block/sed-opal.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 /*
   3  * Copyright © 2016 Intel Corporation
   4  *
   5  * Authors:
   6  *    Scott  Bauer      <scott.bauer@intel.com>
   7  *    Rafael Antognolli <rafael.antognolli@intel.com>
   8  */
   9
  10 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
  11
  12 #include <linux/delay.h>
  13 #include <linux/device.h>
  14 #include <linux/kernel.h>
  15 #include <linux/list.h>
  16 #include <linux/blkdev.h>
  17 #include <linux/slab.h>
  18 #include <linux/uaccess.h>
  19 #include <uapi/linux/sed-opal.h>
  20 #include <linux/sed-opal.h>
  21 #include <linux/string.h>
  22 #include <linux/kdev_t.h>
  23
  24 #include "opal_proto.h"
  25
  26 #define IO_BUFFER_LENGTH 2048
  27 #define MAX_TOKS 64
  28
  29 /* Number of bytes needed by cmd_finalize. */
  30 #define CMD_FINALIZE_BYTES_NEEDED 7
  31
  32 struct opal_step {
  33         int (*fn)(struct opal_dev *dev, void *data);
  34         void *data;
  35 };
  36 typedef int (cont_fn)(struct opal_dev *dev);
  37
  38 enum opal_atom_width {
  39         OPAL_WIDTH_TINY,
  40         OPAL_WIDTH_SHORT,
  41         OPAL_WIDTH_MEDIUM,
  42         OPAL_WIDTH_LONG,
  43         OPAL_WIDTH_TOKEN
  44 };
  45
  46 /*
  47  * On the parsed response, we don't store again the toks that are already
  48  * stored in the response buffer. Instead, for each token, we just store a
  49  * pointer to the position in the buffer where the token starts, and the size
  50  * of the token in bytes.
  51  */
  52 struct opal_resp_tok {
  53         const u8 *pos;
  54         size_t len;
  55         enum opal_response_token type;
  56         enum opal_atom_width width;
  57         union {
  58                 u64 u;
  59                 s64 s;
  60         } stored;
  61 };
  62
  63 /*
  64  * From the response header it's not possible to know how many tokens there are
  65  * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
  66  * if we start dealing with messages that have more than that, we can increase
  67  * this number. This is done to avoid having to make two passes through the
  68  * response, the first one counting how many tokens we have and the second one
  69  * actually storing the positions.
  70  */
  71 struct parsed_resp {
  72         int num;
  73         struct opal_resp_tok toks[MAX_TOKS];
  74 };
  75
  76 struct opal_dev {
  77         u32 flags;
  78
  79         void *data;
  80         sec_send_recv *send_recv;
  81
  82         struct mutex dev_lock;
  83         u16 comid;
  84         u32 hsn;
  85         u32 tsn;
  86         u64 align;
  87         u64 lowest_lba;
  88
  89         size_t pos;
  90         u8 *cmd;
  91         u8 *resp;
  92
  93         struct parsed_resp parsed;
  94         size_t prev_d_len;
  95         void *prev_data;
  96
  97         struct list_head unlk_lst;
  98 };
  99
 100
 101 static const u8 opaluid[][OPAL_UID_LENGTH] = {
 102         /* users */
 103         [OPAL_SMUID_UID] =
 104                 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
 105         [OPAL_THISSP_UID] =
 106                 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
 107         [OPAL_ADMINSP_UID] =
 108                 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
 109         [OPAL_LOCKINGSP_UID] =
 110                 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
 111         [OPAL_ENTERPRISE_LOCKINGSP_UID] =
 112                 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
 113         [OPAL_ANYBODY_UID] =
 114                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
 115         [OPAL_SID_UID] =
 116                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
 117         [OPAL_ADMIN1_UID] =
 118                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
 119         [OPAL_USER1_UID] =
 120                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
 121         [OPAL_USER2_UID] =
 122                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
 123         [OPAL_PSID_UID] =
 124                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
 125         [OPAL_ENTERPRISE_BANDMASTER0_UID] =
 126                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
 127         [OPAL_ENTERPRISE_ERASEMASTER_UID] =
 128                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
 129
 130         /* tables */
 131         [OPAL_TABLE_TABLE] =
 132                 { 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01 },
 133         [OPAL_LOCKINGRANGE_GLOBAL] =
 134                 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
 135         [OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
 136                 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
 137         [OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
 138                 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
 139         [OPAL_MBRCONTROL] =
 140                 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
 141         [OPAL_MBR] =
 142                 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
 143         [OPAL_AUTHORITY_TABLE] =
 144                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
 145         [OPAL_C_PIN_TABLE] =
 146                 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
 147         [OPAL_LOCKING_INFO_TABLE] =
 148                 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
 149         [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
 150                 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
 151         [OPAL_DATASTORE] =
 152                 { 0x00, 0x00, 0x10, 0x01, 0x00, 0x00, 0x00, 0x00 },
 153
 154         /* C_PIN_TABLE object ID's */
 155         [OPAL_C_PIN_MSID] =
 156                 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
 157         [OPAL_C_PIN_SID] =
 158                 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
 159         [OPAL_C_PIN_ADMIN1] =
 160                 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
 161
 162         /* half UID's (only first 4 bytes used) */
 163         [OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
 164                 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
 165         [OPAL_HALF_UID_BOOLEAN_ACE] =
 166                 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
 167
 168         /* special value for omitted optional parameter */
 169         [OPAL_UID_HEXFF] =
 170                 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
 171 };
 172
 173 /*
 174  * TCG Storage SSC Methods.
 175  * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
 176  * Section: 6.3 Assigned UIDs
 177  */
 178 static const u8 opalmethod[][OPAL_METHOD_LENGTH] = {
 179         [OPAL_PROPERTIES] =
 180                 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
 181         [OPAL_STARTSESSION] =
 182                 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
 183         [OPAL_REVERT] =
 184                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
 185         [OPAL_ACTIVATE] =
 186                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
 187         [OPAL_EGET] =
 188                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
 189         [OPAL_ESET] =
 190                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
 191         [OPAL_NEXT] =
 192                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
 193         [OPAL_EAUTHENTICATE] =
 194                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
 195         [OPAL_GETACL] =
 196                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
 197         [OPAL_GENKEY] =
 198                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
 199         [OPAL_REVERTSP] =
 200                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
 201         [OPAL_GET] =
 202                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
 203         [OPAL_SET] =
 204                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
 205         [OPAL_AUTHENTICATE] =
 206                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
 207         [OPAL_RANDOM] =
 208                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
 209         [OPAL_ERASE] =
 210                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
 211 };
 212
 213 static int end_opal_session_error(struct opal_dev *dev);
 214 static int opal_discovery0_step(struct opal_dev *dev);
 215
 216 struct opal_suspend_data {
 217         struct opal_lock_unlock unlk;
 218         u8 lr;
 219         struct list_head node;
 220 };
 221
 222 /*
 223  * Derived from:
 224  * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
 225  * Section: 5.1.5 Method Status Codes
 226  */
 227 static const char * const opal_errors[] = {
 228         "Success",
 229         "Not Authorized",
 230         "Unknown Error",
 231         "SP Busy",
 232         "SP Failed",
 233         "SP Disabled",
 234         "SP Frozen",
 235         "No Sessions Available",
 236         "Uniqueness Conflict",
 237         "Insufficient Space",
 238         "Insufficient Rows",
 239         "Invalid Function",
 240         "Invalid Parameter",
 241         "Invalid Reference",
 242         "Unknown Error",
 243         "TPER Malfunction",
 244         "Transaction Failure",
 245         "Response Overflow",
 246         "Authority Locked Out",
 247 };
 248
 249 static const char *opal_error_to_human(int error)
 250 {
 251         if (error == 0x3f)
 252                 return "Failed";
 253
 254         if (error >= ARRAY_SIZE(opal_errors) || error < 0)
 255                 return "Unknown Error";
 256
 257         return opal_errors[error];
 258 }
 259
 260 static void print_buffer(const u8 *ptr, u32 length)
 261 {
 262 #ifdef DEBUG
 263         print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
 264         pr_debug("\n");
 265 #endif
 266 }
 267
 268 static bool check_tper(const void *data)
 269 {
 270         const struct d0_tper_features *tper = data;
 271         u8 flags = tper->supported_features;
 272
 273         if (!(flags & TPER_SYNC_SUPPORTED)) {
 274                 pr_debug("TPer sync not supported. flags = %d\n",
 275                          tper->supported_features);
 276                 return false;
 277         }
 278
 279         return true;
 280 }
 281
 282 static bool check_lcksuppt(const void *data)
 283 {
 284         const struct d0_locking_features *lfeat = data;
 285         u8 sup_feat = lfeat->supported_features;
 286
 287         return !!(sup_feat & LOCKING_SUPPORTED_MASK);
 288 }
 289
 290 static bool check_lckenabled(const void *data)
 291 {
 292         const struct d0_locking_features *lfeat = data;
 293         u8 sup_feat = lfeat->supported_features;
 294
 295         return !!(sup_feat & LOCKING_ENABLED_MASK);
 296 }
 297
 298 static bool check_locked(const void *data)
 299 {
 300         const struct d0_locking_features *lfeat = data;
 301         u8 sup_feat = lfeat->supported_features;
 302
 303         return !!(sup_feat & LOCKED_MASK);
 304 }
 305
 306 static bool check_mbrenabled(const void *data)
 307 {
 308         const struct d0_locking_features *lfeat = data;
 309         u8 sup_feat = lfeat->supported_features;
 310
 311         return !!(sup_feat & MBR_ENABLED_MASK);
 312 }
 313
 314 static bool check_mbrdone(const void *data)
 315 {
 316         const struct d0_locking_features *lfeat = data;
 317         u8 sup_feat = lfeat->supported_features;
 318
 319         return !!(sup_feat & MBR_DONE_MASK);
 320 }
 321
 322 static bool check_sum(const void *data)
 323 {
 324         const struct d0_single_user_mode *sum = data;
 325         u32 nlo = be32_to_cpu(sum->num_locking_objects);
 326
 327         if (nlo == 0) {
 328                 pr_debug("Need at least one locking object.\n");
 329                 return false;
 330         }
 331
 332         pr_debug("Number of locking objects: %d\n", nlo);
 333
 334         return true;
 335 }
 336
 337 static u16 get_comid_v100(const void *data)
 338 {
 339         const struct d0_opal_v100 *v100 = data;
 340
 341         return be16_to_cpu(v100->baseComID);
 342 }
 343
 344 static u16 get_comid_v200(const void *data)
 345 {
 346         const struct d0_opal_v200 *v200 = data;
 347
 348         return be16_to_cpu(v200->baseComID);
 349 }
 350
 351 static int opal_send_cmd(struct opal_dev *dev)
 352 {
 353         return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
 354                               dev->cmd, IO_BUFFER_LENGTH,
 355                               true);
 356 }
 357
 358 static int opal_recv_cmd(struct opal_dev *dev)
 359 {
 360         return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
 361                               dev->resp, IO_BUFFER_LENGTH,
 362                               false);
 363 }
 364
 365 static int opal_recv_check(struct opal_dev *dev)
 366 {
 367         size_t buflen = IO_BUFFER_LENGTH;
 368         void *buffer = dev->resp;
 369         struct opal_header *hdr = buffer;
 370         int ret;
 371
 372         do {
 373                 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
 374                          hdr->cp.outstandingData,
 375                          hdr->cp.minTransfer);
 376
 377                 if (hdr->cp.outstandingData == 0 ||
 378                     hdr->cp.minTransfer != 0)
 379                         return 0;
 380
 381                 memset(buffer, 0, buflen);
 382                 ret = opal_recv_cmd(dev);
 383         } while (!ret);
 384
 385         return ret;
 386 }
 387
 388 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
 389 {
 390         int ret;
 391
 392         ret = opal_send_cmd(dev);
 393         if (ret)
 394                 return ret;
 395         ret = opal_recv_cmd(dev);
 396         if (ret)
 397                 return ret;
 398         ret = opal_recv_check(dev);
 399         if (ret)
 400                 return ret;
 401         return cont(dev);
 402 }
 403
 404 static void check_geometry(struct opal_dev *dev, const void *data)
 405 {
 406         const struct d0_geometry_features *geo = data;
 407
 408         dev->align = be64_to_cpu(geo->alignment_granularity);
 409         dev->lowest_lba = be64_to_cpu(geo->lowest_aligned_lba);
 410 }
 411
 412 static int execute_step(struct opal_dev *dev,
 413                         const struct opal_step *step, size_t stepIndex)
 414 {
 415         int error = step->fn(dev, step->data);
 416
 417         if (error) {
 418                 pr_debug("Step %zu (%pS) failed with error %d: %s\n",
 419                          stepIndex, step->fn, error,
 420                          opal_error_to_human(error));
 421         }
 422
 423         return error;
 424 }
 425
 426 static int execute_steps(struct opal_dev *dev,
 427                          const struct opal_step *steps, size_t n_steps)
 428 {
 429         size_t state = 0;
 430         int error;
 431
 432         /* first do a discovery0 */
 433         error = opal_discovery0_step(dev);
 434         if (error)
 435                 return error;
 436
 437         for (state = 0; state < n_steps; state++) {
 438                 error = execute_step(dev, &steps[state], state);
 439                 if (error)
 440                         goto out_error;
 441         }
 442
 443         return 0;
 444
 445 out_error:
 446         /*
 447          * For each OPAL command the first step in steps starts some sort of
 448          * session. If an error occurred in the initial discovery0 or if an
 449          * error occurred in the first step (and thus stopping the loop with
 450          * state == 0) then there was an error before or during the attempt to
 451          * start a session. Therefore we shouldn't attempt to terminate a
 452          * session, as one has not yet been created.
 453          */
 454         if (state > 0)
 455                 end_opal_session_error(dev);
 456
 457         return error;
 458 }
 459
 460 static int opal_discovery0_end(struct opal_dev *dev)
 461 {
 462         bool found_com_id = false, supported = true, single_user = false;
 463         const struct d0_header *hdr = (struct d0_header *)dev->resp;
 464         const u8 *epos = dev->resp, *cpos = dev->resp;
 465         u16 comid = 0;
 466         u32 hlen = be32_to_cpu(hdr->length);
 467
 468         print_buffer(dev->resp, hlen);
 469         dev->flags &= OPAL_FL_SUPPORTED;
 470
 471         if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
 472                 pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
 473                          sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
 474                 return -EFAULT;
 475         }
 476
 477         epos += hlen; /* end of buffer */
 478         cpos += sizeof(*hdr); /* current position on buffer */
 479
 480         while (cpos < epos && supported) {
 481                 const struct d0_features *body =
 482                         (const struct d0_features *)cpos;
 483
 484                 switch (be16_to_cpu(body->code)) {
 485                 case FC_TPER:
 486                         supported = check_tper(body->features);
 487                         break;
 488                 case FC_SINGLEUSER:
 489                         single_user = check_sum(body->features);
 490                         if (single_user)
 491                                 dev->flags |= OPAL_FL_SUM_SUPPORTED;
 492                         break;
 493                 case FC_GEOMETRY:
 494                         check_geometry(dev, body);
 495                         break;
 496                 case FC_LOCKING:
 497                         if (check_lcksuppt(body->features))
 498                                 dev->flags |= OPAL_FL_LOCKING_SUPPORTED;
 499                         if (check_lckenabled(body->features))
 500                                 dev->flags |= OPAL_FL_LOCKING_ENABLED;
 501                         if (check_locked(body->features))
 502                                 dev->flags |= OPAL_FL_LOCKED;
 503                         if (check_mbrenabled(body->features))
 504                                 dev->flags |= OPAL_FL_MBR_ENABLED;
 505                         if (check_mbrdone(body->features))
 506                                 dev->flags |= OPAL_FL_MBR_DONE;
 507                         break;
 508                 case FC_ENTERPRISE:
 509                 case FC_DATASTORE:
 510                         /* some ignored properties */
 511                         pr_debug("Found OPAL feature description: %d\n",
 512                                  be16_to_cpu(body->code));
 513                         break;
 514                 case FC_OPALV100:
 515                         comid = get_comid_v100(body->features);
 516                         found_com_id = true;
 517                         break;
 518                 case FC_OPALV200:
 519                         comid = get_comid_v200(body->features);
 520                         found_com_id = true;
 521                         break;
 522                 case 0xbfff ... 0xffff:
 523                         /* vendor specific, just ignore */
 524                         break;
 525                 default:
 526                         pr_debug("OPAL Unknown feature: %d\n",
 527                                  be16_to_cpu(body->code));
 528
 529                 }
 530                 cpos += body->length + 4;
 531         }
 532
 533         if (!supported) {
 534                 pr_debug("This device is not Opal enabled. Not Supported!\n");
 535                 return -EOPNOTSUPP;
 536         }
 537
 538         if (!single_user)
 539                 pr_debug("Device doesn't support single user mode\n");
 540
 541
 542         if (!found_com_id) {
 543                 pr_debug("Could not find OPAL comid for device. Returning early\n");
 544                 return -EOPNOTSUPP;
 545         }
 546
 547         dev->comid = comid;
 548
 549         return 0;
 550 }
 551
 552 static int opal_discovery0(struct opal_dev *dev, void *data)
 553 {
 554         int ret;
 555
 556         memset(dev->resp, 0, IO_BUFFER_LENGTH);
 557         dev->comid = OPAL_DISCOVERY_COMID;
 558         ret = opal_recv_cmd(dev);
 559         if (ret)
 560                 return ret;
 561
 562         return opal_discovery0_end(dev);
 563 }
 564
 565 static int opal_discovery0_step(struct opal_dev *dev)
 566 {
 567         const struct opal_step discovery0_step = {
 568                 opal_discovery0,
 569         };
 570
 571         return execute_step(dev, &discovery0_step, 0);
 572 }
 573
 574 static size_t remaining_size(struct opal_dev *cmd)
 575 {
 576         return IO_BUFFER_LENGTH - cmd->pos;
 577 }
 578
 579 static bool can_add(int *err, struct opal_dev *cmd, size_t len)
 580 {
 581         if (*err)
 582                 return false;
 583
 584         if (remaining_size(cmd) < len) {
 585                 pr_debug("Error adding %zu bytes: end of buffer.\n", len);
 586                 *err = -ERANGE;
 587                 return false;
 588         }
 589
 590         return true;
 591 }
 592
 593 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
 594 {
 595         if (!can_add(err, cmd, 1))
 596                 return;
 597
 598         cmd->cmd[cmd->pos++] = tok;
 599 }
 600
 601 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
 602                                   bool has_sign, int len)
 603 {
 604         u8 atom;
 605         int err = 0;
 606
 607         atom = SHORT_ATOM_ID;
 608         atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
 609         atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
 610         atom |= len & SHORT_ATOM_LEN_MASK;
 611
 612         add_token_u8(&err, cmd, atom);
 613 }
 614
 615 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
 616                                    bool has_sign, int len)
 617 {
 618         u8 header0;
 619
 620         header0 = MEDIUM_ATOM_ID;
 621         header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
 622         header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
 623         header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
 624
 625         cmd->cmd[cmd->pos++] = header0;
 626         cmd->cmd[cmd->pos++] = len;
 627 }
 628
 629 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
 630 {
 631         size_t len;
 632         int msb;
 633
 634         if (!(number & ~TINY_ATOM_DATA_MASK)) {
 635                 add_token_u8(err, cmd, number);
 636                 return;
 637         }
 638
 639         msb = fls64(number);
 640         len = DIV_ROUND_UP(msb, 8);
 641
 642         if (!can_add(err, cmd, len + 1)) {
 643                 pr_debug("Error adding u64: end of buffer.\n");
 644                 return;
 645         }
 646         add_short_atom_header(cmd, false, false, len);
 647         while (len--)
 648                 add_token_u8(err, cmd, number >> (len * 8));
 649 }
 650
 651 static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len)
 652 {
 653         size_t header_len = 1;
 654         bool is_short_atom = true;
 655
 656         if (len & ~SHORT_ATOM_LEN_MASK) {
 657                 header_len = 2;
 658                 is_short_atom = false;
 659         }
 660
 661         if (!can_add(err, cmd, header_len + len)) {
 662                 pr_debug("Error adding bytestring: end of buffer.\n");
 663                 return NULL;
 664         }
 665
 666         if (is_short_atom)
 667                 add_short_atom_header(cmd, true, false, len);
 668         else
 669                 add_medium_atom_header(cmd, true, false, len);
 670
 671         return &cmd->cmd[cmd->pos];
 672 }
 673
 674 static void add_token_bytestring(int *err, struct opal_dev *cmd,
 675                                  const u8 *bytestring, size_t len)
 676 {
 677         u8 *start;
 678
 679         start = add_bytestring_header(err, cmd, len);
 680         if (!start)
 681                 return;
 682         memcpy(start, bytestring, len);
 683         cmd->pos += len;
 684 }
 685
 686 static int build_locking_range(u8 *buffer, size_t length, u8 lr)
 687 {
 688         if (length > OPAL_UID_LENGTH) {
 689                 pr_debug("Can't build locking range. Length OOB\n");
 690                 return -ERANGE;
 691         }
 692
 693         memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
 694
 695         if (lr == 0)
 696                 return 0;
 697
 698         buffer[5] = LOCKING_RANGE_NON_GLOBAL;
 699         buffer[7] = lr;
 700
 701         return 0;
 702 }
 703
 704 static int build_locking_user(u8 *buffer, size_t length, u8 lr)
 705 {
 706         if (length > OPAL_UID_LENGTH) {
 707                 pr_debug("Can't build locking range user. Length OOB\n");
 708                 return -ERANGE;
 709         }
 710
 711         memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
 712
 713         buffer[7] = lr + 1;
 714
 715         return 0;
 716 }
 717
 718 static void set_comid(struct opal_dev *cmd, u16 comid)
 719 {
 720         struct opal_header *hdr = (struct opal_header *)cmd->cmd;
 721
 722         hdr->cp.extendedComID[0] = comid >> 8;
 723         hdr->cp.extendedComID[1] = comid;
 724         hdr->cp.extendedComID[2] = 0;
 725         hdr->cp.extendedComID[3] = 0;
 726 }
 727
 728 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
 729 {
 730         struct opal_header *hdr;
 731         int err = 0;
 732
 733         /*
 734          * Close the parameter list opened from cmd_start.
 735          * The number of bytes added must be equal to
 736          * CMD_FINALIZE_BYTES_NEEDED.
 737          */
 738         add_token_u8(&err, cmd, OPAL_ENDLIST);
 739
 740         add_token_u8(&err, cmd, OPAL_ENDOFDATA);
 741         add_token_u8(&err, cmd, OPAL_STARTLIST);
 742         add_token_u8(&err, cmd, 0);
 743         add_token_u8(&err, cmd, 0);
 744         add_token_u8(&err, cmd, 0);
 745         add_token_u8(&err, cmd, OPAL_ENDLIST);
 746
 747         if (err) {
 748                 pr_debug("Error finalizing command.\n");
 749                 return -EFAULT;
 750         }
 751
 752         hdr = (struct opal_header *) cmd->cmd;
 753
 754         hdr->pkt.tsn = cpu_to_be32(tsn);
 755         hdr->pkt.hsn = cpu_to_be32(hsn);
 756
 757         hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
 758         while (cmd->pos % 4) {
 759                 if (cmd->pos >= IO_BUFFER_LENGTH) {
 760                         pr_debug("Error: Buffer overrun\n");
 761                         return -ERANGE;
 762                 }
 763                 cmd->cmd[cmd->pos++] = 0;
 764         }
 765         hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
 766                                       sizeof(hdr->pkt));
 767         hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
 768
 769         return 0;
 770 }
 771
 772 static const struct opal_resp_tok *response_get_token(
 773                                 const struct parsed_resp *resp,
 774                                 int n)
 775 {
 776         const struct opal_resp_tok *tok;
 777
 778         if (!resp) {
 779                 pr_debug("Response is NULL\n");
 780                 return ERR_PTR(-EINVAL);
 781         }
 782
 783         if (n >= resp->num) {
 784                 pr_debug("Token number doesn't exist: %d, resp: %d\n",
 785                          n, resp->num);
 786                 return ERR_PTR(-EINVAL);
 787         }
 788
 789         tok = &resp->toks[n];
 790         if (tok->len == 0) {
 791                 pr_debug("Token length must be non-zero\n");
 792                 return ERR_PTR(-EINVAL);
 793         }
 794
 795         return tok;
 796 }
 797
 798 static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
 799                                    const u8 *pos)
 800 {
 801         tok->pos = pos;
 802         tok->len = 1;
 803         tok->width = OPAL_WIDTH_TINY;
 804
 805         if (pos[0] & TINY_ATOM_SIGNED) {
 806                 tok->type = OPAL_DTA_TOKENID_SINT;
 807         } else {
 808                 tok->type = OPAL_DTA_TOKENID_UINT;
 809                 tok->stored.u = pos[0] & 0x3f;
 810         }
 811
 812         return tok->len;
 813 }
 814
 815 static ssize_t response_parse_short(struct opal_resp_tok *tok,
 816                                     const u8 *pos)
 817 {
 818         tok->pos = pos;
 819         tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
 820         tok->width = OPAL_WIDTH_SHORT;
 821
 822         if (pos[0] & SHORT_ATOM_BYTESTRING) {
 823                 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
 824         } else if (pos[0] & SHORT_ATOM_SIGNED) {
 825                 tok->type = OPAL_DTA_TOKENID_SINT;
 826         } else {
 827                 u64 u_integer = 0;
 828                 ssize_t i, b = 0;
 829
 830                 tok->type = OPAL_DTA_TOKENID_UINT;
 831                 if (tok->len > 9) {
 832                         pr_debug("uint64 with more than 8 bytes\n");
 833                         return -EINVAL;
 834                 }
 835                 for (i = tok->len - 1; i > 0; i--) {
 836                         u_integer |= ((u64)pos[i] << (8 * b));
 837                         b++;
 838                 }
 839                 tok->stored.u = u_integer;
 840         }
 841
 842         return tok->len;
 843 }
 844
 845 static ssize_t response_parse_medium(struct opal_resp_tok *tok,
 846                                      const u8 *pos)
 847 {
 848         tok->pos = pos;
 849         tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
 850         tok->width = OPAL_WIDTH_MEDIUM;
 851
 852         if (pos[0] & MEDIUM_ATOM_BYTESTRING)
 853                 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
 854         else if (pos[0] & MEDIUM_ATOM_SIGNED)
 855                 tok->type = OPAL_DTA_TOKENID_SINT;
 856         else
 857                 tok->type = OPAL_DTA_TOKENID_UINT;
 858
 859         return tok->len;
 860 }
 861
 862 static ssize_t response_parse_long(struct opal_resp_tok *tok,
 863                                    const u8 *pos)
 864 {
 865         tok->pos = pos;
 866         tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
 867         tok->width = OPAL_WIDTH_LONG;
 868
 869         if (pos[0] & LONG_ATOM_BYTESTRING)
 870                 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
 871         else if (pos[0] & LONG_ATOM_SIGNED)
 872                 tok->type = OPAL_DTA_TOKENID_SINT;
 873         else
 874                 tok->type = OPAL_DTA_TOKENID_UINT;
 875
 876         return tok->len;
 877 }
 878
 879 static ssize_t response_parse_token(struct opal_resp_tok *tok,
 880                                     const u8 *pos)
 881 {
 882         tok->pos = pos;
 883         tok->len = 1;
 884         tok->type = OPAL_DTA_TOKENID_TOKEN;
 885         tok->width = OPAL_WIDTH_TOKEN;
 886
 887         return tok->len;
 888 }
 889
 890 static int response_parse(const u8 *buf, size_t length,
 891                           struct parsed_resp *resp)
 892 {
 893         const struct opal_header *hdr;
 894         struct opal_resp_tok *iter;
 895         int num_entries = 0;
 896         int total;
 897         ssize_t token_length;
 898         const u8 *pos;
 899         u32 clen, plen, slen;
 900
 901         if (!buf)
 902                 return -EFAULT;
 903
 904         if (!resp)
 905                 return -EFAULT;
 906
 907         hdr = (struct opal_header *)buf;
 908         pos = buf;
 909         pos += sizeof(*hdr);
 910
 911         clen = be32_to_cpu(hdr->cp.length);
 912         plen = be32_to_cpu(hdr->pkt.length);
 913         slen = be32_to_cpu(hdr->subpkt.length);
 914         pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
 915                  clen, plen, slen);
 916
 917         if (clen == 0 || plen == 0 || slen == 0 ||
 918             slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
 919                 pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
 920                          clen, plen, slen);
 921                 print_buffer(pos, sizeof(*hdr));
 922                 return -EINVAL;
 923         }
 924
 925         if (pos > buf + length)
 926                 return -EFAULT;
 927
 928         iter = resp->toks;
 929         total = slen;
 930         print_buffer(pos, total);
 931         while (total > 0) {
 932                 if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
 933                         token_length = response_parse_tiny(iter, pos);
 934                 else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
 935                         token_length = response_parse_short(iter, pos);
 936                 else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
 937                         token_length = response_parse_medium(iter, pos);
 938                 else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
 939                         token_length = response_parse_long(iter, pos);
 940                 else /* TOKEN */
 941                         token_length = response_parse_token(iter, pos);
 942
 943                 if (token_length < 0)
 944                         return token_length;
 945
 946                 pos += token_length;
 947                 total -= token_length;
 948                 iter++;
 949                 num_entries++;
 950         }
 951
 952         resp->num = num_entries;
 953
 954         return 0;
 955 }
 956
 957 static size_t response_get_string(const struct parsed_resp *resp, int n,
 958                                   const char **store)
 959 {
 960         u8 skip;
 961         const struct opal_resp_tok *tok;
 962
 963         *store = NULL;
 964         tok = response_get_token(resp, n);
 965         if (IS_ERR(tok))
 966                 return 0;
 967
 968         if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) {
 969                 pr_debug("Token is not a byte string!\n");
 970                 return 0;
 971         }
 972
 973         switch (tok->width) {
 974         case OPAL_WIDTH_TINY:
 975         case OPAL_WIDTH_SHORT:
 976                 skip = 1;
 977                 break;
 978         case OPAL_WIDTH_MEDIUM:
 979                 skip = 2;
 980                 break;
 981         case OPAL_WIDTH_LONG:
 982                 skip = 4;
 983                 break;
 984         default:
 985                 pr_debug("Token has invalid width!\n");
 986                 return 0;
 987         }
 988
 989         *store = tok->pos + skip;
 990
 991         return tok->len - skip;
 992 }
 993
 994 static u64 response_get_u64(const struct parsed_resp *resp, int n)
 995 {
 996         const struct opal_resp_tok *tok;
 997
 998         tok = response_get_token(resp, n);
 999         if (IS_ERR(tok))
1000                 return 0;
1001
1002         if (tok->type != OPAL_DTA_TOKENID_UINT) {
1003                 pr_debug("Token is not unsigned int: %d\n", tok->type);
1004                 return 0;
1005         }
1006
1007         if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) {
1008                 pr_debug("Atom is not short or tiny: %d\n", tok->width);
1009                 return 0;
1010         }
1011
1012         return tok->stored.u;
1013 }
1014
1015 static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
1016 {
1017         if (IS_ERR(token) ||
1018             token->type != OPAL_DTA_TOKENID_TOKEN ||
1019             token->pos[0] != match)
1020                 return false;
1021         return true;
1022 }
1023
1024 static u8 response_status(const struct parsed_resp *resp)
1025 {
1026         const struct opal_resp_tok *tok;
1027
1028         tok = response_get_token(resp, 0);
1029         if (response_token_matches(tok, OPAL_ENDOFSESSION))
1030                 return 0;
1031
1032         if (resp->num < 5)
1033                 return DTAERROR_NO_METHOD_STATUS;
1034
1035         tok = response_get_token(resp, resp->num - 5);
1036         if (!response_token_matches(tok, OPAL_STARTLIST))
1037                 return DTAERROR_NO_METHOD_STATUS;
1038
1039         tok = response_get_token(resp, resp->num - 1);
1040         if (!response_token_matches(tok, OPAL_ENDLIST))
1041                 return DTAERROR_NO_METHOD_STATUS;
1042
1043         return response_get_u64(resp, resp->num - 4);
1044 }
1045
1046 /* Parses and checks for errors */
1047 static int parse_and_check_status(struct opal_dev *dev)
1048 {
1049         int error;
1050
1051         print_buffer(dev->cmd, dev->pos);
1052
1053         error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
1054         if (error) {
1055                 pr_debug("Couldn't parse response.\n");
1056                 return error;
1057         }
1058
1059         return response_status(&dev->parsed);
1060 }
1061
1062 static void clear_opal_cmd(struct opal_dev *dev)
1063 {
1064         dev->pos = sizeof(struct opal_header);
1065         memset(dev->cmd, 0, IO_BUFFER_LENGTH);
1066 }
1067
1068 static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method)
1069 {
1070         int err = 0;
1071
1072         clear_opal_cmd(dev);
1073         set_comid(dev, dev->comid);
1074
1075         add_token_u8(&err, dev, OPAL_CALL);
1076         add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1077         add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH);
1078
1079         /*
1080          * Every method call is followed by its parameters enclosed within
1081          * OPAL_STARTLIST and OPAL_ENDLIST tokens. We automatically open the
1082          * parameter list here and close it later in cmd_finalize.
1083          */
1084         add_token_u8(&err, dev, OPAL_STARTLIST);
1085
1086         return err;
1087 }
1088
1089 static int start_opal_session_cont(struct opal_dev *dev)
1090 {
1091         u32 hsn, tsn;
1092         int error = 0;
1093
1094         error = parse_and_check_status(dev);
1095         if (error)
1096                 return error;
1097
1098         hsn = response_get_u64(&dev->parsed, 4);
1099         tsn = response_get_u64(&dev->parsed, 5);
1100
1101         if (hsn != GENERIC_HOST_SESSION_NUM || tsn < FIRST_TPER_SESSION_NUM) {
1102                 pr_debug("Couldn't authenticate session\n");
1103                 return -EPERM;
1104         }
1105
1106         dev->hsn = hsn;
1107         dev->tsn = tsn;
1108
1109         return 0;
1110 }
1111
1112 static void add_suspend_info(struct opal_dev *dev,
1113                              struct opal_suspend_data *sus)
1114 {
1115         struct opal_suspend_data *iter;
1116
1117         list_for_each_entry(iter, &dev->unlk_lst, node) {
1118                 if (iter->lr == sus->lr) {
1119                         list_del(&iter->node);
1120                         kfree(iter);
1121                         break;
1122                 }
1123         }
1124         list_add_tail(&sus->node, &dev->unlk_lst);
1125 }
1126
1127 static int end_session_cont(struct opal_dev *dev)
1128 {
1129         dev->hsn = 0;
1130         dev->tsn = 0;
1131
1132         return parse_and_check_status(dev);
1133 }
1134
1135 static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1136 {
1137         int ret;
1138
1139         ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1140         if (ret) {
1141                 pr_debug("Error finalizing command buffer: %d\n", ret);
1142                 return ret;
1143         }
1144
1145         print_buffer(dev->cmd, dev->pos);
1146
1147         return opal_send_recv(dev, cont);
1148 }
1149
1150 /*
1151  * request @column from table @table on device @dev. On success, the column
1152  * data will be available in dev->resp->tok[4]
1153  */
1154 static int generic_get_column(struct opal_dev *dev, const u8 *table,
1155                               u64 column)
1156 {
1157         int err;
1158
1159         err = cmd_start(dev, table, opalmethod[OPAL_GET]);
1160
1161         add_token_u8(&err, dev, OPAL_STARTLIST);
1162
1163         add_token_u8(&err, dev, OPAL_STARTNAME);
1164         add_token_u8(&err, dev, OPAL_STARTCOLUMN);
1165         add_token_u64(&err, dev, column);
1166         add_token_u8(&err, dev, OPAL_ENDNAME);
1167
1168         add_token_u8(&err, dev, OPAL_STARTNAME);
1169         add_token_u8(&err, dev, OPAL_ENDCOLUMN);
1170         add_token_u64(&err, dev, column);
1171         add_token_u8(&err, dev, OPAL_ENDNAME);
1172
1173         add_token_u8(&err, dev, OPAL_ENDLIST);
1174
1175         if (err)
1176                 return err;
1177
1178         return finalize_and_send(dev, parse_and_check_status);
1179 }
1180
1181 /*
1182  * see TCG SAS 5.3.2.3 for a description of the available columns
1183  *
1184  * the result is provided in dev->resp->tok[4]
1185  */
1186 static int generic_get_table_info(struct opal_dev *dev, const u8 *table_uid,
1187                                   u64 column)
1188 {
1189         u8 uid[OPAL_UID_LENGTH];
1190         const unsigned int half = OPAL_UID_LENGTH_HALF;
1191
1192         /* sed-opal UIDs can be split in two halves:
1193          *  first:  actual table index
1194          *  second: relative index in the table
1195          * so we have to get the first half of the OPAL_TABLE_TABLE and use the
1196          * first part of the target table as relative index into that table
1197          */
1198         memcpy(uid, opaluid[OPAL_TABLE_TABLE], half);
1199         memcpy(uid + half, table_uid, half);
1200
1201         return generic_get_column(dev, uid, column);
1202 }
1203
1204 static int gen_key(struct opal_dev *dev, void *data)
1205 {
1206         u8 uid[OPAL_UID_LENGTH];
1207         int err;
1208
1209         memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1210         kfree(dev->prev_data);
1211         dev->prev_data = NULL;
1212
1213         err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]);
1214
1215         if (err) {
1216                 pr_debug("Error building gen key command\n");
1217                 return err;
1218
1219         }
1220
1221         return finalize_and_send(dev, parse_and_check_status);
1222 }
1223
1224 static int get_active_key_cont(struct opal_dev *dev)
1225 {
1226         const char *activekey;
1227         size_t keylen;
1228         int error = 0;
1229
1230         error = parse_and_check_status(dev);
1231         if (error)
1232                 return error;
1233
1234         keylen = response_get_string(&dev->parsed, 4, &activekey);
1235         if (!activekey) {
1236                 pr_debug("%s: Couldn't extract the Activekey from the response\n",
1237                          __func__);
1238                 return OPAL_INVAL_PARAM;
1239         }
1240
1241         dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1242
1243         if (!dev->prev_data)
1244                 return -ENOMEM;
1245
1246         dev->prev_d_len = keylen;
1247
1248         return 0;
1249 }
1250
1251 static int get_active_key(struct opal_dev *dev, void *data)
1252 {
1253         u8 uid[OPAL_UID_LENGTH];
1254         int err;
1255         u8 *lr = data;
1256
1257         err = build_locking_range(uid, sizeof(uid), *lr);
1258         if (err)
1259                 return err;
1260
1261         err = generic_get_column(dev, uid, OPAL_ACTIVEKEY);
1262         if (err)
1263                 return err;
1264
1265         return get_active_key_cont(dev);
1266 }
1267
1268 static int generic_table_write_data(struct opal_dev *dev, const u64 data,
1269                                     u64 offset, u64 size, const u8 *uid)
1270 {
1271         const u8 __user *src = (u8 __user *)(uintptr_t)data;
1272         u8 *dst;
1273         u64 len;
1274         size_t off = 0;
1275         int err;
1276
1277         /* do we fit in the available space? */
1278         err = generic_get_table_info(dev, uid, OPAL_TABLE_ROWS);
1279         if (err) {
1280                 pr_debug("Couldn't get the table size\n");
1281                 return err;
1282         }
1283
1284         len = response_get_u64(&dev->parsed, 4);
1285         if (size > len || offset > len - size) {
1286                 pr_debug("Does not fit in the table (%llu vs. %llu)\n",
1287                           offset + size, len);
1288                 return -ENOSPC;
1289         }
1290
1291         /* do the actual transmission(s) */
1292         while (off < size) {
1293                 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1294                 add_token_u8(&err, dev, OPAL_STARTNAME);
1295                 add_token_u8(&err, dev, OPAL_WHERE);
1296                 add_token_u64(&err, dev, offset + off);
1297                 add_token_u8(&err, dev, OPAL_ENDNAME);
1298
1299                 add_token_u8(&err, dev, OPAL_STARTNAME);
1300                 add_token_u8(&err, dev, OPAL_VALUES);
1301
1302                 /*
1303                  * The bytestring header is either 1 or 2 bytes, so assume 2.
1304                  * There also needs to be enough space to accommodate the
1305                  * trailing OPAL_ENDNAME (1 byte) and tokens added by
1306                  * cmd_finalize.
1307                  */
1308                 len = min(remaining_size(dev) - (2+1+CMD_FINALIZE_BYTES_NEEDED),
1309                           (size_t)(size - off));
1310                 pr_debug("Write bytes %zu+%llu/%llu\n", off, len, size);
1311
1312                 dst = add_bytestring_header(&err, dev, len);
1313                 if (!dst)
1314                         break;
1315
1316                 if (copy_from_user(dst, src + off, len)) {
1317                         err = -EFAULT;
1318                         break;
1319                 }
1320
1321                 dev->pos += len;
1322
1323                 add_token_u8(&err, dev, OPAL_ENDNAME);
1324                 if (err)
1325                         break;
1326
1327                 err = finalize_and_send(dev, parse_and_check_status);
1328                 if (err)
1329                         break;
1330
1331                 off += len;
1332         }
1333
1334         return err;
1335 }
1336
1337 static int generic_lr_enable_disable(struct opal_dev *dev,
1338                                      u8 *uid, bool rle, bool wle,
1339                                      bool rl, bool wl)
1340 {
1341         int err;
1342
1343         err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1344
1345         add_token_u8(&err, dev, OPAL_STARTNAME);
1346         add_token_u8(&err, dev, OPAL_VALUES);
1347         add_token_u8(&err, dev, OPAL_STARTLIST);
1348
1349         add_token_u8(&err, dev, OPAL_STARTNAME);
1350         add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1351         add_token_u8(&err, dev, rle);
1352         add_token_u8(&err, dev, OPAL_ENDNAME);
1353
1354         add_token_u8(&err, dev, OPAL_STARTNAME);
1355         add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1356         add_token_u8(&err, dev, wle);
1357         add_token_u8(&err, dev, OPAL_ENDNAME);
1358
1359         add_token_u8(&err, dev, OPAL_STARTNAME);
1360         add_token_u8(&err, dev, OPAL_READLOCKED);
1361         add_token_u8(&err, dev, rl);
1362         add_token_u8(&err, dev, OPAL_ENDNAME);
1363
1364         add_token_u8(&err, dev, OPAL_STARTNAME);
1365         add_token_u8(&err, dev, OPAL_WRITELOCKED);
1366         add_token_u8(&err, dev, wl);
1367         add_token_u8(&err, dev, OPAL_ENDNAME);
1368
1369         add_token_u8(&err, dev, OPAL_ENDLIST);
1370         add_token_u8(&err, dev, OPAL_ENDNAME);
1371
1372         return err;
1373 }
1374
1375 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1376                                    struct opal_user_lr_setup *setup)
1377 {
1378         int err;
1379
1380         err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1381                                         0, 0);
1382         if (err)
1383                 pr_debug("Failed to create enable global lr command\n");
1384
1385         return err;
1386 }
1387
1388 static int setup_locking_range(struct opal_dev *dev, void *data)
1389 {
1390         u8 uid[OPAL_UID_LENGTH];
1391         struct opal_user_lr_setup *setup = data;
1392         u8 lr;
1393         int err;
1394
1395         lr = setup->session.opal_key.lr;
1396         err = build_locking_range(uid, sizeof(uid), lr);
1397         if (err)
1398                 return err;
1399
1400         if (lr == 0)
1401                 err = enable_global_lr(dev, uid, setup);
1402         else {
1403                 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1404
1405                 add_token_u8(&err, dev, OPAL_STARTNAME);
1406                 add_token_u8(&err, dev, OPAL_VALUES);
1407                 add_token_u8(&err, dev, OPAL_STARTLIST);
1408
1409                 add_token_u8(&err, dev, OPAL_STARTNAME);
1410                 add_token_u8(&err, dev, OPAL_RANGESTART);
1411                 add_token_u64(&err, dev, setup->range_start);
1412                 add_token_u8(&err, dev, OPAL_ENDNAME);
1413
1414                 add_token_u8(&err, dev, OPAL_STARTNAME);
1415                 add_token_u8(&err, dev, OPAL_RANGELENGTH);
1416                 add_token_u64(&err, dev, setup->range_length);
1417                 add_token_u8(&err, dev, OPAL_ENDNAME);
1418
1419                 add_token_u8(&err, dev, OPAL_STARTNAME);
1420                 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1421                 add_token_u64(&err, dev, !!setup->RLE);
1422                 add_token_u8(&err, dev, OPAL_ENDNAME);
1423
1424                 add_token_u8(&err, dev, OPAL_STARTNAME);
1425                 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1426                 add_token_u64(&err, dev, !!setup->WLE);
1427                 add_token_u8(&err, dev, OPAL_ENDNAME);
1428
1429                 add_token_u8(&err, dev, OPAL_ENDLIST);
1430                 add_token_u8(&err, dev, OPAL_ENDNAME);
1431         }
1432         if (err) {
1433                 pr_debug("Error building Setup Locking range command.\n");
1434                 return err;
1435         }
1436
1437         return finalize_and_send(dev, parse_and_check_status);
1438 }
1439
1440 static int start_generic_opal_session(struct opal_dev *dev,
1441                                       enum opal_uid auth,
1442                                       enum opal_uid sp_type,
1443                                       const char *key,
1444                                       u8 key_len)
1445 {
1446         u32 hsn;
1447         int err;
1448
1449         if (key == NULL && auth != OPAL_ANYBODY_UID)
1450                 return OPAL_INVAL_PARAM;
1451
1452         hsn = GENERIC_HOST_SESSION_NUM;
1453         err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1454                         opalmethod[OPAL_STARTSESSION]);
1455
1456         add_token_u64(&err, dev, hsn);
1457         add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1458         add_token_u8(&err, dev, 1);
1459
1460         switch (auth) {
1461         case OPAL_ANYBODY_UID:
1462                 break;
1463         case OPAL_ADMIN1_UID:
1464         case OPAL_SID_UID:
1465         case OPAL_PSID_UID:
1466                 add_token_u8(&err, dev, OPAL_STARTNAME);
1467                 add_token_u8(&err, dev, 0); /* HostChallenge */
1468                 add_token_bytestring(&err, dev, key, key_len);
1469                 add_token_u8(&err, dev, OPAL_ENDNAME);
1470                 add_token_u8(&err, dev, OPAL_STARTNAME);
1471                 add_token_u8(&err, dev, 3); /* HostSignAuth */
1472                 add_token_bytestring(&err, dev, opaluid[auth],
1473                                      OPAL_UID_LENGTH);
1474                 add_token_u8(&err, dev, OPAL_ENDNAME);
1475                 break;
1476         default:
1477                 pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1478                 return OPAL_INVAL_PARAM;
1479         }
1480
1481         if (err) {
1482                 pr_debug("Error building start adminsp session command.\n");
1483                 return err;
1484         }
1485
1486         return finalize_and_send(dev, start_opal_session_cont);
1487 }
1488
1489 static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1490 {
1491         return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1492                                           OPAL_ADMINSP_UID, NULL, 0);
1493 }
1494
1495 static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1496 {
1497         int ret;
1498         const u8 *key = dev->prev_data;
1499
1500         if (!key) {
1501                 const struct opal_key *okey = data;
1502
1503                 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1504                                                  OPAL_ADMINSP_UID,
1505                                                  okey->key,
1506                                                  okey->key_len);
1507         } else {
1508                 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1509                                                  OPAL_ADMINSP_UID,
1510                                                  key, dev->prev_d_len);
1511                 kfree(key);
1512                 dev->prev_data = NULL;
1513         }
1514
1515         return ret;
1516 }
1517
1518 static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1519 {
1520         struct opal_key *key = data;
1521
1522         return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1523                                           OPAL_LOCKINGSP_UID,
1524                                           key->key, key->key_len);
1525 }
1526
1527 static int start_PSID_opal_session(struct opal_dev *dev, void *data)
1528 {
1529         const struct opal_key *okey = data;
1530
1531         return start_generic_opal_session(dev, OPAL_PSID_UID,
1532                                           OPAL_ADMINSP_UID,
1533                                           okey->key,
1534                                           okey->key_len);
1535 }
1536
1537 static int start_auth_opal_session(struct opal_dev *dev, void *data)
1538 {
1539         struct opal_session_info *session = data;
1540         u8 lk_ul_user[OPAL_UID_LENGTH];
1541         size_t keylen = session->opal_key.key_len;
1542         int err = 0;
1543
1544         u8 *key = session->opal_key.key;
1545         u32 hsn = GENERIC_HOST_SESSION_NUM;
1546
1547         if (session->sum)
1548                 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1549                                          session->opal_key.lr);
1550         else if (session->who != OPAL_ADMIN1 && !session->sum)
1551                 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1552                                          session->who - 1);
1553         else
1554                 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1555
1556         if (err)
1557                 return err;
1558
1559         err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1560                         opalmethod[OPAL_STARTSESSION]);
1561
1562         add_token_u64(&err, dev, hsn);
1563         add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1564                              OPAL_UID_LENGTH);
1565         add_token_u8(&err, dev, 1);
1566         add_token_u8(&err, dev, OPAL_STARTNAME);
1567         add_token_u8(&err, dev, 0);
1568         add_token_bytestring(&err, dev, key, keylen);
1569         add_token_u8(&err, dev, OPAL_ENDNAME);
1570         add_token_u8(&err, dev, OPAL_STARTNAME);
1571         add_token_u8(&err, dev, 3);
1572         add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1573         add_token_u8(&err, dev, OPAL_ENDNAME);
1574
1575         if (err) {
1576                 pr_debug("Error building STARTSESSION command.\n");
1577                 return err;
1578         }
1579
1580         return finalize_and_send(dev, start_opal_session_cont);
1581 }
1582
1583 static int revert_tper(struct opal_dev *dev, void *data)
1584 {
1585         int err;
1586
1587         err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID],
1588                         opalmethod[OPAL_REVERT]);
1589         if (err) {
1590                 pr_debug("Error building REVERT TPER command.\n");
1591                 return err;
1592         }
1593
1594         return finalize_and_send(dev, parse_and_check_status);
1595 }
1596
1597 static int internal_activate_user(struct opal_dev *dev, void *data)
1598 {
1599         struct opal_session_info *session = data;
1600         u8 uid[OPAL_UID_LENGTH];
1601         int err;
1602
1603         memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1604         uid[7] = session->who;
1605
1606         err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1607         add_token_u8(&err, dev, OPAL_STARTNAME);
1608         add_token_u8(&err, dev, OPAL_VALUES);
1609         add_token_u8(&err, dev, OPAL_STARTLIST);
1610         add_token_u8(&err, dev, OPAL_STARTNAME);
1611         add_token_u8(&err, dev, 5); /* Enabled */
1612         add_token_u8(&err, dev, OPAL_TRUE);
1613         add_token_u8(&err, dev, OPAL_ENDNAME);
1614         add_token_u8(&err, dev, OPAL_ENDLIST);
1615         add_token_u8(&err, dev, OPAL_ENDNAME);
1616
1617         if (err) {
1618                 pr_debug("Error building Activate UserN command.\n");
1619                 return err;
1620         }
1621
1622         return finalize_and_send(dev, parse_and_check_status);
1623 }
1624
1625 static int erase_locking_range(struct opal_dev *dev, void *data)
1626 {
1627         struct opal_session_info *session = data;
1628         u8 uid[OPAL_UID_LENGTH];
1629         int err;
1630
1631         if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1632                 return -ERANGE;
1633
1634         err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]);
1635
1636         if (err) {
1637                 pr_debug("Error building Erase Locking Range Command.\n");
1638                 return err;
1639         }
1640
1641         return finalize_and_send(dev, parse_and_check_status);
1642 }
1643
1644 static int set_mbr_done(struct opal_dev *dev, void *data)
1645 {
1646         u8 *mbr_done_tf = data;
1647         int err;
1648
1649         err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1650                         opalmethod[OPAL_SET]);
1651
1652         add_token_u8(&err, dev, OPAL_STARTNAME);
1653         add_token_u8(&err, dev, OPAL_VALUES);
1654         add_token_u8(&err, dev, OPAL_STARTLIST);
1655         add_token_u8(&err, dev, OPAL_STARTNAME);
1656         add_token_u8(&err, dev, OPAL_MBRDONE);
1657         add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */
1658         add_token_u8(&err, dev, OPAL_ENDNAME);
1659         add_token_u8(&err, dev, OPAL_ENDLIST);
1660         add_token_u8(&err, dev, OPAL_ENDNAME);
1661
1662         if (err) {
1663                 pr_debug("Error Building set MBR Done command\n");
1664                 return err;
1665         }
1666
1667         return finalize_and_send(dev, parse_and_check_status);
1668 }
1669
1670 static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1671 {
1672         u8 *mbr_en_dis = data;
1673         int err;
1674
1675         err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1676                         opalmethod[OPAL_SET]);
1677
1678         add_token_u8(&err, dev, OPAL_STARTNAME);
1679         add_token_u8(&err, dev, OPAL_VALUES);
1680         add_token_u8(&err, dev, OPAL_STARTLIST);
1681         add_token_u8(&err, dev, OPAL_STARTNAME);
1682         add_token_u8(&err, dev, OPAL_MBRENABLE);
1683         add_token_u8(&err, dev, *mbr_en_dis);
1684         add_token_u8(&err, dev, OPAL_ENDNAME);
1685         add_token_u8(&err, dev, OPAL_ENDLIST);
1686         add_token_u8(&err, dev, OPAL_ENDNAME);
1687
1688         if (err) {
1689                 pr_debug("Error Building set MBR done command\n");
1690                 return err;
1691         }
1692
1693         return finalize_and_send(dev, parse_and_check_status);
1694 }
1695
1696 static int write_shadow_mbr(struct opal_dev *dev, void *data)
1697 {
1698         struct opal_shadow_mbr *shadow = data;
1699
1700         return generic_table_write_data(dev, shadow->data, shadow->offset,
1701                                         shadow->size, opaluid[OPAL_MBR]);
1702 }
1703
1704 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1705                           struct opal_dev *dev)
1706 {
1707         int err;
1708
1709         err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]);
1710
1711         add_token_u8(&err, dev, OPAL_STARTNAME);
1712         add_token_u8(&err, dev, OPAL_VALUES);
1713         add_token_u8(&err, dev, OPAL_STARTLIST);
1714         add_token_u8(&err, dev, OPAL_STARTNAME);
1715         add_token_u8(&err, dev, OPAL_PIN);
1716         add_token_bytestring(&err, dev, key, key_len);
1717         add_token_u8(&err, dev, OPAL_ENDNAME);
1718         add_token_u8(&err, dev, OPAL_ENDLIST);
1719         add_token_u8(&err, dev, OPAL_ENDNAME);
1720
1721         return err;
1722 }
1723
1724 static int set_new_pw(struct opal_dev *dev, void *data)
1725 {
1726         u8 cpin_uid[OPAL_UID_LENGTH];
1727         struct opal_session_info *usr = data;
1728
1729         memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1730
1731         if (usr->who != OPAL_ADMIN1) {
1732                 cpin_uid[5] = 0x03;
1733                 if (usr->sum)
1734                         cpin_uid[7] = usr->opal_key.lr + 1;
1735                 else
1736                         cpin_uid[7] = usr->who;
1737         }
1738
1739         if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
1740                            cpin_uid, dev)) {
1741                 pr_debug("Error building set password command.\n");
1742                 return -ERANGE;
1743         }
1744
1745         return finalize_and_send(dev, parse_and_check_status);
1746 }
1747
1748 static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
1749 {
1750         u8 cpin_uid[OPAL_UID_LENGTH];
1751         struct opal_key *key = data;
1752
1753         memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
1754
1755         if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
1756                 pr_debug("Error building Set SID cpin\n");
1757                 return -ERANGE;
1758         }
1759         return finalize_and_send(dev, parse_and_check_status);
1760 }
1761
1762 static void add_authority_object_ref(int *err,
1763                                      struct opal_dev *dev,
1764                                      const u8 *uid,
1765                                      size_t uid_len)
1766 {
1767         add_token_u8(err, dev, OPAL_STARTNAME);
1768         add_token_bytestring(err, dev,
1769                              opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1770                              OPAL_UID_LENGTH/2);
1771         add_token_bytestring(err, dev, uid, uid_len);
1772         add_token_u8(err, dev, OPAL_ENDNAME);
1773 }
1774
1775 static void add_boolean_object_ref(int *err,
1776                                    struct opal_dev *dev,
1777                                    u8 boolean_op)
1778 {
1779         add_token_u8(err, dev, OPAL_STARTNAME);
1780         add_token_bytestring(err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
1781                              OPAL_UID_LENGTH/2);
1782         add_token_u8(err, dev, boolean_op);
1783         add_token_u8(err, dev, OPAL_ENDNAME);
1784 }
1785
1786 static int set_lr_boolean_ace(struct opal_dev *dev,
1787                               unsigned int opal_uid,
1788                               u8 lr,
1789                               const u8 *users,
1790                               size_t users_len)
1791 {
1792         u8 lr_buffer[OPAL_UID_LENGTH];
1793         u8 user_uid[OPAL_UID_LENGTH];
1794         u8 u;
1795         int err;
1796
1797         memcpy(lr_buffer, opaluid[opal_uid], OPAL_UID_LENGTH);
1798         lr_buffer[7] = lr;
1799
1800         err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1801
1802         add_token_u8(&err, dev, OPAL_STARTNAME);
1803         add_token_u8(&err, dev, OPAL_VALUES);
1804
1805         add_token_u8(&err, dev, OPAL_STARTLIST);
1806         add_token_u8(&err, dev, OPAL_STARTNAME);
1807         add_token_u8(&err, dev, 3);
1808
1809         add_token_u8(&err, dev, OPAL_STARTLIST);
1810
1811         for (u = 0; u < users_len; u++) {
1812                 if (users[u] == OPAL_ADMIN1)
1813                         memcpy(user_uid, opaluid[OPAL_ADMIN1_UID],
1814                                OPAL_UID_LENGTH);
1815                 else {
1816                         memcpy(user_uid, opaluid[OPAL_USER1_UID],
1817                                OPAL_UID_LENGTH);
1818                         user_uid[7] = users[u];
1819                 }
1820
1821                 add_authority_object_ref(&err, dev, user_uid, sizeof(user_uid));
1822
1823                 /*
1824                  * Add boolean operator in postfix only with
1825                  * two or more authorities being added in ACE
1826                  * expresion.
1827                  * */
1828                 if (u > 0)
1829                         add_boolean_object_ref(&err, dev, OPAL_BOOLEAN_OR);
1830         }
1831
1832         add_token_u8(&err, dev, OPAL_ENDLIST);
1833         add_token_u8(&err, dev, OPAL_ENDNAME);
1834         add_token_u8(&err, dev, OPAL_ENDLIST);
1835         add_token_u8(&err, dev, OPAL_ENDNAME);
1836
1837         return err;
1838 }
1839
1840 static int add_user_to_lr(struct opal_dev *dev, void *data)
1841 {
1842         int err;
1843         struct opal_lock_unlock *lkul = data;
1844         const u8 users[] = {
1845                 lkul->session.who
1846         };
1847
1848         err = set_lr_boolean_ace(dev,
1849                                  lkul->l_state == OPAL_RW ?
1850                                         OPAL_LOCKINGRANGE_ACE_WRLOCKED :
1851                                         OPAL_LOCKINGRANGE_ACE_RDLOCKED,
1852                                  lkul->session.opal_key.lr, users,
1853                                  ARRAY_SIZE(users));
1854         if (err) {
1855                 pr_debug("Error building add user to locking range command.\n");
1856                 return err;
1857         }
1858
1859         return finalize_and_send(dev, parse_and_check_status);
1860 }
1861
1862 static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
1863 {
1864         u8 lr_buffer[OPAL_UID_LENGTH];
1865         struct opal_lock_unlock *lkul = data;
1866         u8 read_locked = 1, write_locked = 1;
1867         int err = 0;
1868
1869         if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1870                                 lkul->session.opal_key.lr) < 0)
1871                 return -ERANGE;
1872
1873         switch (lkul->l_state) {
1874         case OPAL_RO:
1875                 read_locked = 0;
1876                 write_locked = 1;
1877                 break;
1878         case OPAL_RW:
1879                 read_locked = 0;
1880                 write_locked = 0;
1881                 break;
1882         case OPAL_LK:
1883                 /* vars are initialized to locked */
1884                 break;
1885         default:
1886                 pr_debug("Tried to set an invalid locking state... returning to uland\n");
1887                 return OPAL_INVAL_PARAM;
1888         }
1889
1890         err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1891
1892         add_token_u8(&err, dev, OPAL_STARTNAME);
1893         add_token_u8(&err, dev, OPAL_VALUES);
1894         add_token_u8(&err, dev, OPAL_STARTLIST);
1895
1896         add_token_u8(&err, dev, OPAL_STARTNAME);
1897         add_token_u8(&err, dev, OPAL_READLOCKED);
1898         add_token_u8(&err, dev, read_locked);
1899         add_token_u8(&err, dev, OPAL_ENDNAME);
1900
1901         add_token_u8(&err, dev, OPAL_STARTNAME);
1902         add_token_u8(&err, dev, OPAL_WRITELOCKED);
1903         add_token_u8(&err, dev, write_locked);
1904         add_token_u8(&err, dev, OPAL_ENDNAME);
1905
1906         add_token_u8(&err, dev, OPAL_ENDLIST);
1907         add_token_u8(&err, dev, OPAL_ENDNAME);
1908
1909         if (err) {
1910                 pr_debug("Error building SET command.\n");
1911                 return err;
1912         }
1913
1914         return finalize_and_send(dev, parse_and_check_status);
1915 }
1916
1917
1918 static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
1919 {
1920         u8 lr_buffer[OPAL_UID_LENGTH];
1921         u8 read_locked = 1, write_locked = 1;
1922         struct opal_lock_unlock *lkul = data;
1923         int ret;
1924
1925         clear_opal_cmd(dev);
1926         set_comid(dev, dev->comid);
1927
1928         if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1929                                 lkul->session.opal_key.lr) < 0)
1930                 return -ERANGE;
1931
1932         switch (lkul->l_state) {
1933         case OPAL_RO:
1934                 read_locked = 0;
1935                 write_locked = 1;
1936                 break;
1937         case OPAL_RW:
1938                 read_locked = 0;
1939                 write_locked = 0;
1940                 break;
1941         case OPAL_LK:
1942                 /* vars are initialized to locked */
1943                 break;
1944         default:
1945                 pr_debug("Tried to set an invalid locking state.\n");
1946                 return OPAL_INVAL_PARAM;
1947         }
1948         ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
1949                                         read_locked, write_locked);
1950
1951         if (ret < 0) {
1952                 pr_debug("Error building SET command.\n");
1953                 return ret;
1954         }
1955
1956         return finalize_and_send(dev, parse_and_check_status);
1957 }
1958
1959 static int activate_lsp(struct opal_dev *dev, void *data)
1960 {
1961         struct opal_lr_act *opal_act = data;
1962         u8 user_lr[OPAL_UID_LENGTH];
1963         int err, i;
1964
1965         err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID],
1966                         opalmethod[OPAL_ACTIVATE]);
1967
1968         if (opal_act->sum) {
1969                 err = build_locking_range(user_lr, sizeof(user_lr),
1970                                           opal_act->lr[0]);
1971                 if (err)
1972                         return err;
1973
1974                 add_token_u8(&err, dev, OPAL_STARTNAME);
1975                 add_token_u64(&err, dev, OPAL_SUM_SET_LIST);
1976
1977                 add_token_u8(&err, dev, OPAL_STARTLIST);
1978                 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1979                 for (i = 1; i < opal_act->num_lrs; i++) {
1980                         user_lr[7] = opal_act->lr[i];
1981                         add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1982                 }
1983                 add_token_u8(&err, dev, OPAL_ENDLIST);
1984                 add_token_u8(&err, dev, OPAL_ENDNAME);
1985         }
1986
1987         if (err) {
1988                 pr_debug("Error building Activate LockingSP command.\n");
1989                 return err;
1990         }
1991
1992         return finalize_and_send(dev, parse_and_check_status);
1993 }
1994
1995 /* Determine if we're in the Manufactured Inactive or Active state */
1996 static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
1997 {
1998         u8 lc_status;
1999         int err;
2000
2001         err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID],
2002                                  OPAL_LIFECYCLE);
2003         if (err)
2004                 return err;
2005
2006         lc_status = response_get_u64(&dev->parsed, 4);
2007         /* 0x08 is Manufactured Inactive */
2008         /* 0x09 is Manufactured */
2009         if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
2010                 pr_debug("Couldn't determine the status of the Lifecycle state\n");
2011                 return -ENODEV;
2012         }
2013
2014         return 0;
2015 }
2016
2017 static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
2018 {
2019         const char *msid_pin;
2020         size_t strlen;
2021         int err;
2022
2023         err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN);
2024         if (err)
2025                 return err;
2026
2027         strlen = response_get_string(&dev->parsed, 4, &msid_pin);
2028         if (!msid_pin) {
2029                 pr_debug("Couldn't extract MSID_CPIN from response\n");
2030                 return OPAL_INVAL_PARAM;
2031         }
2032
2033         dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
2034         if (!dev->prev_data)
2035                 return -ENOMEM;
2036
2037         dev->prev_d_len = strlen;
2038
2039         return 0;
2040 }
2041
2042 static int write_table_data(struct opal_dev *dev, void *data)
2043 {
2044         struct opal_read_write_table *write_tbl = data;
2045
2046         return generic_table_write_data(dev, write_tbl->data, write_tbl->offset,
2047                                         write_tbl->size, write_tbl->table_uid);
2048 }
2049
2050 static int read_table_data_cont(struct opal_dev *dev)
2051 {
2052         int err;
2053         const char *data_read;
2054
2055         err = parse_and_check_status(dev);
2056         if (err)
2057                 return err;
2058
2059         dev->prev_d_len = response_get_string(&dev->parsed, 1, &data_read);
2060         dev->prev_data = (void *)data_read;
2061         if (!dev->prev_data) {
2062                 pr_debug("%s: Couldn't read data from the table.\n", __func__);
2063                 return OPAL_INVAL_PARAM;
2064         }
2065
2066         return 0;
2067 }
2068
2069 /*
2070  * IO_BUFFER_LENGTH = 2048
2071  * sizeof(header) = 56
2072  * No. of Token Bytes in the Response = 11
2073  * MAX size of data that can be carried in response buffer
2074  * at a time is : 2048 - (56 + 11) = 1981 = 0x7BD.
2075  */
2076 #define OPAL_MAX_READ_TABLE (0x7BD)
2077
2078 static int read_table_data(struct opal_dev *dev, void *data)
2079 {
2080         struct opal_read_write_table *read_tbl = data;
2081         int err;
2082         size_t off = 0, max_read_size = OPAL_MAX_READ_TABLE;
2083         u64 table_len, len;
2084         u64 offset = read_tbl->offset, read_size = read_tbl->size - 1;
2085         u8 __user *dst;
2086
2087         err = generic_get_table_info(dev, read_tbl->table_uid, OPAL_TABLE_ROWS);
2088         if (err) {
2089                 pr_debug("Couldn't get the table size\n");
2090                 return err;
2091         }
2092
2093         table_len = response_get_u64(&dev->parsed, 4);
2094
2095         /* Check if the user is trying to read from the table limits */
2096         if (read_size > table_len || offset > table_len - read_size) {
2097                 pr_debug("Read size exceeds the Table size limits (%llu vs. %llu)\n",
2098                           offset + read_size, table_len);
2099                 return -EINVAL;
2100         }
2101
2102         while (off < read_size) {
2103                 err = cmd_start(dev, read_tbl->table_uid, opalmethod[OPAL_GET]);
2104
2105                 add_token_u8(&err, dev, OPAL_STARTLIST);
2106                 add_token_u8(&err, dev, OPAL_STARTNAME);
2107                 add_token_u8(&err, dev, OPAL_STARTROW);
2108                 add_token_u64(&err, dev, offset + off); /* start row value */
2109                 add_token_u8(&err, dev, OPAL_ENDNAME);
2110
2111                 add_token_u8(&err, dev, OPAL_STARTNAME);
2112                 add_token_u8(&err, dev, OPAL_ENDROW);
2113
2114                 len = min(max_read_size, (size_t)(read_size - off));
2115                 add_token_u64(&err, dev, offset + off + len); /* end row value
2116                                                                */
2117                 add_token_u8(&err, dev, OPAL_ENDNAME);
2118                 add_token_u8(&err, dev, OPAL_ENDLIST);
2119
2120                 if (err) {
2121                         pr_debug("Error building read table data command.\n");
2122                         break;
2123                 }
2124
2125                 err = finalize_and_send(dev, read_table_data_cont);
2126                 if (err)
2127                         break;
2128
2129                 /* len+1: This includes the NULL terminator at the end*/
2130                 if (dev->prev_d_len > len + 1) {
2131                         err = -EOVERFLOW;
2132                         break;
2133                 }
2134
2135                 dst = (u8 __user *)(uintptr_t)read_tbl->data;
2136                 if (copy_to_user(dst + off, dev->prev_data, dev->prev_d_len)) {
2137                         pr_debug("Error copying data to userspace\n");
2138                         err = -EFAULT;
2139                         break;
2140                 }
2141                 dev->prev_data = NULL;
2142
2143                 off += len;
2144         }
2145
2146         return err;
2147 }
2148
2149 static int end_opal_session(struct opal_dev *dev, void *data)
2150 {
2151         int err = 0;
2152
2153         clear_opal_cmd(dev);
2154         set_comid(dev, dev->comid);
2155         add_token_u8(&err, dev, OPAL_ENDOFSESSION);
2156
2157         if (err < 0)
2158                 return err;
2159
2160         return finalize_and_send(dev, end_session_cont);
2161 }
2162
2163 static int end_opal_session_error(struct opal_dev *dev)
2164 {
2165         const struct opal_step error_end_session = {
2166                 end_opal_session,
2167         };
2168
2169         return execute_step(dev, &error_end_session, 0);
2170 }
2171
2172 static inline void setup_opal_dev(struct opal_dev *dev)
2173 {
2174         dev->tsn = 0;
2175         dev->hsn = 0;
2176         dev->prev_data = NULL;
2177 }
2178
2179 static int check_opal_support(struct opal_dev *dev)
2180 {
2181         int ret;
2182
2183         mutex_lock(&dev->dev_lock);
2184         setup_opal_dev(dev);
2185         ret = opal_discovery0_step(dev);
2186         if (!ret)
2187                 dev->flags |= OPAL_FL_SUPPORTED;
2188         mutex_unlock(&dev->dev_lock);
2189
2190         return ret;
2191 }
2192
2193 static void clean_opal_dev(struct opal_dev *dev)
2194 {
2195
2196         struct opal_suspend_data *suspend, *next;
2197
2198         mutex_lock(&dev->dev_lock);
2199         list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
2200                 list_del(&suspend->node);
2201                 kfree(suspend);
2202         }
2203         mutex_unlock(&dev->dev_lock);
2204 }
2205
2206 void free_opal_dev(struct opal_dev *dev)
2207 {
2208         if (!dev)
2209                 return;
2210
2211         clean_opal_dev(dev);
2212         kfree(dev->resp);
2213         kfree(dev->cmd);
2214         kfree(dev);
2215 }
2216 EXPORT_SYMBOL(free_opal_dev);
2217
2218 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2219 {
2220         struct opal_dev *dev;
2221
2222         dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2223         if (!dev)
2224                 return NULL;
2225
2226         /*
2227          * Presumably DMA-able buffers must be cache-aligned. Kmalloc makes
2228          * sure the allocated buffer is DMA-safe in that regard.
2229          */
2230         dev->cmd = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2231         if (!dev->cmd)
2232                 goto err_free_dev;
2233
2234         dev->resp = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2235         if (!dev->resp)
2236                 goto err_free_cmd;
2237
2238         INIT_LIST_HEAD(&dev->unlk_lst);
2239         mutex_init(&dev->dev_lock);
2240         dev->flags = 0;
2241         dev->data = data;
2242         dev->send_recv = send_recv;
2243         if (check_opal_support(dev) != 0) {
2244                 pr_debug("Opal is not supported on this device\n");
2245                 goto err_free_resp;
2246         }
2247
2248         return dev;
2249
2250 err_free_resp:
2251         kfree(dev->resp);
2252
2253 err_free_cmd:
2254         kfree(dev->cmd);
2255
2256 err_free_dev:
2257         kfree(dev);
2258
2259         return NULL;
2260 }
2261 EXPORT_SYMBOL(init_opal_dev);
2262
2263 static int opal_secure_erase_locking_range(struct opal_dev *dev,
2264                                            struct opal_session_info *opal_session)
2265 {
2266         const struct opal_step erase_steps[] = {
2267                 { start_auth_opal_session, opal_session },
2268                 { get_active_key, &opal_session->opal_key.lr },
2269                 { gen_key, },
2270                 { end_opal_session, }
2271         };
2272         int ret;
2273
2274         mutex_lock(&dev->dev_lock);
2275         setup_opal_dev(dev);
2276         ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2277         mutex_unlock(&dev->dev_lock);
2278
2279         return ret;
2280 }
2281
2282 static int opal_erase_locking_range(struct opal_dev *dev,
2283                                     struct opal_session_info *opal_session)
2284 {
2285         const struct opal_step erase_steps[] = {
2286                 { start_auth_opal_session, opal_session },
2287                 { erase_locking_range, opal_session },
2288                 { end_opal_session, }
2289         };
2290         int ret;
2291
2292         mutex_lock(&dev->dev_lock);
2293         setup_opal_dev(dev);
2294         ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2295         mutex_unlock(&dev->dev_lock);
2296
2297         return ret;
2298 }
2299
2300 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2301                                           struct opal_mbr_data *opal_mbr)
2302 {
2303         u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ?
2304                 OPAL_TRUE : OPAL_FALSE;
2305
2306         const struct opal_step mbr_steps[] = {
2307                 { start_admin1LSP_opal_session, &opal_mbr->key },
2308                 { set_mbr_done, &enable_disable },
2309                 { end_opal_session, },
2310                 { start_admin1LSP_opal_session, &opal_mbr->key },
2311                 { set_mbr_enable_disable, &enable_disable },
2312                 { end_opal_session, }
2313         };
2314         int ret;
2315
2316         if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2317             opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2318                 return -EINVAL;
2319
2320         mutex_lock(&dev->dev_lock);
2321         setup_opal_dev(dev);
2322         ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2323         mutex_unlock(&dev->dev_lock);
2324
2325         return ret;
2326 }
2327
2328 static int opal_set_mbr_done(struct opal_dev *dev,
2329                              struct opal_mbr_done *mbr_done)
2330 {
2331         u8 mbr_done_tf = mbr_done->done_flag == OPAL_MBR_DONE ?
2332                 OPAL_TRUE : OPAL_FALSE;
2333
2334         const struct opal_step mbr_steps[] = {
2335                 { start_admin1LSP_opal_session, &mbr_done->key },
2336                 { set_mbr_done, &mbr_done_tf },
2337                 { end_opal_session, }
2338         };
2339         int ret;
2340
2341         if (mbr_done->done_flag != OPAL_MBR_DONE &&
2342             mbr_done->done_flag != OPAL_MBR_NOT_DONE)
2343                 return -EINVAL;
2344
2345         mutex_lock(&dev->dev_lock);
2346         setup_opal_dev(dev);
2347         ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2348         mutex_unlock(&dev->dev_lock);
2349
2350         return ret;
2351 }
2352
2353 static int opal_write_shadow_mbr(struct opal_dev *dev,
2354                                  struct opal_shadow_mbr *info)
2355 {
2356         const struct opal_step mbr_steps[] = {
2357                 { start_admin1LSP_opal_session, &info->key },
2358                 { write_shadow_mbr, info },
2359                 { end_opal_session, }
2360         };
2361         int ret;
2362
2363         if (info->size == 0)
2364                 return 0;
2365
2366         mutex_lock(&dev->dev_lock);
2367         setup_opal_dev(dev);
2368         ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2369         mutex_unlock(&dev->dev_lock);
2370
2371         return ret;
2372 }
2373
2374 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2375 {
2376         struct opal_suspend_data *suspend;
2377
2378         suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2379         if (!suspend)
2380                 return -ENOMEM;
2381
2382         suspend->unlk = *lk_unlk;
2383         suspend->lr = lk_unlk->session.opal_key.lr;
2384
2385         mutex_lock(&dev->dev_lock);
2386         setup_opal_dev(dev);
2387         add_suspend_info(dev, suspend);
2388         mutex_unlock(&dev->dev_lock);
2389
2390         return 0;
2391 }
2392
2393 static int opal_add_user_to_lr(struct opal_dev *dev,
2394                                struct opal_lock_unlock *lk_unlk)
2395 {
2396         const struct opal_step steps[] = {
2397                 { start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2398                 { add_user_to_lr, lk_unlk },
2399                 { end_opal_session, }
2400         };
2401         int ret;
2402
2403         if (lk_unlk->l_state != OPAL_RO &&
2404             lk_unlk->l_state != OPAL_RW) {
2405                 pr_debug("Locking state was not RO or RW\n");
2406                 return -EINVAL;
2407         }
2408
2409         if (lk_unlk->session.who < OPAL_USER1 ||
2410             lk_unlk->session.who > OPAL_USER9) {
2411                 pr_debug("Authority was not within the range of users: %d\n",
2412                          lk_unlk->session.who);
2413                 return -EINVAL;
2414         }
2415
2416         if (lk_unlk->session.sum) {
2417                 pr_debug("%s not supported in sum. Use setup locking range\n",
2418                          __func__);
2419                 return -EINVAL;
2420         }
2421
2422         mutex_lock(&dev->dev_lock);
2423         setup_opal_dev(dev);
2424         ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2425         mutex_unlock(&dev->dev_lock);
2426
2427         return ret;
2428 }
2429
2430 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psid)
2431 {
2432         /* controller will terminate session */
2433         const struct opal_step revert_steps[] = {
2434                 { start_SIDASP_opal_session, opal },
2435                 { revert_tper, }
2436         };
2437         const struct opal_step psid_revert_steps[] = {
2438                 { start_PSID_opal_session, opal },
2439                 { revert_tper, }
2440         };
2441
2442         int ret;
2443
2444         mutex_lock(&dev->dev_lock);
2445         setup_opal_dev(dev);
2446         if (psid)
2447                 ret = execute_steps(dev, psid_revert_steps,
2448                                     ARRAY_SIZE(psid_revert_steps));
2449         else
2450                 ret = execute_steps(dev, revert_steps,
2451                                     ARRAY_SIZE(revert_steps));
2452         mutex_unlock(&dev->dev_lock);
2453
2454         /*
2455          * If we successfully reverted lets clean
2456          * any saved locking ranges.
2457          */
2458         if (!ret)
2459                 clean_opal_dev(dev);
2460
2461         return ret;
2462 }
2463
2464 static int __opal_lock_unlock(struct opal_dev *dev,
2465                               struct opal_lock_unlock *lk_unlk)
2466 {
2467         const struct opal_step unlock_steps[] = {
2468                 { start_auth_opal_session, &lk_unlk->session },
2469                 { lock_unlock_locking_range, lk_unlk },
2470                 { end_opal_session, }
2471         };
2472         const struct opal_step unlock_sum_steps[] = {
2473                 { start_auth_opal_session, &lk_unlk->session },
2474                 { lock_unlock_locking_range_sum, lk_unlk },
2475                 { end_opal_session, }
2476         };
2477
2478         if (lk_unlk->session.sum)
2479                 return execute_steps(dev, unlock_sum_steps,
2480                                      ARRAY_SIZE(unlock_sum_steps));
2481         else
2482                 return execute_steps(dev, unlock_steps,
2483                                      ARRAY_SIZE(unlock_steps));
2484 }
2485
2486 static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2487 {
2488         u8 mbr_done_tf = OPAL_TRUE;
2489         const struct opal_step mbrdone_step[] = {
2490                 { start_admin1LSP_opal_session, key },
2491                 { set_mbr_done, &mbr_done_tf },
2492                 { end_opal_session, }
2493         };
2494
2495         return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step));
2496 }
2497
2498 static void opal_lock_check_for_saved_key(struct opal_dev *dev,
2499                             struct opal_lock_unlock *lk_unlk)
2500 {
2501         struct opal_suspend_data *iter;
2502
2503         if (lk_unlk->l_state != OPAL_LK ||
2504                         lk_unlk->session.opal_key.key_len > 0)
2505                 return;
2506
2507         /*
2508          * Usually when closing a crypto device (eg: dm-crypt with LUKS) the
2509          * volume key is not required, as it requires root privileges anyway,
2510          * and root can deny access to a disk in many ways regardless.
2511          * Requiring the volume key to lock the device is a peculiarity of the
2512          * OPAL specification. Given we might already have saved the key if
2513          * the user requested it via the 'IOC_OPAL_SAVE' ioctl, we can use
2514          * that key to lock the device if no key was provided here, the
2515          * locking range matches and the appropriate flag was passed with
2516          * 'IOC_OPAL_SAVE'.
2517          * This allows integrating OPAL with tools and libraries that are used
2518          * to the common behaviour and do not ask for the volume key when
2519          * closing a device.
2520          */
2521         setup_opal_dev(dev);
2522         list_for_each_entry(iter, &dev->unlk_lst, node) {
2523                 if ((iter->unlk.flags & OPAL_SAVE_FOR_LOCK) &&
2524                                 iter->lr == lk_unlk->session.opal_key.lr &&
2525                                 iter->unlk.session.opal_key.key_len > 0) {
2526                         lk_unlk->session.opal_key.key_len =
2527                                 iter->unlk.session.opal_key.key_len;
2528                         memcpy(lk_unlk->session.opal_key.key,
2529                                 iter->unlk.session.opal_key.key,
2530                                 iter->unlk.session.opal_key.key_len);
2531                         break;
2532                 }
2533         }
2534 }
2535
2536 static int opal_lock_unlock(struct opal_dev *dev,
2537                             struct opal_lock_unlock *lk_unlk)
2538 {
2539         int ret;
2540
2541         if (lk_unlk->session.who > OPAL_USER9)
2542                 return -EINVAL;
2543
2544         mutex_lock(&dev->dev_lock);
2545         opal_lock_check_for_saved_key(dev, lk_unlk);
2546         ret = __opal_lock_unlock(dev, lk_unlk);
2547         mutex_unlock(&dev->dev_lock);
2548
2549         return ret;
2550 }
2551
2552 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2553 {
2554         const struct opal_step owner_steps[] = {
2555                 { start_anybodyASP_opal_session, },
2556                 { get_msid_cpin_pin, },
2557                 { end_opal_session, },
2558                 { start_SIDASP_opal_session, opal },
2559                 { set_sid_cpin_pin, opal },
2560                 { end_opal_session, }
2561         };
2562         int ret;
2563
2564         if (!dev)
2565                 return -ENODEV;
2566
2567         mutex_lock(&dev->dev_lock);
2568         setup_opal_dev(dev);
2569         ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
2570         mutex_unlock(&dev->dev_lock);
2571
2572         return ret;
2573 }
2574
2575 static int opal_activate_lsp(struct opal_dev *dev,
2576                              struct opal_lr_act *opal_lr_act)
2577 {
2578         const struct opal_step active_steps[] = {
2579                 { start_SIDASP_opal_session, &opal_lr_act->key },
2580                 { get_lsp_lifecycle, },
2581                 { activate_lsp, opal_lr_act },
2582                 { end_opal_session, }
2583         };
2584         int ret;
2585
2586         if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2587                 return -EINVAL;
2588
2589         mutex_lock(&dev->dev_lock);
2590         setup_opal_dev(dev);
2591         ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
2592         mutex_unlock(&dev->dev_lock);
2593
2594         return ret;
2595 }
2596
2597 static int opal_setup_locking_range(struct opal_dev *dev,
2598                                     struct opal_user_lr_setup *opal_lrs)
2599 {
2600         const struct opal_step lr_steps[] = {
2601                 { start_auth_opal_session, &opal_lrs->session },
2602                 { setup_locking_range, opal_lrs },
2603                 { end_opal_session, }
2604         };
2605         int ret;
2606
2607         mutex_lock(&dev->dev_lock);
2608         setup_opal_dev(dev);
2609         ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2610         mutex_unlock(&dev->dev_lock);
2611
2612         return ret;
2613 }
2614
2615 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
2616 {
2617         const struct opal_step pw_steps[] = {
2618                 { start_auth_opal_session, &opal_pw->session },
2619                 { set_new_pw, &opal_pw->new_user_pw },
2620                 { end_opal_session, }
2621         };
2622         int ret;
2623
2624         if (opal_pw->session.who > OPAL_USER9  ||
2625             opal_pw->new_user_pw.who > OPAL_USER9)
2626                 return -EINVAL;
2627
2628         mutex_lock(&dev->dev_lock);
2629         setup_opal_dev(dev);
2630         ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
2631         mutex_unlock(&dev->dev_lock);
2632
2633         return ret;
2634 }
2635
2636 static int opal_activate_user(struct opal_dev *dev,
2637                               struct opal_session_info *opal_session)
2638 {
2639         const struct opal_step act_steps[] = {
2640                 { start_admin1LSP_opal_session, &opal_session->opal_key },
2641                 { internal_activate_user, opal_session },
2642                 { end_opal_session, }
2643         };
2644         int ret;
2645
2646         /* We can't activate Admin1 it's active as manufactured */
2647         if (opal_session->who < OPAL_USER1 ||
2648             opal_session->who > OPAL_USER9) {
2649                 pr_debug("Who was not a valid user: %d\n", opal_session->who);
2650                 return -EINVAL;
2651         }
2652
2653         mutex_lock(&dev->dev_lock);
2654         setup_opal_dev(dev);
2655         ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
2656         mutex_unlock(&dev->dev_lock);
2657
2658         return ret;
2659 }
2660
2661 bool opal_unlock_from_suspend(struct opal_dev *dev)
2662 {
2663         struct opal_suspend_data *suspend;
2664         bool was_failure = false;
2665         int ret = 0;
2666
2667         if (!dev)
2668                 return false;
2669
2670         if (!(dev->flags & OPAL_FL_SUPPORTED))
2671                 return false;
2672
2673         mutex_lock(&dev->dev_lock);
2674         setup_opal_dev(dev);
2675
2676         list_for_each_entry(suspend, &dev->unlk_lst, node) {
2677                 dev->tsn = 0;
2678                 dev->hsn = 0;
2679
2680                 ret = __opal_lock_unlock(dev, &suspend->unlk);
2681                 if (ret) {
2682                         pr_debug("Failed to unlock LR %hhu with sum %d\n",
2683                                  suspend->unlk.session.opal_key.lr,
2684                                  suspend->unlk.session.sum);
2685                         was_failure = true;
2686                 }
2687
2688                 if (dev->flags & OPAL_FL_MBR_ENABLED) {
2689                         ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
2690                         if (ret)
2691                                 pr_debug("Failed to set MBR Done in S3 resume\n");
2692                 }
2693         }
2694         mutex_unlock(&dev->dev_lock);
2695
2696         return was_failure;
2697 }
2698 EXPORT_SYMBOL(opal_unlock_from_suspend);
2699
2700 static int opal_read_table(struct opal_dev *dev,
2701                            struct opal_read_write_table *rw_tbl)
2702 {
2703         const struct opal_step read_table_steps[] = {
2704                 { start_admin1LSP_opal_session, &rw_tbl->key },
2705                 { read_table_data, rw_tbl },
2706                 { end_opal_session, }
2707         };
2708         int ret = 0;
2709
2710         if (!rw_tbl->size)
2711                 return ret;
2712
2713         return execute_steps(dev, read_table_steps,
2714                              ARRAY_SIZE(read_table_steps));
2715 }
2716
2717 static int opal_write_table(struct opal_dev *dev,
2718                             struct opal_read_write_table *rw_tbl)
2719 {
2720         const struct opal_step write_table_steps[] = {
2721                 { start_admin1LSP_opal_session, &rw_tbl->key },
2722                 { write_table_data, rw_tbl },
2723                 { end_opal_session, }
2724         };
2725         int ret = 0;
2726
2727         if (!rw_tbl->size)
2728                 return ret;
2729
2730         return execute_steps(dev, write_table_steps,
2731                              ARRAY_SIZE(write_table_steps));
2732 }
2733
2734 static int opal_generic_read_write_table(struct opal_dev *dev,
2735                                          struct opal_read_write_table *rw_tbl)
2736 {
2737         int ret, bit_set;
2738
2739         mutex_lock(&dev->dev_lock);
2740         setup_opal_dev(dev);
2741
2742         bit_set = fls64(rw_tbl->flags) - 1;
2743         switch (bit_set) {
2744         case OPAL_READ_TABLE:
2745                 ret = opal_read_table(dev, rw_tbl);
2746                 break;
2747         case OPAL_WRITE_TABLE:
2748                 ret = opal_write_table(dev, rw_tbl);
2749                 break;
2750         default:
2751                 pr_debug("Invalid bit set in the flag (%016llx).\n",
2752                          rw_tbl->flags);
2753                 ret = -EINVAL;
2754                 break;
2755         }
2756
2757         mutex_unlock(&dev->dev_lock);
2758
2759         return ret;
2760 }
2761
2762 static int opal_get_status(struct opal_dev *dev, void __user *data)
2763 {
2764         struct opal_status sts = {0};
2765
2766         /*
2767          * check_opal_support() error is not fatal,
2768          * !dev->supported is a valid condition
2769          */
2770         if (!check_opal_support(dev))
2771                 sts.flags = dev->flags;
2772         if (copy_to_user(data, &sts, sizeof(sts))) {
2773                 pr_debug("Error copying status to userspace\n");
2774                 return -EFAULT;
2775         }
2776         return 0;
2777 }
2778
2779 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
2780 {
2781         void *p;
2782         int ret = -ENOTTY;
2783
2784         if (!capable(CAP_SYS_ADMIN))
2785                 return -EACCES;
2786         if (!dev)
2787                 return -ENOTSUPP;
2788         if (!(dev->flags & OPAL_FL_SUPPORTED))
2789                 return -ENOTSUPP;
2790
2791         if (cmd & IOC_IN) {
2792                 p = memdup_user(arg, _IOC_SIZE(cmd));
2793                 if (IS_ERR(p))
2794                         return PTR_ERR(p);
2795         }
2796
2797         switch (cmd) {
2798         case IOC_OPAL_SAVE:
2799                 ret = opal_save(dev, p);
2800                 break;
2801         case IOC_OPAL_LOCK_UNLOCK:
2802                 ret = opal_lock_unlock(dev, p);
2803                 break;
2804         case IOC_OPAL_TAKE_OWNERSHIP:
2805                 ret = opal_take_ownership(dev, p);
2806                 break;
2807         case IOC_OPAL_ACTIVATE_LSP:
2808                 ret = opal_activate_lsp(dev, p);
2809                 break;
2810         case IOC_OPAL_SET_PW:
2811                 ret = opal_set_new_pw(dev, p);
2812                 break;
2813         case IOC_OPAL_ACTIVATE_USR:
2814                 ret = opal_activate_user(dev, p);
2815                 break;
2816         case IOC_OPAL_REVERT_TPR:
2817                 ret = opal_reverttper(dev, p, false);
2818                 break;
2819         case IOC_OPAL_LR_SETUP:
2820                 ret = opal_setup_locking_range(dev, p);
2821                 break;
2822         case IOC_OPAL_ADD_USR_TO_LR:
2823                 ret = opal_add_user_to_lr(dev, p);
2824                 break;
2825         case IOC_OPAL_ENABLE_DISABLE_MBR:
2826                 ret = opal_enable_disable_shadow_mbr(dev, p);
2827                 break;
2828         case IOC_OPAL_MBR_DONE:
2829                 ret = opal_set_mbr_done(dev, p);
2830                 break;
2831         case IOC_OPAL_WRITE_SHADOW_MBR:
2832                 ret = opal_write_shadow_mbr(dev, p);
2833                 break;
2834         case IOC_OPAL_ERASE_LR:
2835                 ret = opal_erase_locking_range(dev, p);
2836                 break;
2837         case IOC_OPAL_SECURE_ERASE_LR:
2838                 ret = opal_secure_erase_locking_range(dev, p);
2839                 break;
2840         case IOC_OPAL_PSID_REVERT_TPR:
2841                 ret = opal_reverttper(dev, p, true);
2842                 break;
2843         case IOC_OPAL_GENERIC_TABLE_RW:
2844                 ret = opal_generic_read_write_table(dev, p);
2845                 break;
2846         case IOC_OPAL_GET_STATUS:
2847                 ret = opal_get_status(dev, arg);
2848                 break;
2849         default:
2850                 break;
2851         }
2852
2853         if (cmd & IOC_IN)
2854                 kfree(p);
2855         return ret;
2856 }
2857 EXPORT_SYMBOL_GPL(sed_ioctl);