1 // SPDX-License-Identifier: GPL-2.0
3 * Copyright © 2016 Intel Corporation
6 * Scott Bauer <scott.bauer@intel.com>
7 * Rafael Antognolli <rafael.antognolli@intel.com>
10 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
12 #include <linux/delay.h>
13 #include <linux/device.h>
14 #include <linux/kernel.h>
15 #include <linux/list.h>
16 #include <linux/blkdev.h>
17 #include <linux/slab.h>
18 #include <linux/uaccess.h>
19 #include <uapi/linux/sed-opal.h>
20 #include <linux/sed-opal.h>
21 #include <linux/string.h>
22 #include <linux/kdev_t.h>
24 #include "opal_proto.h"
26 #define IO_BUFFER_LENGTH 2048
29 /* Number of bytes needed by cmd_finalize. */
30 #define CMD_FINALIZE_BYTES_NEEDED 7
33 int (*fn)(struct opal_dev *dev, void *data);
36 typedef int (cont_fn)(struct opal_dev *dev);
38 enum opal_atom_width {
47 * On the parsed response, we don't store again the toks that are already
48 * stored in the response buffer. Instead, for each token, we just store a
49 * pointer to the position in the buffer where the token starts, and the size
50 * of the token in bytes.
52 struct opal_resp_tok {
55 enum opal_response_token type;
56 enum opal_atom_width width;
64 * From the response header it's not possible to know how many tokens there are
65 * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
66 * if we start dealing with messages that have more than that, we can increase
67 * this number. This is done to avoid having to make two passes through the
68 * response, the first one counting how many tokens we have and the second one
69 * actually storing the positions.
73 struct opal_resp_tok toks[MAX_TOKS];
80 sec_send_recv *send_recv;
82 struct mutex dev_lock;
93 struct parsed_resp parsed;
97 struct list_head unlk_lst;
101 static const u8 opaluid[][OPAL_UID_LENGTH] = {
104 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
106 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
108 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
109 [OPAL_LOCKINGSP_UID] =
110 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
111 [OPAL_ENTERPRISE_LOCKINGSP_UID] =
112 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
114 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
116 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
118 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
120 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
122 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
124 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
125 [OPAL_ENTERPRISE_BANDMASTER0_UID] =
126 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
127 [OPAL_ENTERPRISE_ERASEMASTER_UID] =
128 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
132 { 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01 },
133 [OPAL_LOCKINGRANGE_GLOBAL] =
134 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
135 [OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
136 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
137 [OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
138 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
140 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
142 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
143 [OPAL_AUTHORITY_TABLE] =
144 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
146 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
147 [OPAL_LOCKING_INFO_TABLE] =
148 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
149 [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
150 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
152 { 0x00, 0x00, 0x10, 0x01, 0x00, 0x00, 0x00, 0x00 },
154 /* C_PIN_TABLE object ID's */
156 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
158 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
159 [OPAL_C_PIN_ADMIN1] =
160 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
162 /* half UID's (only first 4 bytes used) */
163 [OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
164 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
165 [OPAL_HALF_UID_BOOLEAN_ACE] =
166 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
168 /* special value for omitted optional parameter */
170 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
174 * TCG Storage SSC Methods.
175 * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
176 * Section: 6.3 Assigned UIDs
178 static const u8 opalmethod[][OPAL_METHOD_LENGTH] = {
180 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
181 [OPAL_STARTSESSION] =
182 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
184 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
186 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
188 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
190 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
192 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
193 [OPAL_EAUTHENTICATE] =
194 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
196 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
198 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
200 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
202 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
204 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
205 [OPAL_AUTHENTICATE] =
206 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
208 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
210 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
213 static int end_opal_session_error(struct opal_dev *dev);
214 static int opal_discovery0_step(struct opal_dev *dev);
216 struct opal_suspend_data {
217 struct opal_lock_unlock unlk;
219 struct list_head node;
224 * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
225 * Section: 5.1.5 Method Status Codes
227 static const char * const opal_errors[] = {
235 "No Sessions Available",
236 "Uniqueness Conflict",
237 "Insufficient Space",
244 "Transaction Failure",
246 "Authority Locked Out",
249 static const char *opal_error_to_human(int error)
254 if (error >= ARRAY_SIZE(opal_errors) || error < 0)
255 return "Unknown Error";
257 return opal_errors[error];
260 static void print_buffer(const u8 *ptr, u32 length)
263 print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
268 static bool check_tper(const void *data)
270 const struct d0_tper_features *tper = data;
271 u8 flags = tper->supported_features;
273 if (!(flags & TPER_SYNC_SUPPORTED)) {
274 pr_debug("TPer sync not supported. flags = %d\n",
275 tper->supported_features);
282 static bool check_lcksuppt(const void *data)
284 const struct d0_locking_features *lfeat = data;
285 u8 sup_feat = lfeat->supported_features;
287 return !!(sup_feat & LOCKING_SUPPORTED_MASK);
290 static bool check_lckenabled(const void *data)
292 const struct d0_locking_features *lfeat = data;
293 u8 sup_feat = lfeat->supported_features;
295 return !!(sup_feat & LOCKING_ENABLED_MASK);
298 static bool check_locked(const void *data)
300 const struct d0_locking_features *lfeat = data;
301 u8 sup_feat = lfeat->supported_features;
303 return !!(sup_feat & LOCKED_MASK);
306 static bool check_mbrenabled(const void *data)
308 const struct d0_locking_features *lfeat = data;
309 u8 sup_feat = lfeat->supported_features;
311 return !!(sup_feat & MBR_ENABLED_MASK);
314 static bool check_mbrdone(const void *data)
316 const struct d0_locking_features *lfeat = data;
317 u8 sup_feat = lfeat->supported_features;
319 return !!(sup_feat & MBR_DONE_MASK);
322 static bool check_sum(const void *data)
324 const struct d0_single_user_mode *sum = data;
325 u32 nlo = be32_to_cpu(sum->num_locking_objects);
328 pr_debug("Need at least one locking object.\n");
332 pr_debug("Number of locking objects: %d\n", nlo);
337 static u16 get_comid_v100(const void *data)
339 const struct d0_opal_v100 *v100 = data;
341 return be16_to_cpu(v100->baseComID);
344 static u16 get_comid_v200(const void *data)
346 const struct d0_opal_v200 *v200 = data;
348 return be16_to_cpu(v200->baseComID);
351 static int opal_send_cmd(struct opal_dev *dev)
353 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
354 dev->cmd, IO_BUFFER_LENGTH,
358 static int opal_recv_cmd(struct opal_dev *dev)
360 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
361 dev->resp, IO_BUFFER_LENGTH,
365 static int opal_recv_check(struct opal_dev *dev)
367 size_t buflen = IO_BUFFER_LENGTH;
368 void *buffer = dev->resp;
369 struct opal_header *hdr = buffer;
373 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
374 hdr->cp.outstandingData,
375 hdr->cp.minTransfer);
377 if (hdr->cp.outstandingData == 0 ||
378 hdr->cp.minTransfer != 0)
381 memset(buffer, 0, buflen);
382 ret = opal_recv_cmd(dev);
388 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
392 ret = opal_send_cmd(dev);
395 ret = opal_recv_cmd(dev);
398 ret = opal_recv_check(dev);
404 static void check_geometry(struct opal_dev *dev, const void *data)
406 const struct d0_geometry_features *geo = data;
408 dev->align = be64_to_cpu(geo->alignment_granularity);
409 dev->lowest_lba = be64_to_cpu(geo->lowest_aligned_lba);
412 static int execute_step(struct opal_dev *dev,
413 const struct opal_step *step, size_t stepIndex)
415 int error = step->fn(dev, step->data);
418 pr_debug("Step %zu (%pS) failed with error %d: %s\n",
419 stepIndex, step->fn, error,
420 opal_error_to_human(error));
426 static int execute_steps(struct opal_dev *dev,
427 const struct opal_step *steps, size_t n_steps)
432 /* first do a discovery0 */
433 error = opal_discovery0_step(dev);
437 for (state = 0; state < n_steps; state++) {
438 error = execute_step(dev, &steps[state], state);
447 * For each OPAL command the first step in steps starts some sort of
448 * session. If an error occurred in the initial discovery0 or if an
449 * error occurred in the first step (and thus stopping the loop with
450 * state == 0) then there was an error before or during the attempt to
451 * start a session. Therefore we shouldn't attempt to terminate a
452 * session, as one has not yet been created.
455 end_opal_session_error(dev);
460 static int opal_discovery0_end(struct opal_dev *dev)
462 bool found_com_id = false, supported = true, single_user = false;
463 const struct d0_header *hdr = (struct d0_header *)dev->resp;
464 const u8 *epos = dev->resp, *cpos = dev->resp;
466 u32 hlen = be32_to_cpu(hdr->length);
468 print_buffer(dev->resp, hlen);
469 dev->flags &= OPAL_FL_SUPPORTED;
471 if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
472 pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
473 sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
477 epos += hlen; /* end of buffer */
478 cpos += sizeof(*hdr); /* current position on buffer */
480 while (cpos < epos && supported) {
481 const struct d0_features *body =
482 (const struct d0_features *)cpos;
484 switch (be16_to_cpu(body->code)) {
486 supported = check_tper(body->features);
489 single_user = check_sum(body->features);
491 dev->flags |= OPAL_FL_SUM_SUPPORTED;
494 check_geometry(dev, body);
497 if (check_lcksuppt(body->features))
498 dev->flags |= OPAL_FL_LOCKING_SUPPORTED;
499 if (check_lckenabled(body->features))
500 dev->flags |= OPAL_FL_LOCKING_ENABLED;
501 if (check_locked(body->features))
502 dev->flags |= OPAL_FL_LOCKED;
503 if (check_mbrenabled(body->features))
504 dev->flags |= OPAL_FL_MBR_ENABLED;
505 if (check_mbrdone(body->features))
506 dev->flags |= OPAL_FL_MBR_DONE;
510 /* some ignored properties */
511 pr_debug("Found OPAL feature description: %d\n",
512 be16_to_cpu(body->code));
515 comid = get_comid_v100(body->features);
519 comid = get_comid_v200(body->features);
522 case 0xbfff ... 0xffff:
523 /* vendor specific, just ignore */
526 pr_debug("OPAL Unknown feature: %d\n",
527 be16_to_cpu(body->code));
530 cpos += body->length + 4;
534 pr_debug("This device is not Opal enabled. Not Supported!\n");
539 pr_debug("Device doesn't support single user mode\n");
543 pr_debug("Could not find OPAL comid for device. Returning early\n");
552 static int opal_discovery0(struct opal_dev *dev, void *data)
556 memset(dev->resp, 0, IO_BUFFER_LENGTH);
557 dev->comid = OPAL_DISCOVERY_COMID;
558 ret = opal_recv_cmd(dev);
562 return opal_discovery0_end(dev);
565 static int opal_discovery0_step(struct opal_dev *dev)
567 const struct opal_step discovery0_step = {
571 return execute_step(dev, &discovery0_step, 0);
574 static size_t remaining_size(struct opal_dev *cmd)
576 return IO_BUFFER_LENGTH - cmd->pos;
579 static bool can_add(int *err, struct opal_dev *cmd, size_t len)
584 if (remaining_size(cmd) < len) {
585 pr_debug("Error adding %zu bytes: end of buffer.\n", len);
593 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
595 if (!can_add(err, cmd, 1))
598 cmd->cmd[cmd->pos++] = tok;
601 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
602 bool has_sign, int len)
607 atom = SHORT_ATOM_ID;
608 atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
609 atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
610 atom |= len & SHORT_ATOM_LEN_MASK;
612 add_token_u8(&err, cmd, atom);
615 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
616 bool has_sign, int len)
620 header0 = MEDIUM_ATOM_ID;
621 header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
622 header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
623 header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
625 cmd->cmd[cmd->pos++] = header0;
626 cmd->cmd[cmd->pos++] = len;
629 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
634 if (!(number & ~TINY_ATOM_DATA_MASK)) {
635 add_token_u8(err, cmd, number);
640 len = DIV_ROUND_UP(msb, 8);
642 if (!can_add(err, cmd, len + 1)) {
643 pr_debug("Error adding u64: end of buffer.\n");
646 add_short_atom_header(cmd, false, false, len);
648 add_token_u8(err, cmd, number >> (len * 8));
651 static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len)
653 size_t header_len = 1;
654 bool is_short_atom = true;
656 if (len & ~SHORT_ATOM_LEN_MASK) {
658 is_short_atom = false;
661 if (!can_add(err, cmd, header_len + len)) {
662 pr_debug("Error adding bytestring: end of buffer.\n");
667 add_short_atom_header(cmd, true, false, len);
669 add_medium_atom_header(cmd, true, false, len);
671 return &cmd->cmd[cmd->pos];
674 static void add_token_bytestring(int *err, struct opal_dev *cmd,
675 const u8 *bytestring, size_t len)
679 start = add_bytestring_header(err, cmd, len);
682 memcpy(start, bytestring, len);
686 static int build_locking_range(u8 *buffer, size_t length, u8 lr)
688 if (length > OPAL_UID_LENGTH) {
689 pr_debug("Can't build locking range. Length OOB\n");
693 memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
698 buffer[5] = LOCKING_RANGE_NON_GLOBAL;
704 static int build_locking_user(u8 *buffer, size_t length, u8 lr)
706 if (length > OPAL_UID_LENGTH) {
707 pr_debug("Can't build locking range user. Length OOB\n");
711 memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
718 static void set_comid(struct opal_dev *cmd, u16 comid)
720 struct opal_header *hdr = (struct opal_header *)cmd->cmd;
722 hdr->cp.extendedComID[0] = comid >> 8;
723 hdr->cp.extendedComID[1] = comid;
724 hdr->cp.extendedComID[2] = 0;
725 hdr->cp.extendedComID[3] = 0;
728 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
730 struct opal_header *hdr;
734 * Close the parameter list opened from cmd_start.
735 * The number of bytes added must be equal to
736 * CMD_FINALIZE_BYTES_NEEDED.
738 add_token_u8(&err, cmd, OPAL_ENDLIST);
740 add_token_u8(&err, cmd, OPAL_ENDOFDATA);
741 add_token_u8(&err, cmd, OPAL_STARTLIST);
742 add_token_u8(&err, cmd, 0);
743 add_token_u8(&err, cmd, 0);
744 add_token_u8(&err, cmd, 0);
745 add_token_u8(&err, cmd, OPAL_ENDLIST);
748 pr_debug("Error finalizing command.\n");
752 hdr = (struct opal_header *) cmd->cmd;
754 hdr->pkt.tsn = cpu_to_be32(tsn);
755 hdr->pkt.hsn = cpu_to_be32(hsn);
757 hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
758 while (cmd->pos % 4) {
759 if (cmd->pos >= IO_BUFFER_LENGTH) {
760 pr_debug("Error: Buffer overrun\n");
763 cmd->cmd[cmd->pos++] = 0;
765 hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
767 hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
772 static const struct opal_resp_tok *response_get_token(
773 const struct parsed_resp *resp,
776 const struct opal_resp_tok *tok;
779 pr_debug("Response is NULL\n");
780 return ERR_PTR(-EINVAL);
783 if (n >= resp->num) {
784 pr_debug("Token number doesn't exist: %d, resp: %d\n",
786 return ERR_PTR(-EINVAL);
789 tok = &resp->toks[n];
791 pr_debug("Token length must be non-zero\n");
792 return ERR_PTR(-EINVAL);
798 static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
803 tok->width = OPAL_WIDTH_TINY;
805 if (pos[0] & TINY_ATOM_SIGNED) {
806 tok->type = OPAL_DTA_TOKENID_SINT;
808 tok->type = OPAL_DTA_TOKENID_UINT;
809 tok->stored.u = pos[0] & 0x3f;
815 static ssize_t response_parse_short(struct opal_resp_tok *tok,
819 tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
820 tok->width = OPAL_WIDTH_SHORT;
822 if (pos[0] & SHORT_ATOM_BYTESTRING) {
823 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
824 } else if (pos[0] & SHORT_ATOM_SIGNED) {
825 tok->type = OPAL_DTA_TOKENID_SINT;
830 tok->type = OPAL_DTA_TOKENID_UINT;
832 pr_debug("uint64 with more than 8 bytes\n");
835 for (i = tok->len - 1; i > 0; i--) {
836 u_integer |= ((u64)pos[i] << (8 * b));
839 tok->stored.u = u_integer;
845 static ssize_t response_parse_medium(struct opal_resp_tok *tok,
849 tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
850 tok->width = OPAL_WIDTH_MEDIUM;
852 if (pos[0] & MEDIUM_ATOM_BYTESTRING)
853 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
854 else if (pos[0] & MEDIUM_ATOM_SIGNED)
855 tok->type = OPAL_DTA_TOKENID_SINT;
857 tok->type = OPAL_DTA_TOKENID_UINT;
862 static ssize_t response_parse_long(struct opal_resp_tok *tok,
866 tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
867 tok->width = OPAL_WIDTH_LONG;
869 if (pos[0] & LONG_ATOM_BYTESTRING)
870 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
871 else if (pos[0] & LONG_ATOM_SIGNED)
872 tok->type = OPAL_DTA_TOKENID_SINT;
874 tok->type = OPAL_DTA_TOKENID_UINT;
879 static ssize_t response_parse_token(struct opal_resp_tok *tok,
884 tok->type = OPAL_DTA_TOKENID_TOKEN;
885 tok->width = OPAL_WIDTH_TOKEN;
890 static int response_parse(const u8 *buf, size_t length,
891 struct parsed_resp *resp)
893 const struct opal_header *hdr;
894 struct opal_resp_tok *iter;
897 ssize_t token_length;
899 u32 clen, plen, slen;
907 hdr = (struct opal_header *)buf;
911 clen = be32_to_cpu(hdr->cp.length);
912 plen = be32_to_cpu(hdr->pkt.length);
913 slen = be32_to_cpu(hdr->subpkt.length);
914 pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
917 if (clen == 0 || plen == 0 || slen == 0 ||
918 slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
919 pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
921 print_buffer(pos, sizeof(*hdr));
925 if (pos > buf + length)
930 print_buffer(pos, total);
932 if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
933 token_length = response_parse_tiny(iter, pos);
934 else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
935 token_length = response_parse_short(iter, pos);
936 else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
937 token_length = response_parse_medium(iter, pos);
938 else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
939 token_length = response_parse_long(iter, pos);
941 token_length = response_parse_token(iter, pos);
943 if (token_length < 0)
947 total -= token_length;
952 resp->num = num_entries;
957 static size_t response_get_string(const struct parsed_resp *resp, int n,
961 const struct opal_resp_tok *tok;
964 tok = response_get_token(resp, n);
968 if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) {
969 pr_debug("Token is not a byte string!\n");
973 switch (tok->width) {
974 case OPAL_WIDTH_TINY:
975 case OPAL_WIDTH_SHORT:
978 case OPAL_WIDTH_MEDIUM:
981 case OPAL_WIDTH_LONG:
985 pr_debug("Token has invalid width!\n");
989 *store = tok->pos + skip;
991 return tok->len - skip;
994 static u64 response_get_u64(const struct parsed_resp *resp, int n)
996 const struct opal_resp_tok *tok;
998 tok = response_get_token(resp, n);
1002 if (tok->type != OPAL_DTA_TOKENID_UINT) {
1003 pr_debug("Token is not unsigned int: %d\n", tok->type);
1007 if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) {
1008 pr_debug("Atom is not short or tiny: %d\n", tok->width);
1012 return tok->stored.u;
1015 static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
1017 if (IS_ERR(token) ||
1018 token->type != OPAL_DTA_TOKENID_TOKEN ||
1019 token->pos[0] != match)
1024 static u8 response_status(const struct parsed_resp *resp)
1026 const struct opal_resp_tok *tok;
1028 tok = response_get_token(resp, 0);
1029 if (response_token_matches(tok, OPAL_ENDOFSESSION))
1033 return DTAERROR_NO_METHOD_STATUS;
1035 tok = response_get_token(resp, resp->num - 5);
1036 if (!response_token_matches(tok, OPAL_STARTLIST))
1037 return DTAERROR_NO_METHOD_STATUS;
1039 tok = response_get_token(resp, resp->num - 1);
1040 if (!response_token_matches(tok, OPAL_ENDLIST))
1041 return DTAERROR_NO_METHOD_STATUS;
1043 return response_get_u64(resp, resp->num - 4);
1046 /* Parses and checks for errors */
1047 static int parse_and_check_status(struct opal_dev *dev)
1051 print_buffer(dev->cmd, dev->pos);
1053 error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
1055 pr_debug("Couldn't parse response.\n");
1059 return response_status(&dev->parsed);
1062 static void clear_opal_cmd(struct opal_dev *dev)
1064 dev->pos = sizeof(struct opal_header);
1065 memset(dev->cmd, 0, IO_BUFFER_LENGTH);
1068 static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method)
1072 clear_opal_cmd(dev);
1073 set_comid(dev, dev->comid);
1075 add_token_u8(&err, dev, OPAL_CALL);
1076 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1077 add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH);
1080 * Every method call is followed by its parameters enclosed within
1081 * OPAL_STARTLIST and OPAL_ENDLIST tokens. We automatically open the
1082 * parameter list here and close it later in cmd_finalize.
1084 add_token_u8(&err, dev, OPAL_STARTLIST);
1089 static int start_opal_session_cont(struct opal_dev *dev)
1094 error = parse_and_check_status(dev);
1098 hsn = response_get_u64(&dev->parsed, 4);
1099 tsn = response_get_u64(&dev->parsed, 5);
1101 if (hsn != GENERIC_HOST_SESSION_NUM || tsn < FIRST_TPER_SESSION_NUM) {
1102 pr_debug("Couldn't authenticate session\n");
1112 static void add_suspend_info(struct opal_dev *dev,
1113 struct opal_suspend_data *sus)
1115 struct opal_suspend_data *iter;
1117 list_for_each_entry(iter, &dev->unlk_lst, node) {
1118 if (iter->lr == sus->lr) {
1119 list_del(&iter->node);
1124 list_add_tail(&sus->node, &dev->unlk_lst);
1127 static int end_session_cont(struct opal_dev *dev)
1132 return parse_and_check_status(dev);
1135 static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1139 ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1141 pr_debug("Error finalizing command buffer: %d\n", ret);
1145 print_buffer(dev->cmd, dev->pos);
1147 return opal_send_recv(dev, cont);
1151 * request @column from table @table on device @dev. On success, the column
1152 * data will be available in dev->resp->tok[4]
1154 static int generic_get_column(struct opal_dev *dev, const u8 *table,
1159 err = cmd_start(dev, table, opalmethod[OPAL_GET]);
1161 add_token_u8(&err, dev, OPAL_STARTLIST);
1163 add_token_u8(&err, dev, OPAL_STARTNAME);
1164 add_token_u8(&err, dev, OPAL_STARTCOLUMN);
1165 add_token_u64(&err, dev, column);
1166 add_token_u8(&err, dev, OPAL_ENDNAME);
1168 add_token_u8(&err, dev, OPAL_STARTNAME);
1169 add_token_u8(&err, dev, OPAL_ENDCOLUMN);
1170 add_token_u64(&err, dev, column);
1171 add_token_u8(&err, dev, OPAL_ENDNAME);
1173 add_token_u8(&err, dev, OPAL_ENDLIST);
1178 return finalize_and_send(dev, parse_and_check_status);
1182 * see TCG SAS 5.3.2.3 for a description of the available columns
1184 * the result is provided in dev->resp->tok[4]
1186 static int generic_get_table_info(struct opal_dev *dev, const u8 *table_uid,
1189 u8 uid[OPAL_UID_LENGTH];
1190 const unsigned int half = OPAL_UID_LENGTH_HALF;
1192 /* sed-opal UIDs can be split in two halves:
1193 * first: actual table index
1194 * second: relative index in the table
1195 * so we have to get the first half of the OPAL_TABLE_TABLE and use the
1196 * first part of the target table as relative index into that table
1198 memcpy(uid, opaluid[OPAL_TABLE_TABLE], half);
1199 memcpy(uid + half, table_uid, half);
1201 return generic_get_column(dev, uid, column);
1204 static int gen_key(struct opal_dev *dev, void *data)
1206 u8 uid[OPAL_UID_LENGTH];
1209 memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1210 kfree(dev->prev_data);
1211 dev->prev_data = NULL;
1213 err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]);
1216 pr_debug("Error building gen key command\n");
1221 return finalize_and_send(dev, parse_and_check_status);
1224 static int get_active_key_cont(struct opal_dev *dev)
1226 const char *activekey;
1230 error = parse_and_check_status(dev);
1234 keylen = response_get_string(&dev->parsed, 4, &activekey);
1236 pr_debug("%s: Couldn't extract the Activekey from the response\n",
1238 return OPAL_INVAL_PARAM;
1241 dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1243 if (!dev->prev_data)
1246 dev->prev_d_len = keylen;
1251 static int get_active_key(struct opal_dev *dev, void *data)
1253 u8 uid[OPAL_UID_LENGTH];
1257 err = build_locking_range(uid, sizeof(uid), *lr);
1261 err = generic_get_column(dev, uid, OPAL_ACTIVEKEY);
1265 return get_active_key_cont(dev);
1268 static int generic_table_write_data(struct opal_dev *dev, const u64 data,
1269 u64 offset, u64 size, const u8 *uid)
1271 const u8 __user *src = (u8 __user *)(uintptr_t)data;
1277 /* do we fit in the available space? */
1278 err = generic_get_table_info(dev, uid, OPAL_TABLE_ROWS);
1280 pr_debug("Couldn't get the table size\n");
1284 len = response_get_u64(&dev->parsed, 4);
1285 if (size > len || offset > len - size) {
1286 pr_debug("Does not fit in the table (%llu vs. %llu)\n",
1287 offset + size, len);
1291 /* do the actual transmission(s) */
1292 while (off < size) {
1293 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1294 add_token_u8(&err, dev, OPAL_STARTNAME);
1295 add_token_u8(&err, dev, OPAL_WHERE);
1296 add_token_u64(&err, dev, offset + off);
1297 add_token_u8(&err, dev, OPAL_ENDNAME);
1299 add_token_u8(&err, dev, OPAL_STARTNAME);
1300 add_token_u8(&err, dev, OPAL_VALUES);
1303 * The bytestring header is either 1 or 2 bytes, so assume 2.
1304 * There also needs to be enough space to accommodate the
1305 * trailing OPAL_ENDNAME (1 byte) and tokens added by
1308 len = min(remaining_size(dev) - (2+1+CMD_FINALIZE_BYTES_NEEDED),
1309 (size_t)(size - off));
1310 pr_debug("Write bytes %zu+%llu/%llu\n", off, len, size);
1312 dst = add_bytestring_header(&err, dev, len);
1316 if (copy_from_user(dst, src + off, len)) {
1323 add_token_u8(&err, dev, OPAL_ENDNAME);
1327 err = finalize_and_send(dev, parse_and_check_status);
1337 static int generic_lr_enable_disable(struct opal_dev *dev,
1338 u8 *uid, bool rle, bool wle,
1343 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1345 add_token_u8(&err, dev, OPAL_STARTNAME);
1346 add_token_u8(&err, dev, OPAL_VALUES);
1347 add_token_u8(&err, dev, OPAL_STARTLIST);
1349 add_token_u8(&err, dev, OPAL_STARTNAME);
1350 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1351 add_token_u8(&err, dev, rle);
1352 add_token_u8(&err, dev, OPAL_ENDNAME);
1354 add_token_u8(&err, dev, OPAL_STARTNAME);
1355 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1356 add_token_u8(&err, dev, wle);
1357 add_token_u8(&err, dev, OPAL_ENDNAME);
1359 add_token_u8(&err, dev, OPAL_STARTNAME);
1360 add_token_u8(&err, dev, OPAL_READLOCKED);
1361 add_token_u8(&err, dev, rl);
1362 add_token_u8(&err, dev, OPAL_ENDNAME);
1364 add_token_u8(&err, dev, OPAL_STARTNAME);
1365 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1366 add_token_u8(&err, dev, wl);
1367 add_token_u8(&err, dev, OPAL_ENDNAME);
1369 add_token_u8(&err, dev, OPAL_ENDLIST);
1370 add_token_u8(&err, dev, OPAL_ENDNAME);
1375 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1376 struct opal_user_lr_setup *setup)
1380 err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1383 pr_debug("Failed to create enable global lr command\n");
1388 static int setup_locking_range(struct opal_dev *dev, void *data)
1390 u8 uid[OPAL_UID_LENGTH];
1391 struct opal_user_lr_setup *setup = data;
1395 lr = setup->session.opal_key.lr;
1396 err = build_locking_range(uid, sizeof(uid), lr);
1401 err = enable_global_lr(dev, uid, setup);
1403 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1405 add_token_u8(&err, dev, OPAL_STARTNAME);
1406 add_token_u8(&err, dev, OPAL_VALUES);
1407 add_token_u8(&err, dev, OPAL_STARTLIST);
1409 add_token_u8(&err, dev, OPAL_STARTNAME);
1410 add_token_u8(&err, dev, OPAL_RANGESTART);
1411 add_token_u64(&err, dev, setup->range_start);
1412 add_token_u8(&err, dev, OPAL_ENDNAME);
1414 add_token_u8(&err, dev, OPAL_STARTNAME);
1415 add_token_u8(&err, dev, OPAL_RANGELENGTH);
1416 add_token_u64(&err, dev, setup->range_length);
1417 add_token_u8(&err, dev, OPAL_ENDNAME);
1419 add_token_u8(&err, dev, OPAL_STARTNAME);
1420 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1421 add_token_u64(&err, dev, !!setup->RLE);
1422 add_token_u8(&err, dev, OPAL_ENDNAME);
1424 add_token_u8(&err, dev, OPAL_STARTNAME);
1425 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1426 add_token_u64(&err, dev, !!setup->WLE);
1427 add_token_u8(&err, dev, OPAL_ENDNAME);
1429 add_token_u8(&err, dev, OPAL_ENDLIST);
1430 add_token_u8(&err, dev, OPAL_ENDNAME);
1433 pr_debug("Error building Setup Locking range command.\n");
1437 return finalize_and_send(dev, parse_and_check_status);
1440 static int start_generic_opal_session(struct opal_dev *dev,
1442 enum opal_uid sp_type,
1449 if (key == NULL && auth != OPAL_ANYBODY_UID)
1450 return OPAL_INVAL_PARAM;
1452 hsn = GENERIC_HOST_SESSION_NUM;
1453 err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1454 opalmethod[OPAL_STARTSESSION]);
1456 add_token_u64(&err, dev, hsn);
1457 add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1458 add_token_u8(&err, dev, 1);
1461 case OPAL_ANYBODY_UID:
1463 case OPAL_ADMIN1_UID:
1466 add_token_u8(&err, dev, OPAL_STARTNAME);
1467 add_token_u8(&err, dev, 0); /* HostChallenge */
1468 add_token_bytestring(&err, dev, key, key_len);
1469 add_token_u8(&err, dev, OPAL_ENDNAME);
1470 add_token_u8(&err, dev, OPAL_STARTNAME);
1471 add_token_u8(&err, dev, 3); /* HostSignAuth */
1472 add_token_bytestring(&err, dev, opaluid[auth],
1474 add_token_u8(&err, dev, OPAL_ENDNAME);
1477 pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1478 return OPAL_INVAL_PARAM;
1482 pr_debug("Error building start adminsp session command.\n");
1486 return finalize_and_send(dev, start_opal_session_cont);
1489 static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1491 return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1492 OPAL_ADMINSP_UID, NULL, 0);
1495 static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1498 const u8 *key = dev->prev_data;
1501 const struct opal_key *okey = data;
1503 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1508 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1510 key, dev->prev_d_len);
1512 dev->prev_data = NULL;
1518 static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1520 struct opal_key *key = data;
1522 return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1524 key->key, key->key_len);
1527 static int start_PSID_opal_session(struct opal_dev *dev, void *data)
1529 const struct opal_key *okey = data;
1531 return start_generic_opal_session(dev, OPAL_PSID_UID,
1537 static int start_auth_opal_session(struct opal_dev *dev, void *data)
1539 struct opal_session_info *session = data;
1540 u8 lk_ul_user[OPAL_UID_LENGTH];
1541 size_t keylen = session->opal_key.key_len;
1544 u8 *key = session->opal_key.key;
1545 u32 hsn = GENERIC_HOST_SESSION_NUM;
1548 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1549 session->opal_key.lr);
1550 else if (session->who != OPAL_ADMIN1 && !session->sum)
1551 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1554 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1559 err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1560 opalmethod[OPAL_STARTSESSION]);
1562 add_token_u64(&err, dev, hsn);
1563 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1565 add_token_u8(&err, dev, 1);
1566 add_token_u8(&err, dev, OPAL_STARTNAME);
1567 add_token_u8(&err, dev, 0);
1568 add_token_bytestring(&err, dev, key, keylen);
1569 add_token_u8(&err, dev, OPAL_ENDNAME);
1570 add_token_u8(&err, dev, OPAL_STARTNAME);
1571 add_token_u8(&err, dev, 3);
1572 add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1573 add_token_u8(&err, dev, OPAL_ENDNAME);
1576 pr_debug("Error building STARTSESSION command.\n");
1580 return finalize_and_send(dev, start_opal_session_cont);
1583 static int revert_tper(struct opal_dev *dev, void *data)
1587 err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID],
1588 opalmethod[OPAL_REVERT]);
1590 pr_debug("Error building REVERT TPER command.\n");
1594 return finalize_and_send(dev, parse_and_check_status);
1597 static int internal_activate_user(struct opal_dev *dev, void *data)
1599 struct opal_session_info *session = data;
1600 u8 uid[OPAL_UID_LENGTH];
1603 memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1604 uid[7] = session->who;
1606 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1607 add_token_u8(&err, dev, OPAL_STARTNAME);
1608 add_token_u8(&err, dev, OPAL_VALUES);
1609 add_token_u8(&err, dev, OPAL_STARTLIST);
1610 add_token_u8(&err, dev, OPAL_STARTNAME);
1611 add_token_u8(&err, dev, 5); /* Enabled */
1612 add_token_u8(&err, dev, OPAL_TRUE);
1613 add_token_u8(&err, dev, OPAL_ENDNAME);
1614 add_token_u8(&err, dev, OPAL_ENDLIST);
1615 add_token_u8(&err, dev, OPAL_ENDNAME);
1618 pr_debug("Error building Activate UserN command.\n");
1622 return finalize_and_send(dev, parse_and_check_status);
1625 static int erase_locking_range(struct opal_dev *dev, void *data)
1627 struct opal_session_info *session = data;
1628 u8 uid[OPAL_UID_LENGTH];
1631 if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1634 err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]);
1637 pr_debug("Error building Erase Locking Range Command.\n");
1641 return finalize_and_send(dev, parse_and_check_status);
1644 static int set_mbr_done(struct opal_dev *dev, void *data)
1646 u8 *mbr_done_tf = data;
1649 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1650 opalmethod[OPAL_SET]);
1652 add_token_u8(&err, dev, OPAL_STARTNAME);
1653 add_token_u8(&err, dev, OPAL_VALUES);
1654 add_token_u8(&err, dev, OPAL_STARTLIST);
1655 add_token_u8(&err, dev, OPAL_STARTNAME);
1656 add_token_u8(&err, dev, OPAL_MBRDONE);
1657 add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */
1658 add_token_u8(&err, dev, OPAL_ENDNAME);
1659 add_token_u8(&err, dev, OPAL_ENDLIST);
1660 add_token_u8(&err, dev, OPAL_ENDNAME);
1663 pr_debug("Error Building set MBR Done command\n");
1667 return finalize_and_send(dev, parse_and_check_status);
1670 static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1672 u8 *mbr_en_dis = data;
1675 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1676 opalmethod[OPAL_SET]);
1678 add_token_u8(&err, dev, OPAL_STARTNAME);
1679 add_token_u8(&err, dev, OPAL_VALUES);
1680 add_token_u8(&err, dev, OPAL_STARTLIST);
1681 add_token_u8(&err, dev, OPAL_STARTNAME);
1682 add_token_u8(&err, dev, OPAL_MBRENABLE);
1683 add_token_u8(&err, dev, *mbr_en_dis);
1684 add_token_u8(&err, dev, OPAL_ENDNAME);
1685 add_token_u8(&err, dev, OPAL_ENDLIST);
1686 add_token_u8(&err, dev, OPAL_ENDNAME);
1689 pr_debug("Error Building set MBR done command\n");
1693 return finalize_and_send(dev, parse_and_check_status);
1696 static int write_shadow_mbr(struct opal_dev *dev, void *data)
1698 struct opal_shadow_mbr *shadow = data;
1700 return generic_table_write_data(dev, shadow->data, shadow->offset,
1701 shadow->size, opaluid[OPAL_MBR]);
1704 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1705 struct opal_dev *dev)
1709 err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]);
1711 add_token_u8(&err, dev, OPAL_STARTNAME);
1712 add_token_u8(&err, dev, OPAL_VALUES);
1713 add_token_u8(&err, dev, OPAL_STARTLIST);
1714 add_token_u8(&err, dev, OPAL_STARTNAME);
1715 add_token_u8(&err, dev, OPAL_PIN);
1716 add_token_bytestring(&err, dev, key, key_len);
1717 add_token_u8(&err, dev, OPAL_ENDNAME);
1718 add_token_u8(&err, dev, OPAL_ENDLIST);
1719 add_token_u8(&err, dev, OPAL_ENDNAME);
1724 static int set_new_pw(struct opal_dev *dev, void *data)
1726 u8 cpin_uid[OPAL_UID_LENGTH];
1727 struct opal_session_info *usr = data;
1729 memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1731 if (usr->who != OPAL_ADMIN1) {
1734 cpin_uid[7] = usr->opal_key.lr + 1;
1736 cpin_uid[7] = usr->who;
1739 if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
1741 pr_debug("Error building set password command.\n");
1745 return finalize_and_send(dev, parse_and_check_status);
1748 static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
1750 u8 cpin_uid[OPAL_UID_LENGTH];
1751 struct opal_key *key = data;
1753 memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
1755 if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
1756 pr_debug("Error building Set SID cpin\n");
1759 return finalize_and_send(dev, parse_and_check_status);
1762 static void add_authority_object_ref(int *err,
1763 struct opal_dev *dev,
1767 add_token_u8(err, dev, OPAL_STARTNAME);
1768 add_token_bytestring(err, dev,
1769 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1771 add_token_bytestring(err, dev, uid, uid_len);
1772 add_token_u8(err, dev, OPAL_ENDNAME);
1775 static void add_boolean_object_ref(int *err,
1776 struct opal_dev *dev,
1779 add_token_u8(err, dev, OPAL_STARTNAME);
1780 add_token_bytestring(err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
1782 add_token_u8(err, dev, boolean_op);
1783 add_token_u8(err, dev, OPAL_ENDNAME);
1786 static int set_lr_boolean_ace(struct opal_dev *dev,
1787 unsigned int opal_uid,
1792 u8 lr_buffer[OPAL_UID_LENGTH];
1793 u8 user_uid[OPAL_UID_LENGTH];
1797 memcpy(lr_buffer, opaluid[opal_uid], OPAL_UID_LENGTH);
1800 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1802 add_token_u8(&err, dev, OPAL_STARTNAME);
1803 add_token_u8(&err, dev, OPAL_VALUES);
1805 add_token_u8(&err, dev, OPAL_STARTLIST);
1806 add_token_u8(&err, dev, OPAL_STARTNAME);
1807 add_token_u8(&err, dev, 3);
1809 add_token_u8(&err, dev, OPAL_STARTLIST);
1811 for (u = 0; u < users_len; u++) {
1812 if (users[u] == OPAL_ADMIN1)
1813 memcpy(user_uid, opaluid[OPAL_ADMIN1_UID],
1816 memcpy(user_uid, opaluid[OPAL_USER1_UID],
1818 user_uid[7] = users[u];
1821 add_authority_object_ref(&err, dev, user_uid, sizeof(user_uid));
1824 * Add boolean operator in postfix only with
1825 * two or more authorities being added in ACE
1829 add_boolean_object_ref(&err, dev, OPAL_BOOLEAN_OR);
1832 add_token_u8(&err, dev, OPAL_ENDLIST);
1833 add_token_u8(&err, dev, OPAL_ENDNAME);
1834 add_token_u8(&err, dev, OPAL_ENDLIST);
1835 add_token_u8(&err, dev, OPAL_ENDNAME);
1840 static int add_user_to_lr(struct opal_dev *dev, void *data)
1843 struct opal_lock_unlock *lkul = data;
1844 const u8 users[] = {
1848 err = set_lr_boolean_ace(dev,
1849 lkul->l_state == OPAL_RW ?
1850 OPAL_LOCKINGRANGE_ACE_WRLOCKED :
1851 OPAL_LOCKINGRANGE_ACE_RDLOCKED,
1852 lkul->session.opal_key.lr, users,
1855 pr_debug("Error building add user to locking range command.\n");
1859 return finalize_and_send(dev, parse_and_check_status);
1862 static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
1864 u8 lr_buffer[OPAL_UID_LENGTH];
1865 struct opal_lock_unlock *lkul = data;
1866 u8 read_locked = 1, write_locked = 1;
1869 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1870 lkul->session.opal_key.lr) < 0)
1873 switch (lkul->l_state) {
1883 /* vars are initialized to locked */
1886 pr_debug("Tried to set an invalid locking state... returning to uland\n");
1887 return OPAL_INVAL_PARAM;
1890 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1892 add_token_u8(&err, dev, OPAL_STARTNAME);
1893 add_token_u8(&err, dev, OPAL_VALUES);
1894 add_token_u8(&err, dev, OPAL_STARTLIST);
1896 add_token_u8(&err, dev, OPAL_STARTNAME);
1897 add_token_u8(&err, dev, OPAL_READLOCKED);
1898 add_token_u8(&err, dev, read_locked);
1899 add_token_u8(&err, dev, OPAL_ENDNAME);
1901 add_token_u8(&err, dev, OPAL_STARTNAME);
1902 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1903 add_token_u8(&err, dev, write_locked);
1904 add_token_u8(&err, dev, OPAL_ENDNAME);
1906 add_token_u8(&err, dev, OPAL_ENDLIST);
1907 add_token_u8(&err, dev, OPAL_ENDNAME);
1910 pr_debug("Error building SET command.\n");
1914 return finalize_and_send(dev, parse_and_check_status);
1918 static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
1920 u8 lr_buffer[OPAL_UID_LENGTH];
1921 u8 read_locked = 1, write_locked = 1;
1922 struct opal_lock_unlock *lkul = data;
1925 clear_opal_cmd(dev);
1926 set_comid(dev, dev->comid);
1928 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1929 lkul->session.opal_key.lr) < 0)
1932 switch (lkul->l_state) {
1942 /* vars are initialized to locked */
1945 pr_debug("Tried to set an invalid locking state.\n");
1946 return OPAL_INVAL_PARAM;
1948 ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
1949 read_locked, write_locked);
1952 pr_debug("Error building SET command.\n");
1956 return finalize_and_send(dev, parse_and_check_status);
1959 static int activate_lsp(struct opal_dev *dev, void *data)
1961 struct opal_lr_act *opal_act = data;
1962 u8 user_lr[OPAL_UID_LENGTH];
1965 err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID],
1966 opalmethod[OPAL_ACTIVATE]);
1968 if (opal_act->sum) {
1969 err = build_locking_range(user_lr, sizeof(user_lr),
1974 add_token_u8(&err, dev, OPAL_STARTNAME);
1975 add_token_u64(&err, dev, OPAL_SUM_SET_LIST);
1977 add_token_u8(&err, dev, OPAL_STARTLIST);
1978 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1979 for (i = 1; i < opal_act->num_lrs; i++) {
1980 user_lr[7] = opal_act->lr[i];
1981 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1983 add_token_u8(&err, dev, OPAL_ENDLIST);
1984 add_token_u8(&err, dev, OPAL_ENDNAME);
1988 pr_debug("Error building Activate LockingSP command.\n");
1992 return finalize_and_send(dev, parse_and_check_status);
1995 /* Determine if we're in the Manufactured Inactive or Active state */
1996 static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
2001 err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID],
2006 lc_status = response_get_u64(&dev->parsed, 4);
2007 /* 0x08 is Manufactured Inactive */
2008 /* 0x09 is Manufactured */
2009 if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
2010 pr_debug("Couldn't determine the status of the Lifecycle state\n");
2017 static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
2019 const char *msid_pin;
2023 err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN);
2027 strlen = response_get_string(&dev->parsed, 4, &msid_pin);
2029 pr_debug("Couldn't extract MSID_CPIN from response\n");
2030 return OPAL_INVAL_PARAM;
2033 dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
2034 if (!dev->prev_data)
2037 dev->prev_d_len = strlen;
2042 static int write_table_data(struct opal_dev *dev, void *data)
2044 struct opal_read_write_table *write_tbl = data;
2046 return generic_table_write_data(dev, write_tbl->data, write_tbl->offset,
2047 write_tbl->size, write_tbl->table_uid);
2050 static int read_table_data_cont(struct opal_dev *dev)
2053 const char *data_read;
2055 err = parse_and_check_status(dev);
2059 dev->prev_d_len = response_get_string(&dev->parsed, 1, &data_read);
2060 dev->prev_data = (void *)data_read;
2061 if (!dev->prev_data) {
2062 pr_debug("%s: Couldn't read data from the table.\n", __func__);
2063 return OPAL_INVAL_PARAM;
2070 * IO_BUFFER_LENGTH = 2048
2071 * sizeof(header) = 56
2072 * No. of Token Bytes in the Response = 11
2073 * MAX size of data that can be carried in response buffer
2074 * at a time is : 2048 - (56 + 11) = 1981 = 0x7BD.
2076 #define OPAL_MAX_READ_TABLE (0x7BD)
2078 static int read_table_data(struct opal_dev *dev, void *data)
2080 struct opal_read_write_table *read_tbl = data;
2082 size_t off = 0, max_read_size = OPAL_MAX_READ_TABLE;
2084 u64 offset = read_tbl->offset, read_size = read_tbl->size - 1;
2087 err = generic_get_table_info(dev, read_tbl->table_uid, OPAL_TABLE_ROWS);
2089 pr_debug("Couldn't get the table size\n");
2093 table_len = response_get_u64(&dev->parsed, 4);
2095 /* Check if the user is trying to read from the table limits */
2096 if (read_size > table_len || offset > table_len - read_size) {
2097 pr_debug("Read size exceeds the Table size limits (%llu vs. %llu)\n",
2098 offset + read_size, table_len);
2102 while (off < read_size) {
2103 err = cmd_start(dev, read_tbl->table_uid, opalmethod[OPAL_GET]);
2105 add_token_u8(&err, dev, OPAL_STARTLIST);
2106 add_token_u8(&err, dev, OPAL_STARTNAME);
2107 add_token_u8(&err, dev, OPAL_STARTROW);
2108 add_token_u64(&err, dev, offset + off); /* start row value */
2109 add_token_u8(&err, dev, OPAL_ENDNAME);
2111 add_token_u8(&err, dev, OPAL_STARTNAME);
2112 add_token_u8(&err, dev, OPAL_ENDROW);
2114 len = min(max_read_size, (size_t)(read_size - off));
2115 add_token_u64(&err, dev, offset + off + len); /* end row value
2117 add_token_u8(&err, dev, OPAL_ENDNAME);
2118 add_token_u8(&err, dev, OPAL_ENDLIST);
2121 pr_debug("Error building read table data command.\n");
2125 err = finalize_and_send(dev, read_table_data_cont);
2129 /* len+1: This includes the NULL terminator at the end*/
2130 if (dev->prev_d_len > len + 1) {
2135 dst = (u8 __user *)(uintptr_t)read_tbl->data;
2136 if (copy_to_user(dst + off, dev->prev_data, dev->prev_d_len)) {
2137 pr_debug("Error copying data to userspace\n");
2141 dev->prev_data = NULL;
2149 static int end_opal_session(struct opal_dev *dev, void *data)
2153 clear_opal_cmd(dev);
2154 set_comid(dev, dev->comid);
2155 add_token_u8(&err, dev, OPAL_ENDOFSESSION);
2160 return finalize_and_send(dev, end_session_cont);
2163 static int end_opal_session_error(struct opal_dev *dev)
2165 const struct opal_step error_end_session = {
2169 return execute_step(dev, &error_end_session, 0);
2172 static inline void setup_opal_dev(struct opal_dev *dev)
2176 dev->prev_data = NULL;
2179 static int check_opal_support(struct opal_dev *dev)
2183 mutex_lock(&dev->dev_lock);
2184 setup_opal_dev(dev);
2185 ret = opal_discovery0_step(dev);
2187 dev->flags |= OPAL_FL_SUPPORTED;
2188 mutex_unlock(&dev->dev_lock);
2193 static void clean_opal_dev(struct opal_dev *dev)
2196 struct opal_suspend_data *suspend, *next;
2198 mutex_lock(&dev->dev_lock);
2199 list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
2200 list_del(&suspend->node);
2203 mutex_unlock(&dev->dev_lock);
2206 void free_opal_dev(struct opal_dev *dev)
2211 clean_opal_dev(dev);
2216 EXPORT_SYMBOL(free_opal_dev);
2218 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2220 struct opal_dev *dev;
2222 dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2227 * Presumably DMA-able buffers must be cache-aligned. Kmalloc makes
2228 * sure the allocated buffer is DMA-safe in that regard.
2230 dev->cmd = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2234 dev->resp = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2238 INIT_LIST_HEAD(&dev->unlk_lst);
2239 mutex_init(&dev->dev_lock);
2242 dev->send_recv = send_recv;
2243 if (check_opal_support(dev) != 0) {
2244 pr_debug("Opal is not supported on this device\n");
2261 EXPORT_SYMBOL(init_opal_dev);
2263 static int opal_secure_erase_locking_range(struct opal_dev *dev,
2264 struct opal_session_info *opal_session)
2266 const struct opal_step erase_steps[] = {
2267 { start_auth_opal_session, opal_session },
2268 { get_active_key, &opal_session->opal_key.lr },
2270 { end_opal_session, }
2274 mutex_lock(&dev->dev_lock);
2275 setup_opal_dev(dev);
2276 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2277 mutex_unlock(&dev->dev_lock);
2282 static int opal_erase_locking_range(struct opal_dev *dev,
2283 struct opal_session_info *opal_session)
2285 const struct opal_step erase_steps[] = {
2286 { start_auth_opal_session, opal_session },
2287 { erase_locking_range, opal_session },
2288 { end_opal_session, }
2292 mutex_lock(&dev->dev_lock);
2293 setup_opal_dev(dev);
2294 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2295 mutex_unlock(&dev->dev_lock);
2300 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2301 struct opal_mbr_data *opal_mbr)
2303 u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ?
2304 OPAL_TRUE : OPAL_FALSE;
2306 const struct opal_step mbr_steps[] = {
2307 { start_admin1LSP_opal_session, &opal_mbr->key },
2308 { set_mbr_done, &enable_disable },
2309 { end_opal_session, },
2310 { start_admin1LSP_opal_session, &opal_mbr->key },
2311 { set_mbr_enable_disable, &enable_disable },
2312 { end_opal_session, }
2316 if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2317 opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2320 mutex_lock(&dev->dev_lock);
2321 setup_opal_dev(dev);
2322 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2323 mutex_unlock(&dev->dev_lock);
2328 static int opal_set_mbr_done(struct opal_dev *dev,
2329 struct opal_mbr_done *mbr_done)
2331 u8 mbr_done_tf = mbr_done->done_flag == OPAL_MBR_DONE ?
2332 OPAL_TRUE : OPAL_FALSE;
2334 const struct opal_step mbr_steps[] = {
2335 { start_admin1LSP_opal_session, &mbr_done->key },
2336 { set_mbr_done, &mbr_done_tf },
2337 { end_opal_session, }
2341 if (mbr_done->done_flag != OPAL_MBR_DONE &&
2342 mbr_done->done_flag != OPAL_MBR_NOT_DONE)
2345 mutex_lock(&dev->dev_lock);
2346 setup_opal_dev(dev);
2347 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2348 mutex_unlock(&dev->dev_lock);
2353 static int opal_write_shadow_mbr(struct opal_dev *dev,
2354 struct opal_shadow_mbr *info)
2356 const struct opal_step mbr_steps[] = {
2357 { start_admin1LSP_opal_session, &info->key },
2358 { write_shadow_mbr, info },
2359 { end_opal_session, }
2363 if (info->size == 0)
2366 mutex_lock(&dev->dev_lock);
2367 setup_opal_dev(dev);
2368 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2369 mutex_unlock(&dev->dev_lock);
2374 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2376 struct opal_suspend_data *suspend;
2378 suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2382 suspend->unlk = *lk_unlk;
2383 suspend->lr = lk_unlk->session.opal_key.lr;
2385 mutex_lock(&dev->dev_lock);
2386 setup_opal_dev(dev);
2387 add_suspend_info(dev, suspend);
2388 mutex_unlock(&dev->dev_lock);
2393 static int opal_add_user_to_lr(struct opal_dev *dev,
2394 struct opal_lock_unlock *lk_unlk)
2396 const struct opal_step steps[] = {
2397 { start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2398 { add_user_to_lr, lk_unlk },
2399 { end_opal_session, }
2403 if (lk_unlk->l_state != OPAL_RO &&
2404 lk_unlk->l_state != OPAL_RW) {
2405 pr_debug("Locking state was not RO or RW\n");
2409 if (lk_unlk->session.who < OPAL_USER1 ||
2410 lk_unlk->session.who > OPAL_USER9) {
2411 pr_debug("Authority was not within the range of users: %d\n",
2412 lk_unlk->session.who);
2416 if (lk_unlk->session.sum) {
2417 pr_debug("%s not supported in sum. Use setup locking range\n",
2422 mutex_lock(&dev->dev_lock);
2423 setup_opal_dev(dev);
2424 ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2425 mutex_unlock(&dev->dev_lock);
2430 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psid)
2432 /* controller will terminate session */
2433 const struct opal_step revert_steps[] = {
2434 { start_SIDASP_opal_session, opal },
2437 const struct opal_step psid_revert_steps[] = {
2438 { start_PSID_opal_session, opal },
2444 mutex_lock(&dev->dev_lock);
2445 setup_opal_dev(dev);
2447 ret = execute_steps(dev, psid_revert_steps,
2448 ARRAY_SIZE(psid_revert_steps));
2450 ret = execute_steps(dev, revert_steps,
2451 ARRAY_SIZE(revert_steps));
2452 mutex_unlock(&dev->dev_lock);
2455 * If we successfully reverted lets clean
2456 * any saved locking ranges.
2459 clean_opal_dev(dev);
2464 static int __opal_lock_unlock(struct opal_dev *dev,
2465 struct opal_lock_unlock *lk_unlk)
2467 const struct opal_step unlock_steps[] = {
2468 { start_auth_opal_session, &lk_unlk->session },
2469 { lock_unlock_locking_range, lk_unlk },
2470 { end_opal_session, }
2472 const struct opal_step unlock_sum_steps[] = {
2473 { start_auth_opal_session, &lk_unlk->session },
2474 { lock_unlock_locking_range_sum, lk_unlk },
2475 { end_opal_session, }
2478 if (lk_unlk->session.sum)
2479 return execute_steps(dev, unlock_sum_steps,
2480 ARRAY_SIZE(unlock_sum_steps));
2482 return execute_steps(dev, unlock_steps,
2483 ARRAY_SIZE(unlock_steps));
2486 static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2488 u8 mbr_done_tf = OPAL_TRUE;
2489 const struct opal_step mbrdone_step[] = {
2490 { start_admin1LSP_opal_session, key },
2491 { set_mbr_done, &mbr_done_tf },
2492 { end_opal_session, }
2495 return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step));
2498 static void opal_lock_check_for_saved_key(struct opal_dev *dev,
2499 struct opal_lock_unlock *lk_unlk)
2501 struct opal_suspend_data *iter;
2503 if (lk_unlk->l_state != OPAL_LK ||
2504 lk_unlk->session.opal_key.key_len > 0)
2508 * Usually when closing a crypto device (eg: dm-crypt with LUKS) the
2509 * volume key is not required, as it requires root privileges anyway,
2510 * and root can deny access to a disk in many ways regardless.
2511 * Requiring the volume key to lock the device is a peculiarity of the
2512 * OPAL specification. Given we might already have saved the key if
2513 * the user requested it via the 'IOC_OPAL_SAVE' ioctl, we can use
2514 * that key to lock the device if no key was provided here, the
2515 * locking range matches and the appropriate flag was passed with
2517 * This allows integrating OPAL with tools and libraries that are used
2518 * to the common behaviour and do not ask for the volume key when
2521 setup_opal_dev(dev);
2522 list_for_each_entry(iter, &dev->unlk_lst, node) {
2523 if ((iter->unlk.flags & OPAL_SAVE_FOR_LOCK) &&
2524 iter->lr == lk_unlk->session.opal_key.lr &&
2525 iter->unlk.session.opal_key.key_len > 0) {
2526 lk_unlk->session.opal_key.key_len =
2527 iter->unlk.session.opal_key.key_len;
2528 memcpy(lk_unlk->session.opal_key.key,
2529 iter->unlk.session.opal_key.key,
2530 iter->unlk.session.opal_key.key_len);
2536 static int opal_lock_unlock(struct opal_dev *dev,
2537 struct opal_lock_unlock *lk_unlk)
2541 if (lk_unlk->session.who > OPAL_USER9)
2544 mutex_lock(&dev->dev_lock);
2545 opal_lock_check_for_saved_key(dev, lk_unlk);
2546 ret = __opal_lock_unlock(dev, lk_unlk);
2547 mutex_unlock(&dev->dev_lock);
2552 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2554 const struct opal_step owner_steps[] = {
2555 { start_anybodyASP_opal_session, },
2556 { get_msid_cpin_pin, },
2557 { end_opal_session, },
2558 { start_SIDASP_opal_session, opal },
2559 { set_sid_cpin_pin, opal },
2560 { end_opal_session, }
2567 mutex_lock(&dev->dev_lock);
2568 setup_opal_dev(dev);
2569 ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
2570 mutex_unlock(&dev->dev_lock);
2575 static int opal_activate_lsp(struct opal_dev *dev,
2576 struct opal_lr_act *opal_lr_act)
2578 const struct opal_step active_steps[] = {
2579 { start_SIDASP_opal_session, &opal_lr_act->key },
2580 { get_lsp_lifecycle, },
2581 { activate_lsp, opal_lr_act },
2582 { end_opal_session, }
2586 if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2589 mutex_lock(&dev->dev_lock);
2590 setup_opal_dev(dev);
2591 ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
2592 mutex_unlock(&dev->dev_lock);
2597 static int opal_setup_locking_range(struct opal_dev *dev,
2598 struct opal_user_lr_setup *opal_lrs)
2600 const struct opal_step lr_steps[] = {
2601 { start_auth_opal_session, &opal_lrs->session },
2602 { setup_locking_range, opal_lrs },
2603 { end_opal_session, }
2607 mutex_lock(&dev->dev_lock);
2608 setup_opal_dev(dev);
2609 ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2610 mutex_unlock(&dev->dev_lock);
2615 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
2617 const struct opal_step pw_steps[] = {
2618 { start_auth_opal_session, &opal_pw->session },
2619 { set_new_pw, &opal_pw->new_user_pw },
2620 { end_opal_session, }
2624 if (opal_pw->session.who > OPAL_USER9 ||
2625 opal_pw->new_user_pw.who > OPAL_USER9)
2628 mutex_lock(&dev->dev_lock);
2629 setup_opal_dev(dev);
2630 ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
2631 mutex_unlock(&dev->dev_lock);
2636 static int opal_activate_user(struct opal_dev *dev,
2637 struct opal_session_info *opal_session)
2639 const struct opal_step act_steps[] = {
2640 { start_admin1LSP_opal_session, &opal_session->opal_key },
2641 { internal_activate_user, opal_session },
2642 { end_opal_session, }
2646 /* We can't activate Admin1 it's active as manufactured */
2647 if (opal_session->who < OPAL_USER1 ||
2648 opal_session->who > OPAL_USER9) {
2649 pr_debug("Who was not a valid user: %d\n", opal_session->who);
2653 mutex_lock(&dev->dev_lock);
2654 setup_opal_dev(dev);
2655 ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
2656 mutex_unlock(&dev->dev_lock);
2661 bool opal_unlock_from_suspend(struct opal_dev *dev)
2663 struct opal_suspend_data *suspend;
2664 bool was_failure = false;
2670 if (!(dev->flags & OPAL_FL_SUPPORTED))
2673 mutex_lock(&dev->dev_lock);
2674 setup_opal_dev(dev);
2676 list_for_each_entry(suspend, &dev->unlk_lst, node) {
2680 ret = __opal_lock_unlock(dev, &suspend->unlk);
2682 pr_debug("Failed to unlock LR %hhu with sum %d\n",
2683 suspend->unlk.session.opal_key.lr,
2684 suspend->unlk.session.sum);
2688 if (dev->flags & OPAL_FL_MBR_ENABLED) {
2689 ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
2691 pr_debug("Failed to set MBR Done in S3 resume\n");
2694 mutex_unlock(&dev->dev_lock);
2698 EXPORT_SYMBOL(opal_unlock_from_suspend);
2700 static int opal_read_table(struct opal_dev *dev,
2701 struct opal_read_write_table *rw_tbl)
2703 const struct opal_step read_table_steps[] = {
2704 { start_admin1LSP_opal_session, &rw_tbl->key },
2705 { read_table_data, rw_tbl },
2706 { end_opal_session, }
2713 return execute_steps(dev, read_table_steps,
2714 ARRAY_SIZE(read_table_steps));
2717 static int opal_write_table(struct opal_dev *dev,
2718 struct opal_read_write_table *rw_tbl)
2720 const struct opal_step write_table_steps[] = {
2721 { start_admin1LSP_opal_session, &rw_tbl->key },
2722 { write_table_data, rw_tbl },
2723 { end_opal_session, }
2730 return execute_steps(dev, write_table_steps,
2731 ARRAY_SIZE(write_table_steps));
2734 static int opal_generic_read_write_table(struct opal_dev *dev,
2735 struct opal_read_write_table *rw_tbl)
2739 mutex_lock(&dev->dev_lock);
2740 setup_opal_dev(dev);
2742 bit_set = fls64(rw_tbl->flags) - 1;
2744 case OPAL_READ_TABLE:
2745 ret = opal_read_table(dev, rw_tbl);
2747 case OPAL_WRITE_TABLE:
2748 ret = opal_write_table(dev, rw_tbl);
2751 pr_debug("Invalid bit set in the flag (%016llx).\n",
2757 mutex_unlock(&dev->dev_lock);
2762 static int opal_get_status(struct opal_dev *dev, void __user *data)
2764 struct opal_status sts = {0};
2767 * check_opal_support() error is not fatal,
2768 * !dev->supported is a valid condition
2770 if (!check_opal_support(dev))
2771 sts.flags = dev->flags;
2772 if (copy_to_user(data, &sts, sizeof(sts))) {
2773 pr_debug("Error copying status to userspace\n");
2779 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
2784 if (!capable(CAP_SYS_ADMIN))
2788 if (!(dev->flags & OPAL_FL_SUPPORTED))
2792 p = memdup_user(arg, _IOC_SIZE(cmd));
2799 ret = opal_save(dev, p);
2801 case IOC_OPAL_LOCK_UNLOCK:
2802 ret = opal_lock_unlock(dev, p);
2804 case IOC_OPAL_TAKE_OWNERSHIP:
2805 ret = opal_take_ownership(dev, p);
2807 case IOC_OPAL_ACTIVATE_LSP:
2808 ret = opal_activate_lsp(dev, p);
2810 case IOC_OPAL_SET_PW:
2811 ret = opal_set_new_pw(dev, p);
2813 case IOC_OPAL_ACTIVATE_USR:
2814 ret = opal_activate_user(dev, p);
2816 case IOC_OPAL_REVERT_TPR:
2817 ret = opal_reverttper(dev, p, false);
2819 case IOC_OPAL_LR_SETUP:
2820 ret = opal_setup_locking_range(dev, p);
2822 case IOC_OPAL_ADD_USR_TO_LR:
2823 ret = opal_add_user_to_lr(dev, p);
2825 case IOC_OPAL_ENABLE_DISABLE_MBR:
2826 ret = opal_enable_disable_shadow_mbr(dev, p);
2828 case IOC_OPAL_MBR_DONE:
2829 ret = opal_set_mbr_done(dev, p);
2831 case IOC_OPAL_WRITE_SHADOW_MBR:
2832 ret = opal_write_shadow_mbr(dev, p);
2834 case IOC_OPAL_ERASE_LR:
2835 ret = opal_erase_locking_range(dev, p);
2837 case IOC_OPAL_SECURE_ERASE_LR:
2838 ret = opal_secure_erase_locking_range(dev, p);
2840 case IOC_OPAL_PSID_REVERT_TPR:
2841 ret = opal_reverttper(dev, p, true);
2843 case IOC_OPAL_GENERIC_TABLE_RW:
2844 ret = opal_generic_read_write_table(dev, p);
2846 case IOC_OPAL_GET_STATUS:
2847 ret = opal_get_status(dev, arg);
2857 EXPORT_SYMBOL_GPL(sed_ioctl);