock(&dev->dev_lock);
2602 setup_opal_dev(dev);
2604 ret = execute_steps(dev, psid_revert_steps,
2605 ARRAY_SIZE(psid_revert_steps));
2607 ret = execute_steps(dev, revert_steps,
2608 ARRAY_SIZE(revert_steps));
2609 mutex_unlock(&dev->dev_lock);
2612 * If we successfully reverted lets clean
2613 * any saved locking ranges.
2616 clean_opal_dev(dev);
2621 static int __opal_lock_unlock(struct opal_dev *dev,
2622 struct opal_lock_unlock *lk_unlk)
2624 const struct opal_step unlock_steps[] = {
2625 { start_auth_opal_session, &lk_unlk->session },
2626 { lock_unlock_locking_range, lk_unlk },
2627 { end_opal_session, }
2629 const struct opal_step unlock_sum_steps[] = {
2630 { start_auth_opal_session, &lk_unlk->session },
2631 { lock_unlock_locking_range_sum, lk_unlk },
2632 { end_opal_session, }
2635 if (lk_unlk->session.sum)
2636 return execute_steps(dev, unlock_sum_steps,
2637 ARRAY_SIZE(unlock_sum_steps));
2639 return execute_steps(dev, unlock_steps,
2640 ARRAY_SIZE(unlock_steps));
2643 static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2645 u8 mbr_done_tf = OPAL_TRUE;
2646 const struct opal_step mbrdone_step[] = {
2647 { start_admin1LSP_opal_session, key },
2648 { set_mbr_done, &mbr_done_tf },
2649 { end_opal_session, }
2652 return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step));
2655 static void opal_lock_check_for_saved_key(struct opal_dev *dev,
2656 struct opal_lock_unlock *lk_unlk)
2658 struct opal_suspend_data *iter;
2660 if (lk_unlk->l_state != OPAL_LK ||
2661 lk_unlk->session.opal_key.key_len > 0)
2665 * Usually when closing a crypto device (eg: dm-crypt with LUKS) the
2666 * volume key is not required, as it requires root privileges anyway,
2667 * and root can deny access to a disk in many ways regardless.
2668 * Requiring the volume key to lock the device is a peculiarity of the
2669 * OPAL specification. Given we might already have saved the key if
2670 * the user requested it via the 'IOC_OPAL_SAVE' ioctl, we can use
2671 * that key to lock the device if no key was provided here, the
2672 * locking range matches and the appropriate flag was passed with
2674 * This allows integrating OPAL with tools and libraries that are used
2675 * to the common behaviour and do not ask for the volume key when
2678 setup_opal_dev(dev);
2679 list_for_each_entry(iter, &dev->unlk_lst, node) {
2680 if ((iter->unlk.flags & OPAL_SAVE_FOR_LOCK) &&
2681 iter->lr == lk_unlk->session.opal_key.lr &&
2682 iter->unlk.session.opal_key.key_len > 0) {
2683 lk_unlk->session.opal_key.key_len =
2684 iter->unlk.session.opal_key.key_len;
2685 memcpy(lk_unlk->session.opal_key.key,
2686 iter->unlk.session.opal_key.key,
2687 iter->unlk.session.opal_key.key_len);
2693 static int opal_lock_unlock(struct opal_dev *dev,
2694 struct opal_lock_unlock *lk_unlk)
2698 if (lk_unlk->session.who > OPAL_USER9)
2701 mutex_lock(&dev->dev_lock);
2702 opal_lock_check_for_saved_key(dev, lk_unlk);
2703 ret = __opal_lock_unlock(dev, lk_unlk);
2704 mutex_unlock(&dev->dev_lock);
2709 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2711 const struct opal_step owner_steps[] = {
2712 { start_anybodyASP_opal_session, },
2713 { get_msid_cpin_pin, },
2714 { end_opal_session, },
2715 { start_SIDASP_opal_session, opal },
2716 { set_sid_cpin_pin, opal },
2717 { end_opal_session, }
2724 mutex_lock(&dev->dev_lock);
2725 setup_opal_dev(dev);
2726 ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
2727 mutex_unlock(&dev->dev_lock);
2732 static int opal_activate_lsp(struct opal_dev *dev,
2733 struct opal_lr_act *opal_lr_act)
2735 const struct opal_step active_steps[] = {
2736 { start_SIDASP_opal_session, &opal_lr_act->key },
2737 { get_lsp_lifecycle, },
2738 { activate_lsp, opal_lr_act },
2739 { end_opal_session, }
2743 if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2746 mutex_lock(&dev->dev_lock);
2747 setup_opal_dev(dev);
2748 ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
2749 mutex_unlock(&dev->dev_lock);
2754 static int opal_setup_locking_range(struct opal_dev *dev,
2755 struct opal_user_lr_setup *opal_lrs)
2757 const struct opal_step lr_steps[] = {
2758 { start_auth_opal_session, &opal_lrs->session },
2759 { setup_locking_range, opal_lrs },
2760 { end_opal_session, }
2764 mutex_lock(&dev->dev_lock);
2765 setup_opal_dev(dev);
2766 ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2767 mutex_unlock(&dev->dev_lock);
2772 static int opal_locking_range_status(struct opal_dev *dev,
2773 struct opal_lr_status *opal_lrst,
2776 const struct opal_step lr_steps[] = {
2777 { start_auth_opal_session, &opal_lrst->session },
2778 { locking_range_status, opal_lrst },
2779 { end_opal_session, }
2783 mutex_lock(&dev->dev_lock);
2784 setup_opal_dev(dev);
2785 ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2786 mutex_unlock(&dev->dev_lock);
2788 /* skip session info when copying back to uspace */
2789 if (!ret && copy_to_user(data + offsetof(struct opal_lr_status, range_start),
2790 (void *)opal_lrst + offsetof(struct opal_lr_status, range_start),
2791 sizeof(*opal_lrst) - offsetof(struct opal_lr_status, range_start))) {
2792 pr_debug("Error copying status to userspace\n");
2799 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
2801 const struct opal_step pw_steps[] = {
2802 { start_auth_opal_session, &opal_pw->session },
2803 { set_new_pw, &opal_pw->new_user_pw },
2804 { end_opal_session, }
2808 if (opal_pw->session.who > OPAL_USER9 ||
2809 opal_pw->new_user_pw.who > OPAL_USER9)
2812 mutex_lock(&dev->dev_lock);
2813 setup_opal_dev(dev);
2814 ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
2815 mutex_unlock(&dev->dev_lock);
2820 static int opal_activate_user(struct opal_dev *dev,
2821 struct opal_session_info *opal_session)
2823 const struct opal_step act_steps[] = {
2824 { start_admin1LSP_opal_session, &opal_session->opal_key },
2825 { internal_activate_user, opal_session },
2826 { end_opal_session, }
2830 /* We can't activate Admin1 it's active as manufactured */
2831 if (opal_session->who < OPAL_USER1 ||
2832 opal_session->who > OPAL_USER9) {
2833 pr_debug("Who was not a valid user: %d\n", opal_session->who);
2837 mutex_lock(&dev->dev_lock);
2838 setup_opal_dev(dev);
2839 ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
2840 mutex_unlock(&dev->dev_lock);
2845 bool opal_unlock_from_suspend(struct opal_dev *dev)
2847 struct opal_suspend_data *suspend;
2848 bool was_failure = false;
2854 if (!(dev->flags & OPAL_FL_SUPPORTED))
2857 mutex_lock(&dev->dev_lock);
2858 setup_opal_dev(dev);
2860 list_for_each_entry(suspend, &dev->unlk_lst, node) {
2864 ret = __opal_lock_unlock(dev, &suspend->unlk);
2866 pr_debug("Failed to unlock LR %hhu with sum %d\n",
2867 suspend->unlk.session.opal_key.lr,
2868 suspend->unlk.session.sum);
2872 if (dev->flags & OPAL_FL_MBR_ENABLED) {
2873 ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
2875 pr_debug("Failed to set MBR Done in S3 resume\n");
2878 mutex_unlock(&dev->dev_lock);
2882 EXPORT_SYMBOL(opal_unlock_from_suspend);
2884 static int opal_read_table(struct opal_dev *dev,
2885 struct opal_read_write_table *rw_tbl)
2887 const struct opal_step read_table_steps[] = {
2888 { start_admin1LSP_opal_session, &rw_tbl->key },
2889 { read_table_data, rw_tbl },
2890 { end_opal_session, }
2897 return execute_steps(dev, read_table_steps,
2898 ARRAY_SIZE(read_table_steps));
2901 static int opal_write_table(struct opal_dev *dev,
2902 struct opal_read_write_table *rw_tbl)
2904 const struct opal_step write_table_steps[] = {
2905 { start_admin1LSP_opal_session, &rw_tbl->key },
2906 { write_table_data, rw_tbl },
2907 { end_opal_session, }
2914 return execute_steps(dev, write_table_steps,
2915 ARRAY_SIZE(write_table_steps));
2918 static int opal_generic_read_write_table(struct opal_dev *dev,
2919 struct opal_read_write_table *rw_tbl)
2923 mutex_lock(&dev->dev_lock);
2924 setup_opal_dev(dev);
2926 bit_set = fls64(rw_tbl->flags) - 1;
2928 case OPAL_READ_TABLE:
2929 ret = opal_read_table(dev, rw_tbl);
2931 case OPAL_WRITE_TABLE:
2932 ret = opal_write_table(dev, rw_tbl);
2935 pr_debug("Invalid bit set in the flag (%016llx).\n",
2941 mutex_unlock(&dev->dev_lock);
2946 static int opal_get_status(struct opal_dev *dev, void __user *data)
2948 struct opal_status sts = {0};
2951 * check_opal_support() error is not fatal,
2952 * !dev->supported is a valid condition
2954 if (!check_opal_support(dev))
2955 sts.flags = dev->flags;
2956 if (copy_to_user(data, &sts, sizeof(sts))) {
2957 pr_debug("Error copying status to userspace\n");
2963 static int opal_get_geometry(struct opal_dev *dev, void __user *data)
2965 struct opal_geometry geo = {0};
2967 if (check_opal_support(dev))
2970 geo.align = dev->align_required;
2971 geo.logical_block_size = dev->logical_block_size;
2972 geo.alignment_granularity = dev->align;
2973 geo.lowest_aligned_lba = dev->lowest_lba;
2975 if (copy_to_user(data, &geo, sizeof(geo))) {
2976 pr_debug("Error copying geometry data to userspace\n");
2983 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
2988 if (!capable(CAP_SYS_ADMIN))
2992 if (!(dev->flags & OPAL_FL_SUPPORTED))
2996 p = memdup_user(arg, _IOC_SIZE(cmd));
3003 ret = opal_save(dev, p);
3005 case IOC_OPAL_LOCK_UNLOCK:
3006 ret = opal_lock_unlock(dev, p);
3008 case IOC_OPAL_TAKE_OWNERSHIP:
3009 ret = opal_take_ownership(dev, p);
3011 case IOC_OPAL_ACTIVATE_LSP:
3012 ret = opal_activate_lsp(dev, p);
3014 case IOC_OPAL_SET_PW:
3015 ret = opal_set_new_pw(dev, p);
3017 case IOC_OPAL_ACTIVATE_USR:
3018 ret = opal_activate_user(dev, p);
3020 case IOC_OPAL_REVERT_TPR:
3021 ret = opal_reverttper(dev, p, false);
3023 case IOC_OPAL_LR_SETUP:
3024 ret = opal_setup_locking_range(dev, p);
3026 case IOC_OPAL_ADD_USR_TO_LR:
3027 ret = opal_add_user_to_lr(dev, p);
3029 case IOC_OPAL_ENABLE_DISABLE_MBR:
3030 ret = opal_enable_disable_shadow_mbr(dev, p);
3032 case IOC_OPAL_MBR_DONE:
3033 ret = opal_set_mbr_done(dev, p);
3035 case IOC_OPAL_WRITE_SHADOW_MBR:
3036 ret = opal_write_shadow_mbr(dev, p);
3038 case IOC_OPAL_ERASE_LR:
3039 ret = opal_erase_locking_range(dev, p);
3041 case IOC_OPAL_SECURE_ERASE_LR:
3042 ret = opal_secure_erase_locking_range(dev, p);
3044 case IOC_OPAL_PSID_REVERT_TPR:
3045 ret = opal_reverttper(dev, p, true);
3047 case IOC_OPAL_GENERIC_TABLE_RW:
3048 ret = opal_generic_read_write_table(dev, p);
3050 case IOC_OPAL_GET_STATUS:
3051 ret = opal_get_status(dev, arg);
3053 case IOC_OPAL_GET_LR_STATUS:
3054 ret = opal_locking_range_status(dev, p, arg);
3056 case IOC_OPAL_GET_GEOMETRY:
3057 ret = opal_get_geometry(dev, arg);
3067 EXPORT_SYMBOL_GPL(sed_ioctl);