1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright © 2016 Intel Corporation 4 * 5 * Authors: 6 * Scott Bauer <scott.bauer@intel.com> 7 * Rafael Antognolli <rafael.antognolli@intel.com> 8 */ 9 10 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt 11 12 #include <linux/delay.h> 13 #include <linux/device.h> 14 #include <linux/kernel.h> 15 #include <linux/list.h> 16 #include <linux/blkdev.h> 17 #include <linux/slab.h> 18 #include <linux/uaccess.h> 19 #include <uapi/linux/sed-opal.h> 20 #include <linux/sed-opal.h> 21 #include <linux/string.h> 22 #include <linux/kdev_t.h> 23 24 #include "opal_proto.h" 25 26 #define IO_BUFFER_LENGTH 2048 27 #define MAX_TOKS 64 28 29 /* Number of bytes needed by cmd_finalize. */ 30 #define CMD_FINALIZE_BYTES_NEEDED 7 31 32 struct opal_step { 33 int (*fn)(struct opal_dev *dev, void *data); 34 void *data; 35 }; 36 typedef int (cont_fn)(struct opal_dev *dev); 37 38 enum opal_atom_width { 39 OPAL_WIDTH_TINY, 40 OPAL_WIDTH_SHORT, 41 OPAL_WIDTH_MEDIUM, 42 OPAL_WIDTH_LONG, 43 OPAL_WIDTH_TOKEN 44 }; 45 46 /* 47 * On the parsed response, we don't store again the toks that are already 48 * stored in the response buffer. Instead, for each token, we just store a 49 * pointer to the position in the buffer where the token starts, and the size 50 * of the token in bytes. 51 */ 52 struct opal_resp_tok { 53 const u8 *pos; 54 size_t len; 55 enum opal_response_token type; 56 enum opal_atom_width width; 57 union { 58 u64 u; 59 s64 s; 60 } stored; 61 }; 62 63 /* 64 * From the response header it's not possible to know how many tokens there are 65 * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later 66 * if we start dealing with messages that have more than that, we can increase 67 * this number. This is done to avoid having to make two passes through the 68 * response, the first one counting how many tokens we have and the second one 69 * actually storing the positions. 70 */ 71 struct parsed_resp { 72 int num; 73 struct opal_resp_tok toks[MAX_TOKS]; 74 }; 75 76 struct opal_dev { 77 u32 flags; 78 79 void *data; 80 sec_send_recv *send_recv; 81 82 struct mutex dev_lock; 83 u16 comid; 84 u32 hsn; 85 u32 tsn; 86 u64 align; 87 u64 lowest_lba; 88 89 size_t pos; 90 u8 *cmd; 91 u8 *resp; 92 93 struct parsed_resp parsed; 94 size_t prev_d_len; 95 void *prev_data; 96 97 struct list_head unlk_lst; 98 }; 99 100 101 static const u8 opaluid[][OPAL_UID_LENGTH] = { 102 /* users */ 103 [OPAL_SMUID_UID] = 104 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff }, 105 [OPAL_THISSP_UID] = 106 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, 107 [OPAL_ADMINSP_UID] = 108 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 }, 109 [OPAL_LOCKINGSP_UID] = 110 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 }, 111 [OPAL_ENTERPRISE_LOCKINGSP_UID] = 112 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 }, 113 [OPAL_ANYBODY_UID] = 114 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 }, 115 [OPAL_SID_UID] = 116 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 }, 117 [OPAL_ADMIN1_UID] = 118 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 }, 119 [OPAL_USER1_UID] = 120 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 }, 121 [OPAL_USER2_UID] = 122 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 }, 123 [OPAL_PSID_UID] = 124 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 }, 125 [OPAL_ENTERPRISE_BANDMASTER0_UID] = 126 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 }, 127 [OPAL_ENTERPRISE_ERASEMASTER_UID] = 128 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 }, 129 130 /* tables */ 131 [OPAL_TABLE_TABLE] = 132 { 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01 }, 133 [OPAL_LOCKINGRANGE_GLOBAL] = 134 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 }, 135 [OPAL_LOCKINGRANGE_ACE_RDLOCKED] = 136 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 }, 137 [OPAL_LOCKINGRANGE_ACE_WRLOCKED] = 138 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 }, 139 [OPAL_MBRCONTROL] = 140 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 }, 141 [OPAL_MBR] = 142 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 }, 143 [OPAL_AUTHORITY_TABLE] = 144 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00}, 145 [OPAL_C_PIN_TABLE] = 146 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00}, 147 [OPAL_LOCKING_INFO_TABLE] = 148 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 }, 149 [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] = 150 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 }, 151 [OPAL_DATASTORE] = 152 { 0x00, 0x00, 0x10, 0x01, 0x00, 0x00, 0x00, 0x00 }, 153 154 /* C_PIN_TABLE object ID's */ 155 [OPAL_C_PIN_MSID] = 156 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02}, 157 [OPAL_C_PIN_SID] = 158 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01}, 159 [OPAL_C_PIN_ADMIN1] = 160 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01}, 161 162 /* half UID's (only first 4 bytes used) */ 163 [OPAL_HALF_UID_AUTHORITY_OBJ_REF] = 164 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff }, 165 [OPAL_HALF_UID_BOOLEAN_ACE] = 166 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff }, 167 168 /* special value for omitted optional parameter */ 169 [OPAL_UID_HEXFF] = 170 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 171 }; 172 173 /* 174 * TCG Storage SSC Methods. 175 * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00 176 * Section: 6.3 Assigned UIDs 177 */ 178 static const u8 opalmethod[][OPAL_METHOD_LENGTH] = { 179 [OPAL_PROPERTIES] = 180 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 }, 181 [OPAL_STARTSESSION] = 182 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 }, 183 [OPAL_REVERT] = 184 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 }, 185 [OPAL_ACTIVATE] = 186 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 }, 187 [OPAL_EGET] = 188 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 }, 189 [OPAL_ESET] = 190 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 }, 191 [OPAL_NEXT] = 192 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 }, 193 [OPAL_EAUTHENTICATE] = 194 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c }, 195 [OPAL_GETACL] = 196 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d }, 197 [OPAL_GENKEY] = 198 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 }, 199 [OPAL_REVERTSP] = 200 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 }, 201 [OPAL_GET] = 202 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 }, 203 [OPAL_SET] = 204 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 }, 205 [OPAL_AUTHENTICATE] = 206 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c }, 207 [OPAL_RANDOM] = 208 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 }, 209 [OPAL_ERASE] = 210 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 }, 211 }; 212 213 static int end_opal_session_error(struct opal_dev *dev); 214 static int opal_discovery0_step(struct opal_dev *dev); 215 216 struct opal_suspend_data { 217 struct opal_lock_unlock unlk; 218 u8 lr; 219 struct list_head node; 220 }; 221 222 /* 223 * Derived from: 224 * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00 225 * Section: 5.1.5 Method Status Codes 226 */ 227 static const char * const opal_errors[] = { 228 "Success", 229 "Not Authorized", 230 "Unknown Error", 231 "SP Busy", 232 "SP Failed", 233 "SP Disabled", 234 "SP Frozen", 235 "No Sessions Available", 236 "Uniqueness Conflict", 237 "Insufficient Space", 238 "Insufficient Rows", 239 "Invalid Function", 240 "Invalid Parameter", 241 "Invalid Reference", 242 "Unknown Error", 243 "TPER Malfunction", 244 "Transaction Failure", 245 "Response Overflow", 246 "Authority Locked Out", 247 }; 248 249 static const char *opal_error_to_human(int error) 250 { 251 if (error == 0x3f) 252 return "Failed"; 253 254 if (error >= ARRAY_SIZE(opal_errors) || error < 0) 255 return "Unknown Error"; 256 257 return opal_errors[error]; 258 } 259 260 static void print_buffer(const u8 *ptr, u32 length) 261 { 262 #ifdef DEBUG 263 print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length); 264 pr_debug("\n"); 265 #endif 266 } 267 268 static bool check_tper(const void *data) 269 { 270 const struct d0_tper_features *tper = data; 271 u8 flags = tper->supported_features; 272 273 if (!(flags & TPER_SYNC_SUPPORTED)) { 274 pr_debug("TPer sync not supported. flags = %d\n", 275 tper->supported_features); 276 return false; 277 } 278 279 return true; 280 } 281 282 static bool check_lcksuppt(const void *data) 283 { 284 const struct d0_locking_features *lfeat = data; 285 u8 sup_feat = lfeat->supported_features; 286 287 return !!(sup_feat & LOCKING_SUPPORTED_MASK); 288 } 289 290 static bool check_lckenabled(const void *data) 291 { 292 const struct d0_locking_features *lfeat = data; 293 u8 sup_feat = lfeat->supported_features; 294 295 return !!(sup_feat & LOCKING_ENABLED_MASK); 296 } 297 298 static bool check_locked(const void *data) 299 { 300 const struct d0_locking_features *lfeat = data; 301 u8 sup_feat = lfeat->supported_features; 302 303 return !!(sup_feat & LOCKED_MASK); 304 } 305 306 static bool check_mbrenabled(const void *data) 307 { 308 const struct d0_locking_features *lfeat = data; 309 u8 sup_feat = lfeat->supported_features; 310 311 return !!(sup_feat & MBR_ENABLED_MASK); 312 } 313 314 static bool check_mbrdone(const void *data) 315 { 316 const struct d0_locking_features *lfeat = data; 317 u8 sup_feat = lfeat->supported_features; 318 319 return !!(sup_feat & MBR_DONE_MASK); 320 } 321 322 static bool check_sum(const void *data) 323 { 324 const struct d0_single_user_mode *sum = data; 325 u32 nlo = be32_to_cpu(sum->num_locking_objects); 326 327 if (nlo == 0) { 328 pr_debug("Need at least one locking object.\n"); 329 return false; 330 } 331 332 pr_debug("Number of locking objects: %d\n", nlo); 333 334 return true; 335 } 336 337 static u16 get_comid_v100(const void *data) 338 { 339 const struct d0_opal_v100 *v100 = data; 340 341 return be16_to_cpu(v100->baseComID); 342 } 343 344 static u16 get_comid_v200(const void *data) 345 { 346 const struct d0_opal_v200 *v200 = data; 347 348 return be16_to_cpu(v200->baseComID); 349 } 350 351 static int opal_send_cmd(struct opal_dev *dev) 352 { 353 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01, 354 dev->cmd, IO_BUFFER_LENGTH, 355 true); 356 } 357 358 static int opal_recv_cmd(struct opal_dev *dev) 359 { 360 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01, 361 dev->resp, IO_BUFFER_LENGTH, 362 false); 363 } 364 365 static int opal_recv_check(struct opal_dev *dev) 366 { 367 size_t buflen = IO_BUFFER_LENGTH; 368 void *buffer = dev->resp; 369 struct opal_header *hdr = buffer; 370 int ret; 371 372 do { 373 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n", 374 hdr->cp.outstandingData, 375 hdr->cp.minTransfer); 376 377 if (hdr->cp.outstandingData == 0 || 378 hdr->cp.minTransfer != 0) 379 return 0; 380 381 memset(buffer, 0, buflen); 382 ret = opal_recv_cmd(dev); 383 } while (!ret); 384 385 return ret; 386 } 387 388 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont) 389 { 390 int ret; 391 392 ret = opal_send_cmd(dev); 393 if (ret) 394 return ret; 395 ret = opal_recv_cmd(dev); 396 if (ret) 397 return ret; 398 ret = opal_recv_check(dev); 399 if (ret) 400 return ret; 401 return cont(dev); 402 } 403 404 static void check_geometry(struct opal_dev *dev, const void *data) 405 { 406 const struct d0_geometry_features *geo = data; 407 408 dev->align = be64_to_cpu(geo->alignment_granularity); 409 dev->lowest_lba = be64_to_cpu(geo->lowest_aligned_lba); 410 } 411 412 static int execute_step(struct opal_dev *dev, 413 const struct opal_step *step, size_t stepIndex) 414 { 415 int error = step->fn(dev, step->data); 416 417 if (error) { 418 pr_debug("Step %zu (%pS) failed with error %d: %s\n", 419 stepIndex, step->fn, error, 420 opal_error_to_human(error)); 421 } 422 423 return error; 424 } 425 426 static int execute_steps(struct opal_dev *dev, 427 const struct opal_step *steps, size_t n_steps) 428 { 429 size_t state = 0; 430 int error; 431 432 /* first do a discovery0 */ 433 error = opal_discovery0_step(dev); 434 if (error) 435 return error; 436 437 for (state = 0; state < n_steps; state++) { 438 error = execute_step(dev, &steps[state], state); 439 if (error) 440 goto out_error; 441 } 442 443 return 0; 444 445 out_error: 446 /* 447 * For each OPAL command the first step in steps starts some sort of 448 * session. If an error occurred in the initial discovery0 or if an 449 * error occurred in the first step (and thus stopping the loop with 450 * state == 0) then there was an error before or during the attempt to 451 * start a session. Therefore we shouldn't attempt to terminate a 452 * session, as one has not yet been created. 453 */ 454 if (state > 0) 455 end_opal_session_error(dev); 456 457 return error; 458 } 459 460 static int opal_discovery0_end(struct opal_dev *dev) 461 { 462 bool found_com_id = false, supported = true, single_user = false; 463 const struct d0_header *hdr = (struct d0_header *)dev->resp; 464 const u8 *epos = dev->resp, *cpos = dev->resp; 465 u16 comid = 0; 466 u32 hlen = be32_to_cpu(hdr->length); 467 468 print_buffer(dev->resp, hlen); 469 dev->flags &= OPAL_FL_SUPPORTED; 470 471 if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) { 472 pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n", 473 sizeof(*hdr), hlen, IO_BUFFER_LENGTH); 474 return -EFAULT; 475 } 476 477 epos += hlen; /* end of buffer */ 478 cpos += sizeof(*hdr); /* current position on buffer */ 479 480 while (cpos < epos && supported) { 481 const struct d0_features *body = 482 (const struct d0_features *)cpos; 483 484 switch (be16_to_cpu(body->code)) { 485 case FC_TPER: 486 supported = check_tper(body->features); 487 break; 488 case FC_SINGLEUSER: 489 single_user = check_sum(body->features); 490 break; 491 case FC_GEOMETRY: 492 check_geometry(dev, body); 493 break; 494 case FC_LOCKING: 495 if (check_lcksuppt(body->features)) 496 dev->flags |= OPAL_FL_LOCKING_SUPPORTED; 497 if (check_lckenabled(body->features)) 498 dev->flags |= OPAL_FL_LOCKING_ENABLED; 499 if (check_locked(body->features)) 500 dev->flags |= OPAL_FL_LOCKED; 501 if (check_mbrenabled(body->features)) 502 dev->flags |= OPAL_FL_MBR_ENABLED; 503 if (check_mbrdone(body->features)) 504 dev->flags |= OPAL_FL_MBR_DONE; 505 break; 506 case FC_ENTERPRISE: 507 case FC_DATASTORE: 508 /* some ignored properties */ 509 pr_debug("Found OPAL feature description: %d\n", 510 be16_to_cpu(body->code)); 511 break; 512 case FC_OPALV100: 513 comid = get_comid_v100(body->features); 514 found_com_id = true; 515 break; 516 case FC_OPALV200: 517 comid = get_comid_v200(body->features); 518 found_com_id = true; 519 break; 520 case 0xbfff ... 0xffff: 521 /* vendor specific, just ignore */ 522 break; 523 default: 524 pr_debug("OPAL Unknown feature: %d\n", 525 be16_to_cpu(body->code)); 526 527 } 528 cpos += body->length + 4; 529 } 530 531 if (!supported) { 532 pr_debug("This device is not Opal enabled. Not Supported!\n"); 533 return -EOPNOTSUPP; 534 } 535 536 if (!single_user) 537 pr_debug("Device doesn't support single user mode\n"); 538 539 540 if (!found_com_id) { 541 pr_debug("Could not find OPAL comid for device. Returning early\n"); 542 return -EOPNOTSUPP; 543 } 544 545 dev->comid = comid; 546 547 return 0; 548 } 549 550 static int opal_discovery0(struct opal_dev *dev, void *data) 551 { 552 int ret; 553 554 memset(dev->resp, 0, IO_BUFFER_LENGTH); 555 dev->comid = OPAL_DISCOVERY_COMID; 556 ret = opal_recv_cmd(dev); 557 if (ret) 558 return ret; 559 560 return opal_discovery0_end(dev); 561 } 562 563 static int opal_discovery0_step(struct opal_dev *dev) 564 { 565 const struct opal_step discovery0_step = { 566 opal_discovery0, 567 }; 568 569 return execute_step(dev, &discovery0_step, 0); 570 } 571 572 static size_t remaining_size(struct opal_dev *cmd) 573 { 574 return IO_BUFFER_LENGTH - cmd->pos; 575 } 576 577 static bool can_add(int *err, struct opal_dev *cmd, size_t len) 578 { 579 if (*err) 580 return false; 581 582 if (remaining_size(cmd) < len) { 583 pr_debug("Error adding %zu bytes: end of buffer.\n", len); 584 *err = -ERANGE; 585 return false; 586 } 587 588 return true; 589 } 590 591 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok) 592 { 593 if (!can_add(err, cmd, 1)) 594 return; 595 596 cmd->cmd[cmd->pos++] = tok; 597 } 598 599 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring, 600 bool has_sign, int len) 601 { 602 u8 atom; 603 int err = 0; 604 605 atom = SHORT_ATOM_ID; 606 atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0; 607 atom |= has_sign ? SHORT_ATOM_SIGNED : 0; 608 atom |= len & SHORT_ATOM_LEN_MASK; 609 610 add_token_u8(&err, cmd, atom); 611 } 612 613 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring, 614 bool has_sign, int len) 615 { 616 u8 header0; 617 618 header0 = MEDIUM_ATOM_ID; 619 header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0; 620 header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0; 621 header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK; 622 623 cmd->cmd[cmd->pos++] = header0; 624 cmd->cmd[cmd->pos++] = len; 625 } 626 627 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number) 628 { 629 size_t len; 630 int msb; 631 632 if (!(number & ~TINY_ATOM_DATA_MASK)) { 633 add_token_u8(err, cmd, number); 634 return; 635 } 636 637 msb = fls64(number); 638 len = DIV_ROUND_UP(msb, 8); 639 640 if (!can_add(err, cmd, len + 1)) { 641 pr_debug("Error adding u64: end of buffer.\n"); 642 return; 643 } 644 add_short_atom_header(cmd, false, false, len); 645 while (len--) 646 add_token_u8(err, cmd, number >> (len * 8)); 647 } 648 649 static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len) 650 { 651 size_t header_len = 1; 652 bool is_short_atom = true; 653 654 if (len & ~SHORT_ATOM_LEN_MASK) { 655 header_len = 2; 656 is_short_atom = false; 657 } 658 659 if (!can_add(err, cmd, header_len + len)) { 660 pr_debug("Error adding bytestring: end of buffer.\n"); 661 return NULL; 662 } 663 664 if (is_short_atom) 665 add_short_atom_header(cmd, true, false, len); 666 else 667 add_medium_atom_header(cmd, true, false, len); 668 669 return &cmd->cmd[cmd->pos]; 670 } 671 672 static void add_token_bytestring(int *err, struct opal_dev *cmd, 673 const u8 *bytestring, size_t len) 674 { 675 u8 *start; 676 677 start = add_bytestring_header(err, cmd, len); 678 if (!start) 679 return; 680 memcpy(start, bytestring, len); 681 cmd->pos += len; 682 } 683 684 static int build_locking_range(u8 *buffer, size_t length, u8 lr) 685 { 686 if (length > OPAL_UID_LENGTH) { 687 pr_debug("Can't build locking range. Length OOB\n"); 688 return -ERANGE; 689 } 690 691 memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH); 692 693 if (lr == 0) 694 return 0; 695 696 buffer[5] = LOCKING_RANGE_NON_GLOBAL; 697 buffer[7] = lr; 698 699 return 0; 700 } 701 702 static int build_locking_user(u8 *buffer, size_t length, u8 lr) 703 { 704 if (length > OPAL_UID_LENGTH) { 705 pr_debug("Can't build locking range user. Length OOB\n"); 706 return -ERANGE; 707 } 708 709 memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH); 710 711 buffer[7] = lr + 1; 712 713 return 0; 714 } 715 716 static void set_comid(struct opal_dev *cmd, u16 comid) 717 { 718 struct opal_header *hdr = (struct opal_header *)cmd->cmd; 719 720 hdr->cp.extendedComID[0] = comid >> 8; 721 hdr->cp.extendedComID[1] = comid; 722 hdr->cp.extendedComID[2] = 0; 723 hdr->cp.extendedComID[3] = 0; 724 } 725 726 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn) 727 { 728 struct opal_header *hdr; 729 int err = 0; 730 731 /* 732 * Close the parameter list opened from cmd_start. 733 * The number of bytes added must be equal to 734 * CMD_FINALIZE_BYTES_NEEDED. 735 */ 736 add_token_u8(&err, cmd, OPAL_ENDLIST); 737 738 add_token_u8(&err, cmd, OPAL_ENDOFDATA); 739 add_token_u8(&err, cmd, OPAL_STARTLIST); 740 add_token_u8(&err, cmd, 0); 741 add_token_u8(&err, cmd, 0); 742 add_token_u8(&err, cmd, 0); 743 add_token_u8(&err, cmd, OPAL_ENDLIST); 744 745 if (err) { 746 pr_debug("Error finalizing command.\n"); 747 return -EFAULT; 748 } 749 750 hdr = (struct opal_header *) cmd->cmd; 751 752 hdr->pkt.tsn = cpu_to_be32(tsn); 753 hdr->pkt.hsn = cpu_to_be32(hsn); 754 755 hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr)); 756 while (cmd->pos % 4) { 757 if (cmd->pos >= IO_BUFFER_LENGTH) { 758 pr_debug("Error: Buffer overrun\n"); 759 return -ERANGE; 760 } 761 cmd->cmd[cmd->pos++] = 0; 762 } 763 hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) - 764 sizeof(hdr->pkt)); 765 hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp)); 766 767 return 0; 768 } 769 770 static const struct opal_resp_tok *response_get_token( 771 const struct parsed_resp *resp, 772 int n) 773 { 774 const struct opal_resp_tok *tok; 775 776 if (!resp) { 777 pr_debug("Response is NULL\n"); 778 return ERR_PTR(-EINVAL); 779 } 780 781 if (n >= resp->num) { 782 pr_debug("Token number doesn't exist: %d, resp: %d\n", 783 n, resp->num); 784 return ERR_PTR(-EINVAL); 785 } 786 787 tok = &resp->toks[n]; 788 if (tok->len == 0) { 789 pr_debug("Token length must be non-zero\n"); 790 return ERR_PTR(-EINVAL); 791 } 792 793 return tok; 794 } 795 796 static ssize_t response_parse_tiny(struct opal_resp_tok *tok, 797 const u8 *pos) 798 { 799 tok->pos = pos; 800 tok->len = 1; 801 tok->width = OPAL_WIDTH_TINY; 802 803 if (pos[0] & TINY_ATOM_SIGNED) { 804 tok->type = OPAL_DTA_TOKENID_SINT; 805 } else { 806 tok->type = OPAL_DTA_TOKENID_UINT; 807 tok->stored.u = pos[0] & 0x3f; 808 } 809 810 return tok->len; 811 } 812 813 static ssize_t response_parse_short(struct opal_resp_tok *tok, 814 const u8 *pos) 815 { 816 tok->pos = pos; 817 tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1; 818 tok->width = OPAL_WIDTH_SHORT; 819 820 if (pos[0] & SHORT_ATOM_BYTESTRING) { 821 tok->type = OPAL_DTA_TOKENID_BYTESTRING; 822 } else if (pos[0] & SHORT_ATOM_SIGNED) { 823 tok->type = OPAL_DTA_TOKENID_SINT; 824 } else { 825 u64 u_integer = 0; 826 ssize_t i, b = 0; 827 828 tok->type = OPAL_DTA_TOKENID_UINT; 829 if (tok->len > 9) { 830 pr_debug("uint64 with more than 8 bytes\n"); 831 return -EINVAL; 832 } 833 for (i = tok->len - 1; i > 0; i--) { 834 u_integer |= ((u64)pos[i] << (8 * b)); 835 b++; 836 } 837 tok->stored.u = u_integer; 838 } 839 840 return tok->len; 841 } 842 843 static ssize_t response_parse_medium(struct opal_resp_tok *tok, 844 const u8 *pos) 845 { 846 tok->pos = pos; 847 tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2; 848 tok->width = OPAL_WIDTH_MEDIUM; 849 850 if (pos[0] & MEDIUM_ATOM_BYTESTRING) 851 tok->type = OPAL_DTA_TOKENID_BYTESTRING; 852 else if (pos[0] & MEDIUM_ATOM_SIGNED) 853 tok->type = OPAL_DTA_TOKENID_SINT; 854 else 855 tok->type = OPAL_DTA_TOKENID_UINT; 856 857 return tok->len; 858 } 859 860 static ssize_t response_parse_long(struct opal_resp_tok *tok, 861 const u8 *pos) 862 { 863 tok->pos = pos; 864 tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4; 865 tok->width = OPAL_WIDTH_LONG; 866 867 if (pos[0] & LONG_ATOM_BYTESTRING) 868 tok->type = OPAL_DTA_TOKENID_BYTESTRING; 869 else if (pos[0] & LONG_ATOM_SIGNED) 870 tok->type = OPAL_DTA_TOKENID_SINT; 871 else 872 tok->type = OPAL_DTA_TOKENID_UINT; 873 874 return tok->len; 875 } 876 877 static ssize_t response_parse_token(struct opal_resp_tok *tok, 878 const u8 *pos) 879 { 880 tok->pos = pos; 881 tok->len = 1; 882 tok->type = OPAL_DTA_TOKENID_TOKEN; 883 tok->width = OPAL_WIDTH_TOKEN; 884 885 return tok->len; 886 } 887 888 static int response_parse(const u8 *buf, size_t length, 889 struct parsed_resp *resp) 890 { 891 const struct opal_header *hdr; 892 struct opal_resp_tok *iter; 893 int num_entries = 0; 894 int total; 895 ssize_t token_length; 896 const u8 *pos; 897 u32 clen, plen, slen; 898 899 if (!buf) 900 return -EFAULT; 901 902 if (!resp) 903 return -EFAULT; 904 905 hdr = (struct opal_header *)buf; 906 pos = buf; 907 pos += sizeof(*hdr); 908 909 clen = be32_to_cpu(hdr->cp.length); 910 plen = be32_to_cpu(hdr->pkt.length); 911 slen = be32_to_cpu(hdr->subpkt.length); 912 pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n", 913 clen, plen, slen); 914 915 if (clen == 0 || plen == 0 || slen == 0 || 916 slen > IO_BUFFER_LENGTH - sizeof(*hdr)) { 917 pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n", 918 clen, plen, slen); 919 print_buffer(pos, sizeof(*hdr)); 920 return -EINVAL; 921 } 922 923 if (pos > buf + length) 924 return -EFAULT; 925 926 iter = resp->toks; 927 total = slen; 928 print_buffer(pos, total); 929 while (total > 0) { 930 if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */ 931 token_length = response_parse_tiny(iter, pos); 932 else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */ 933 token_length = response_parse_short(iter, pos); 934 else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */ 935 token_length = response_parse_medium(iter, pos); 936 else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */ 937 token_length = response_parse_long(iter, pos); 938 else /* TOKEN */ 939 token_length = response_parse_token(iter, pos); 940 941 if (token_length < 0) 942 return token_length; 943 944 pos += token_length; 945 total -= token_length; 946 iter++; 947 num_entries++; 948 } 949 950 resp->num = num_entries; 951 952 return 0; 953 } 954 955 static size_t response_get_string(const struct parsed_resp *resp, int n, 956 const char **store) 957 { 958 u8 skip; 959 const struct opal_resp_tok *tok; 960 961 *store = NULL; 962 tok = response_get_token(resp, n); 963 if (IS_ERR(tok)) 964 return 0; 965 966 if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) { 967 pr_debug("Token is not a byte string!\n"); 968 return 0; 969 } 970 971 switch (tok->width) { 972 case OPAL_WIDTH_TINY: 973 case OPAL_WIDTH_SHORT: 974 skip = 1; 975 break; 976 case OPAL_WIDTH_MEDIUM: 977 skip = 2; 978 break; 979 case OPAL_WIDTH_LONG: 980 skip = 4; 981 break; 982 default: 983 pr_debug("Token has invalid width!\n"); 984 return 0; 985 } 986 987 *store = tok->pos + skip; 988 989 return tok->len - skip; 990 } 991 992 static u64 response_get_u64(const struct parsed_resp *resp, int n) 993 { 994 const struct opal_resp_tok *tok; 995 996 tok = response_get_token(resp, n); 997 if (IS_ERR(tok)) 998 return 0; 999 1000 if (tok->type != OPAL_DTA_TOKENID_UINT) { 1001 pr_debug("Token is not unsigned int: %d\n", tok->type); 1002 return 0; 1003 } 1004 1005 if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) { 1006 pr_debug("Atom is not short or tiny: %d\n", tok->width); 1007 return 0; 1008 } 1009 1010 return tok->stored.u; 1011 } 1012 1013 static bool response_token_matches(const struct opal_resp_tok *token, u8 match) 1014 { 1015 if (IS_ERR(token) || 1016 token->type != OPAL_DTA_TOKENID_TOKEN || 1017 token->pos[0] != match) 1018 return false; 1019 return true; 1020 } 1021 1022 static u8 response_status(const struct parsed_resp *resp) 1023 { 1024 const struct opal_resp_tok *tok; 1025 1026 tok = response_get_token(resp, 0); 1027 if (response_token_matches(tok, OPAL_ENDOFSESSION)) 1028 return 0; 1029 1030 if (resp->num < 5) 1031 return DTAERROR_NO_METHOD_STATUS; 1032 1033 tok = response_get_token(resp, resp->num - 5); 1034 if (!response_token_matches(tok, OPAL_STARTLIST)) 1035 return DTAERROR_NO_METHOD_STATUS; 1036 1037 tok = response_get_token(resp, resp->num - 1); 1038 if (!response_token_matches(tok, OPAL_ENDLIST)) 1039 return DTAERROR_NO_METHOD_STATUS; 1040 1041 return response_get_u64(resp, resp->num - 4); 1042 } 1043 1044 /* Parses and checks for errors */ 1045 static int parse_and_check_status(struct opal_dev *dev) 1046 { 1047 int error; 1048 1049 print_buffer(dev->cmd, dev->pos); 1050 1051 error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed); 1052 if (error) { 1053 pr_debug("Couldn't parse response.\n"); 1054 return error; 1055 } 1056 1057 return response_status(&dev->parsed); 1058 } 1059 1060 static void clear_opal_cmd(struct opal_dev *dev) 1061 { 1062 dev->pos = sizeof(struct opal_header); 1063 memset(dev->cmd, 0, IO_BUFFER_LENGTH); 1064 } 1065 1066 static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method) 1067 { 1068 int err = 0; 1069 1070 clear_opal_cmd(dev); 1071 set_comid(dev, dev->comid); 1072 1073 add_token_u8(&err, dev, OPAL_CALL); 1074 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH); 1075 add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH); 1076 1077 /* 1078 * Every method call is followed by its parameters enclosed within 1079 * OPAL_STARTLIST and OPAL_ENDLIST tokens. We automatically open the 1080 * parameter list here and close it later in cmd_finalize. 1081 */ 1082 add_token_u8(&err, dev, OPAL_STARTLIST); 1083 1084 return err; 1085 } 1086 1087 static int start_opal_session_cont(struct opal_dev *dev) 1088 { 1089 u32 hsn, tsn; 1090 int error = 0; 1091 1092 error = parse_and_check_status(dev); 1093 if (error) 1094 return error; 1095 1096 hsn = response_get_u64(&dev->parsed, 4); 1097 tsn = response_get_u64(&dev->parsed, 5); 1098 1099 if (hsn != GENERIC_HOST_SESSION_NUM || tsn < FIRST_TPER_SESSION_NUM) { 1100 pr_debug("Couldn't authenticate session\n"); 1101 return -EPERM; 1102 } 1103 1104 dev->hsn = hsn; 1105 dev->tsn = tsn; 1106 1107 return 0; 1108 } 1109 1110 static void add_suspend_info(struct opal_dev *dev, 1111 struct opal_suspend_data *sus) 1112 { 1113 struct opal_suspend_data *iter; 1114 1115 list_for_each_entry(iter, &dev->unlk_lst, node) { 1116 if (iter->lr == sus->lr) { 1117 list_del(&iter->node); 1118 kfree(iter); 1119 break; 1120 } 1121 } 1122 list_add_tail(&sus->node, &dev->unlk_lst); 1123 } 1124 1125 static int end_session_cont(struct opal_dev *dev) 1126 { 1127 dev->hsn = 0; 1128 dev->tsn = 0; 1129 1130 return parse_and_check_status(dev); 1131 } 1132 1133 static int finalize_and_send(struct opal_dev *dev, cont_fn cont) 1134 { 1135 int ret; 1136 1137 ret = cmd_finalize(dev, dev->hsn, dev->tsn); 1138 if (ret) { 1139 pr_debug("Error finalizing command buffer: %d\n", ret); 1140 return ret; 1141 } 1142 1143 print_buffer(dev->cmd, dev->pos); 1144 1145 return opal_send_recv(dev, cont); 1146 } 1147 1148 /* 1149 * request @column from table @table on device @dev. On success, the column 1150 * data will be available in dev->resp->tok[4] 1151 */ 1152 static int generic_get_column(struct opal_dev *dev, const u8 *table, 1153 u64 column) 1154 { 1155 int err; 1156 1157 err = cmd_start(dev, table, opalmethod[OPAL_GET]); 1158 1159 add_token_u8(&err, dev, OPAL_STARTLIST); 1160 1161 add_token_u8(&err, dev, OPAL_STARTNAME); 1162 add_token_u8(&err, dev, OPAL_STARTCOLUMN); 1163 add_token_u64(&err, dev, column); 1164 add_token_u8(&err, dev, OPAL_ENDNAME); 1165 1166 add_token_u8(&err, dev, OPAL_STARTNAME); 1167 add_token_u8(&err, dev, OPAL_ENDCOLUMN); 1168 add_token_u64(&err, dev, column); 1169 add_token_u8(&err, dev, OPAL_ENDNAME); 1170 1171 add_token_u8(&err, dev, OPAL_ENDLIST); 1172 1173 if (err) 1174 return err; 1175 1176 return finalize_and_send(dev, parse_and_check_status); 1177 } 1178 1179 /* 1180 * see TCG SAS 5.3.2.3 for a description of the available columns 1181 * 1182 * the result is provided in dev->resp->tok[4] 1183 */ 1184 static int generic_get_table_info(struct opal_dev *dev, const u8 *table_uid, 1185 u64 column) 1186 { 1187 u8 uid[OPAL_UID_LENGTH]; 1188 const unsigned int half = OPAL_UID_LENGTH_HALF; 1189 1190 /* sed-opal UIDs can be split in two halves: 1191 * first: actual table index 1192 * second: relative index in the table 1193 * so we have to get the first half of the OPAL_TABLE_TABLE and use the 1194 * first part of the target table as relative index into that table 1195 */ 1196 memcpy(uid, opaluid[OPAL_TABLE_TABLE], half); 1197 memcpy(uid + half, table_uid, half); 1198 1199 return generic_get_column(dev, uid, column); 1200 } 1201 1202 static int gen_key(struct opal_dev *dev, void *data) 1203 { 1204 u8 uid[OPAL_UID_LENGTH]; 1205 int err; 1206 1207 memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len)); 1208 kfree(dev->prev_data); 1209 dev->prev_data = NULL; 1210 1211 err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]); 1212 1213 if (err) { 1214 pr_debug("Error building gen key command\n"); 1215 return err; 1216 1217 } 1218 1219 return finalize_and_send(dev, parse_and_check_status); 1220 } 1221 1222 static int get_active_key_cont(struct opal_dev *dev) 1223 { 1224 const char *activekey; 1225 size_t keylen; 1226 int error = 0; 1227 1228 error = parse_and_check_status(dev); 1229 if (error) 1230 return error; 1231 1232 keylen = response_get_string(&dev->parsed, 4, &activekey); 1233 if (!activekey) { 1234 pr_debug("%s: Couldn't extract the Activekey from the response\n", 1235 __func__); 1236 return OPAL_INVAL_PARAM; 1237 } 1238 1239 dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL); 1240 1241 if (!dev->prev_data) 1242 return -ENOMEM; 1243 1244 dev->prev_d_len = keylen; 1245 1246 return 0; 1247 } 1248 1249 static int get_active_key(struct opal_dev *dev, void *data) 1250 { 1251 u8 uid[OPAL_UID_LENGTH]; 1252 int err; 1253 u8 *lr = data; 1254 1255 err = build_locking_range(uid, sizeof(uid), *lr); 1256 if (err) 1257 return err; 1258 1259 err = generic_get_column(dev, uid, OPAL_ACTIVEKEY); 1260 if (err) 1261 return err; 1262 1263 return get_active_key_cont(dev); 1264 } 1265 1266 static int generic_table_write_data(struct opal_dev *dev, const u64 data, 1267 u64 offset, u64 size, const u8 *uid) 1268 { 1269 const u8 __user *src = (u8 __user *)(uintptr_t)data; 1270 u8 *dst; 1271 u64 len; 1272 size_t off = 0; 1273 int err; 1274 1275 /* do we fit in the available space? */ 1276 err = generic_get_table_info(dev, uid, OPAL_TABLE_ROWS); 1277 if (err) { 1278 pr_debug("Couldn't get the table size\n"); 1279 return err; 1280 } 1281 1282 len = response_get_u64(&dev->parsed, 4); 1283 if (size > len || offset > len - size) { 1284 pr_debug("Does not fit in the table (%llu vs. %llu)\n", 1285 offset + size, len); 1286 return -ENOSPC; 1287 } 1288 1289 /* do the actual transmission(s) */ 1290 while (off < size) { 1291 err = cmd_start(dev, uid, opalmethod[OPAL_SET]); 1292 add_token_u8(&err, dev, OPAL_STARTNAME); 1293 add_token_u8(&err, dev, OPAL_WHERE); 1294 add_token_u64(&err, dev, offset + off); 1295 add_token_u8(&err, dev, OPAL_ENDNAME); 1296 1297 add_token_u8(&err, dev, OPAL_STARTNAME); 1298 add_token_u8(&err, dev, OPAL_VALUES); 1299 1300 /* 1301 * The bytestring header is either 1 or 2 bytes, so assume 2. 1302 * There also needs to be enough space to accommodate the 1303 * trailing OPAL_ENDNAME (1 byte) and tokens added by 1304 * cmd_finalize. 1305 */ 1306 len = min(remaining_size(dev) - (2+1+CMD_FINALIZE_BYTES_NEEDED), 1307 (size_t)(size - off)); 1308 pr_debug("Write bytes %zu+%llu/%llu\n", off, len, size); 1309 1310 dst = add_bytestring_header(&err, dev, len); 1311 if (!dst) 1312 break; 1313 1314 if (copy_from_user(dst, src + off, len)) { 1315 err = -EFAULT; 1316 break; 1317 } 1318 1319 dev->pos += len; 1320 1321 add_token_u8(&err, dev, OPAL_ENDNAME); 1322 if (err) 1323 break; 1324 1325 err = finalize_and_send(dev, parse_and_check_status); 1326 if (err) 1327 break; 1328 1329 off += len; 1330 } 1331 1332 return err; 1333 } 1334 1335 static int generic_lr_enable_disable(struct opal_dev *dev, 1336 u8 *uid, bool rle, bool wle, 1337 bool rl, bool wl) 1338 { 1339 int err; 1340 1341 err = cmd_start(dev, uid, opalmethod[OPAL_SET]); 1342 1343 add_token_u8(&err, dev, OPAL_STARTNAME); 1344 add_token_u8(&err, dev, OPAL_VALUES); 1345 add_token_u8(&err, dev, OPAL_STARTLIST); 1346 1347 add_token_u8(&err, dev, OPAL_STARTNAME); 1348 add_token_u8(&err, dev, OPAL_READLOCKENABLED); 1349 add_token_u8(&err, dev, rle); 1350 add_token_u8(&err, dev, OPAL_ENDNAME); 1351 1352 add_token_u8(&err, dev, OPAL_STARTNAME); 1353 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED); 1354 add_token_u8(&err, dev, wle); 1355 add_token_u8(&err, dev, OPAL_ENDNAME); 1356 1357 add_token_u8(&err, dev, OPAL_STARTNAME); 1358 add_token_u8(&err, dev, OPAL_READLOCKED); 1359 add_token_u8(&err, dev, rl); 1360 add_token_u8(&err, dev, OPAL_ENDNAME); 1361 1362 add_token_u8(&err, dev, OPAL_STARTNAME); 1363 add_token_u8(&err, dev, OPAL_WRITELOCKED); 1364 add_token_u8(&err, dev, wl); 1365 add_token_u8(&err, dev, OPAL_ENDNAME); 1366 1367 add_token_u8(&err, dev, OPAL_ENDLIST); 1368 add_token_u8(&err, dev, OPAL_ENDNAME); 1369 1370 return err; 1371 } 1372 1373 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid, 1374 struct opal_user_lr_setup *setup) 1375 { 1376 int err; 1377 1378 err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE, 1379 0, 0); 1380 if (err) 1381 pr_debug("Failed to create enable global lr command\n"); 1382 1383 return err; 1384 } 1385 1386 static int setup_locking_range(struct opal_dev *dev, void *data) 1387 { 1388 u8 uid[OPAL_UID_LENGTH]; 1389 struct opal_user_lr_setup *setup = data; 1390 u8 lr; 1391 int err; 1392 1393 lr = setup->session.opal_key.lr; 1394 err = build_locking_range(uid, sizeof(uid), lr); 1395 if (err) 1396 return err; 1397 1398 if (lr == 0) 1399 err = enable_global_lr(dev, uid, setup); 1400 else { 1401 err = cmd_start(dev, uid, opalmethod[OPAL_SET]); 1402 1403 add_token_u8(&err, dev, OPAL_STARTNAME); 1404 add_token_u8(&err, dev, OPAL_VALUES); 1405 add_token_u8(&err, dev, OPAL_STARTLIST); 1406 1407 add_token_u8(&err, dev, OPAL_STARTNAME); 1408 add_token_u8(&err, dev, OPAL_RANGESTART); 1409 add_token_u64(&err, dev, setup->range_start); 1410 add_token_u8(&err, dev, OPAL_ENDNAME); 1411 1412 add_token_u8(&err, dev, OPAL_STARTNAME); 1413 add_token_u8(&err, dev, OPAL_RANGELENGTH); 1414 add_token_u64(&err, dev, setup->range_length); 1415 add_token_u8(&err, dev, OPAL_ENDNAME); 1416 1417 add_token_u8(&err, dev, OPAL_STARTNAME); 1418 add_token_u8(&err, dev, OPAL_READLOCKENABLED); 1419 add_token_u64(&err, dev, !!setup->RLE); 1420 add_token_u8(&err, dev, OPAL_ENDNAME); 1421 1422 add_token_u8(&err, dev, OPAL_STARTNAME); 1423 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED); 1424 add_token_u64(&err, dev, !!setup->WLE); 1425 add_token_u8(&err, dev, OPAL_ENDNAME); 1426 1427 add_token_u8(&err, dev, OPAL_ENDLIST); 1428 add_token_u8(&err, dev, OPAL_ENDNAME); 1429 } 1430 if (err) { 1431 pr_debug("Error building Setup Locking range command.\n"); 1432 return err; 1433 } 1434 1435 return finalize_and_send(dev, parse_and_check_status); 1436 } 1437 1438 static int start_generic_opal_session(struct opal_dev *dev, 1439 enum opal_uid auth, 1440 enum opal_uid sp_type, 1441 const char *key, 1442 u8 key_len) 1443 { 1444 u32 hsn; 1445 int err; 1446 1447 if (key == NULL && auth != OPAL_ANYBODY_UID) 1448 return OPAL_INVAL_PARAM; 1449 1450 hsn = GENERIC_HOST_SESSION_NUM; 1451 err = cmd_start(dev, opaluid[OPAL_SMUID_UID], 1452 opalmethod[OPAL_STARTSESSION]); 1453 1454 add_token_u64(&err, dev, hsn); 1455 add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH); 1456 add_token_u8(&err, dev, 1); 1457 1458 switch (auth) { 1459 case OPAL_ANYBODY_UID: 1460 break; 1461 case OPAL_ADMIN1_UID: 1462 case OPAL_SID_UID: 1463 case OPAL_PSID_UID: 1464 add_token_u8(&err, dev, OPAL_STARTNAME); 1465 add_token_u8(&err, dev, 0); /* HostChallenge */ 1466 add_token_bytestring(&err, dev, key, key_len); 1467 add_token_u8(&err, dev, OPAL_ENDNAME); 1468 add_token_u8(&err, dev, OPAL_STARTNAME); 1469 add_token_u8(&err, dev, 3); /* HostSignAuth */ 1470 add_token_bytestring(&err, dev, opaluid[auth], 1471 OPAL_UID_LENGTH); 1472 add_token_u8(&err, dev, OPAL_ENDNAME); 1473 break; 1474 default: 1475 pr_debug("Cannot start Admin SP session with auth %d\n", auth); 1476 return OPAL_INVAL_PARAM; 1477 } 1478 1479 if (err) { 1480 pr_debug("Error building start adminsp session command.\n"); 1481 return err; 1482 } 1483 1484 return finalize_and_send(dev, start_opal_session_cont); 1485 } 1486 1487 static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data) 1488 { 1489 return start_generic_opal_session(dev, OPAL_ANYBODY_UID, 1490 OPAL_ADMINSP_UID, NULL, 0); 1491 } 1492 1493 static int start_SIDASP_opal_session(struct opal_dev *dev, void *data) 1494 { 1495 int ret; 1496 const u8 *key = dev->prev_data; 1497 1498 if (!key) { 1499 const struct opal_key *okey = data; 1500 1501 ret = start_generic_opal_session(dev, OPAL_SID_UID, 1502 OPAL_ADMINSP_UID, 1503 okey->key, 1504 okey->key_len); 1505 } else { 1506 ret = start_generic_opal_session(dev, OPAL_SID_UID, 1507 OPAL_ADMINSP_UID, 1508 key, dev->prev_d_len); 1509 kfree(key); 1510 dev->prev_data = NULL; 1511 } 1512 1513 return ret; 1514 } 1515 1516 static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data) 1517 { 1518 struct opal_key *key = data; 1519 1520 return start_generic_opal_session(dev, OPAL_ADMIN1_UID, 1521 OPAL_LOCKINGSP_UID, 1522 key->key, key->key_len); 1523 } 1524 1525 static int start_PSID_opal_session(struct opal_dev *dev, void *data) 1526 { 1527 const struct opal_key *okey = data; 1528 1529 return start_generic_opal_session(dev, OPAL_PSID_UID, 1530 OPAL_ADMINSP_UID, 1531 okey->key, 1532 okey->key_len); 1533 } 1534 1535 static int start_auth_opal_session(struct opal_dev *dev, void *data) 1536 { 1537 struct opal_session_info *session = data; 1538 u8 lk_ul_user[OPAL_UID_LENGTH]; 1539 size_t keylen = session->opal_key.key_len; 1540 int err = 0; 1541 1542 u8 *key = session->opal_key.key; 1543 u32 hsn = GENERIC_HOST_SESSION_NUM; 1544 1545 if (session->sum) 1546 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user), 1547 session->opal_key.lr); 1548 else if (session->who != OPAL_ADMIN1 && !session->sum) 1549 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user), 1550 session->who - 1); 1551 else 1552 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH); 1553 1554 if (err) 1555 return err; 1556 1557 err = cmd_start(dev, opaluid[OPAL_SMUID_UID], 1558 opalmethod[OPAL_STARTSESSION]); 1559 1560 add_token_u64(&err, dev, hsn); 1561 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID], 1562 OPAL_UID_LENGTH); 1563 add_token_u8(&err, dev, 1); 1564 add_token_u8(&err, dev, OPAL_STARTNAME); 1565 add_token_u8(&err, dev, 0); 1566 add_token_bytestring(&err, dev, key, keylen); 1567 add_token_u8(&err, dev, OPAL_ENDNAME); 1568 add_token_u8(&err, dev, OPAL_STARTNAME); 1569 add_token_u8(&err, dev, 3); 1570 add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH); 1571 add_token_u8(&err, dev, OPAL_ENDNAME); 1572 1573 if (err) { 1574 pr_debug("Error building STARTSESSION command.\n"); 1575 return err; 1576 } 1577 1578 return finalize_and_send(dev, start_opal_session_cont); 1579 } 1580 1581 static int revert_tper(struct opal_dev *dev, void *data) 1582 { 1583 int err; 1584 1585 err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID], 1586 opalmethod[OPAL_REVERT]); 1587 if (err) { 1588 pr_debug("Error building REVERT TPER command.\n"); 1589 return err; 1590 } 1591 1592 return finalize_and_send(dev, parse_and_check_status); 1593 } 1594 1595 static int internal_activate_user(struct opal_dev *dev, void *data) 1596 { 1597 struct opal_session_info *session = data; 1598 u8 uid[OPAL_UID_LENGTH]; 1599 int err; 1600 1601 memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH); 1602 uid[7] = session->who; 1603 1604 err = cmd_start(dev, uid, opalmethod[OPAL_SET]); 1605 add_token_u8(&err, dev, OPAL_STARTNAME); 1606 add_token_u8(&err, dev, OPAL_VALUES); 1607 add_token_u8(&err, dev, OPAL_STARTLIST); 1608 add_token_u8(&err, dev, OPAL_STARTNAME); 1609 add_token_u8(&err, dev, 5); /* Enabled */ 1610 add_token_u8(&err, dev, OPAL_TRUE); 1611 add_token_u8(&err, dev, OPAL_ENDNAME); 1612 add_token_u8(&err, dev, OPAL_ENDLIST); 1613 add_token_u8(&err, dev, OPAL_ENDNAME); 1614 1615 if (err) { 1616 pr_debug("Error building Activate UserN command.\n"); 1617 return err; 1618 } 1619 1620 return finalize_and_send(dev, parse_and_check_status); 1621 } 1622 1623 static int erase_locking_range(struct opal_dev *dev, void *data) 1624 { 1625 struct opal_session_info *session = data; 1626 u8 uid[OPAL_UID_LENGTH]; 1627 int err; 1628 1629 if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0) 1630 return -ERANGE; 1631 1632 err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]); 1633 1634 if (err) { 1635 pr_debug("Error building Erase Locking Range Command.\n"); 1636 return err; 1637 } 1638 1639 return finalize_and_send(dev, parse_and_check_status); 1640 } 1641 1642 static int set_mbr_done(struct opal_dev *dev, void *data) 1643 { 1644 u8 *mbr_done_tf = data; 1645 int err; 1646 1647 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL], 1648 opalmethod[OPAL_SET]); 1649 1650 add_token_u8(&err, dev, OPAL_STARTNAME); 1651 add_token_u8(&err, dev, OPAL_VALUES); 1652 add_token_u8(&err, dev, OPAL_STARTLIST); 1653 add_token_u8(&err, dev, OPAL_STARTNAME); 1654 add_token_u8(&err, dev, OPAL_MBRDONE); 1655 add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */ 1656 add_token_u8(&err, dev, OPAL_ENDNAME); 1657 add_token_u8(&err, dev, OPAL_ENDLIST); 1658 add_token_u8(&err, dev, OPAL_ENDNAME); 1659 1660 if (err) { 1661 pr_debug("Error Building set MBR Done command\n"); 1662 return err; 1663 } 1664 1665 return finalize_and_send(dev, parse_and_check_status); 1666 } 1667 1668 static int set_mbr_enable_disable(struct opal_dev *dev, void *data) 1669 { 1670 u8 *mbr_en_dis = data; 1671 int err; 1672 1673 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL], 1674 opalmethod[OPAL_SET]); 1675 1676 add_token_u8(&err, dev, OPAL_STARTNAME); 1677 add_token_u8(&err, dev, OPAL_VALUES); 1678 add_token_u8(&err, dev, OPAL_STARTLIST); 1679 add_token_u8(&err, dev, OPAL_STARTNAME); 1680 add_token_u8(&err, dev, OPAL_MBRENABLE); 1681 add_token_u8(&err, dev, *mbr_en_dis); 1682 add_token_u8(&err, dev, OPAL_ENDNAME); 1683 add_token_u8(&err, dev, OPAL_ENDLIST); 1684 add_token_u8(&err, dev, OPAL_ENDNAME); 1685 1686 if (err) { 1687 pr_debug("Error Building set MBR done command\n"); 1688 return err; 1689 } 1690 1691 return finalize_and_send(dev, parse_and_check_status); 1692 } 1693 1694 static int write_shadow_mbr(struct opal_dev *dev, void *data) 1695 { 1696 struct opal_shadow_mbr *shadow = data; 1697 1698 return generic_table_write_data(dev, shadow->data, shadow->offset, 1699 shadow->size, opaluid[OPAL_MBR]); 1700 } 1701 1702 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid, 1703 struct opal_dev *dev) 1704 { 1705 int err; 1706 1707 err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]); 1708 1709 add_token_u8(&err, dev, OPAL_STARTNAME); 1710 add_token_u8(&err, dev, OPAL_VALUES); 1711 add_token_u8(&err, dev, OPAL_STARTLIST); 1712 add_token_u8(&err, dev, OPAL_STARTNAME); 1713 add_token_u8(&err, dev, OPAL_PIN); 1714 add_token_bytestring(&err, dev, key, key_len); 1715 add_token_u8(&err, dev, OPAL_ENDNAME); 1716 add_token_u8(&err, dev, OPAL_ENDLIST); 1717 add_token_u8(&err, dev, OPAL_ENDNAME); 1718 1719 return err; 1720 } 1721 1722 static int set_new_pw(struct opal_dev *dev, void *data) 1723 { 1724 u8 cpin_uid[OPAL_UID_LENGTH]; 1725 struct opal_session_info *usr = data; 1726 1727 memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH); 1728 1729 if (usr->who != OPAL_ADMIN1) { 1730 cpin_uid[5] = 0x03; 1731 if (usr->sum) 1732 cpin_uid[7] = usr->opal_key.lr + 1; 1733 else 1734 cpin_uid[7] = usr->who; 1735 } 1736 1737 if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len, 1738 cpin_uid, dev)) { 1739 pr_debug("Error building set password command.\n"); 1740 return -ERANGE; 1741 } 1742 1743 return finalize_and_send(dev, parse_and_check_status); 1744 } 1745 1746 static int set_sid_cpin_pin(struct opal_dev *dev, void *data) 1747 { 1748 u8 cpin_uid[OPAL_UID_LENGTH]; 1749 struct opal_key *key = data; 1750 1751 memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH); 1752 1753 if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) { 1754 pr_debug("Error building Set SID cpin\n"); 1755 return -ERANGE; 1756 } 1757 return finalize_and_send(dev, parse_and_check_status); 1758 } 1759 1760 static int add_user_to_lr(struct opal_dev *dev, void *data) 1761 { 1762 u8 lr_buffer[OPAL_UID_LENGTH]; 1763 u8 user_uid[OPAL_UID_LENGTH]; 1764 struct opal_lock_unlock *lkul = data; 1765 int err; 1766 1767 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_RDLOCKED], 1768 OPAL_UID_LENGTH); 1769 1770 if (lkul->l_state == OPAL_RW) 1771 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_WRLOCKED], 1772 OPAL_UID_LENGTH); 1773 1774 lr_buffer[7] = lkul->session.opal_key.lr; 1775 1776 memcpy(user_uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH); 1777 1778 user_uid[7] = lkul->session.who; 1779 1780 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]); 1781 1782 add_token_u8(&err, dev, OPAL_STARTNAME); 1783 add_token_u8(&err, dev, OPAL_VALUES); 1784 1785 add_token_u8(&err, dev, OPAL_STARTLIST); 1786 add_token_u8(&err, dev, OPAL_STARTNAME); 1787 add_token_u8(&err, dev, 3); 1788 1789 add_token_u8(&err, dev, OPAL_STARTLIST); 1790 1791 1792 add_token_u8(&err, dev, OPAL_STARTNAME); 1793 add_token_bytestring(&err, dev, 1794 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF], 1795 OPAL_UID_LENGTH/2); 1796 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH); 1797 add_token_u8(&err, dev, OPAL_ENDNAME); 1798 1799 1800 add_token_u8(&err, dev, OPAL_STARTNAME); 1801 add_token_bytestring(&err, dev, 1802 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF], 1803 OPAL_UID_LENGTH/2); 1804 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH); 1805 add_token_u8(&err, dev, OPAL_ENDNAME); 1806 1807 1808 add_token_u8(&err, dev, OPAL_STARTNAME); 1809 add_token_bytestring(&err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE], 1810 OPAL_UID_LENGTH/2); 1811 add_token_u8(&err, dev, 1); 1812 add_token_u8(&err, dev, OPAL_ENDNAME); 1813 1814 1815 add_token_u8(&err, dev, OPAL_ENDLIST); 1816 add_token_u8(&err, dev, OPAL_ENDNAME); 1817 add_token_u8(&err, dev, OPAL_ENDLIST); 1818 add_token_u8(&err, dev, OPAL_ENDNAME); 1819 1820 if (err) { 1821 pr_debug("Error building add user to locking range command.\n"); 1822 return err; 1823 } 1824 1825 return finalize_and_send(dev, parse_and_check_status); 1826 } 1827 1828 static int lock_unlock_locking_range(struct opal_dev *dev, void *data) 1829 { 1830 u8 lr_buffer[OPAL_UID_LENGTH]; 1831 struct opal_lock_unlock *lkul = data; 1832 u8 read_locked = 1, write_locked = 1; 1833 int err = 0; 1834 1835 if (build_locking_range(lr_buffer, sizeof(lr_buffer), 1836 lkul->session.opal_key.lr) < 0) 1837 return -ERANGE; 1838 1839 switch (lkul->l_state) { 1840 case OPAL_RO: 1841 read_locked = 0; 1842 write_locked = 1; 1843 break; 1844 case OPAL_RW: 1845 read_locked = 0; 1846 write_locked = 0; 1847 break; 1848 case OPAL_LK: 1849 /* vars are initialized to locked */ 1850 break; 1851 default: 1852 pr_debug("Tried to set an invalid locking state... returning to uland\n"); 1853 return OPAL_INVAL_PARAM; 1854 } 1855 1856 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]); 1857 1858 add_token_u8(&err, dev, OPAL_STARTNAME); 1859 add_token_u8(&err, dev, OPAL_VALUES); 1860 add_token_u8(&err, dev, OPAL_STARTLIST); 1861 1862 add_token_u8(&err, dev, OPAL_STARTNAME); 1863 add_token_u8(&err, dev, OPAL_READLOCKED); 1864 add_token_u8(&err, dev, read_locked); 1865 add_token_u8(&err, dev, OPAL_ENDNAME); 1866 1867 add_token_u8(&err, dev, OPAL_STARTNAME); 1868 add_token_u8(&err, dev, OPAL_WRITELOCKED); 1869 add_token_u8(&err, dev, write_locked); 1870 add_token_u8(&err, dev, OPAL_ENDNAME); 1871 1872 add_token_u8(&err, dev, OPAL_ENDLIST); 1873 add_token_u8(&err, dev, OPAL_ENDNAME); 1874 1875 if (err) { 1876 pr_debug("Error building SET command.\n"); 1877 return err; 1878 } 1879 1880 return finalize_and_send(dev, parse_and_check_status); 1881 } 1882 1883 1884 static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data) 1885 { 1886 u8 lr_buffer[OPAL_UID_LENGTH]; 1887 u8 read_locked = 1, write_locked = 1; 1888 struct opal_lock_unlock *lkul = data; 1889 int ret; 1890 1891 clear_opal_cmd(dev); 1892 set_comid(dev, dev->comid); 1893 1894 if (build_locking_range(lr_buffer, sizeof(lr_buffer), 1895 lkul->session.opal_key.lr) < 0) 1896 return -ERANGE; 1897 1898 switch (lkul->l_state) { 1899 case OPAL_RO: 1900 read_locked = 0; 1901 write_locked = 1; 1902 break; 1903 case OPAL_RW: 1904 read_locked = 0; 1905 write_locked = 0; 1906 break; 1907 case OPAL_LK: 1908 /* vars are initialized to locked */ 1909 break; 1910 default: 1911 pr_debug("Tried to set an invalid locking state.\n"); 1912 return OPAL_INVAL_PARAM; 1913 } 1914 ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1, 1915 read_locked, write_locked); 1916 1917 if (ret < 0) { 1918 pr_debug("Error building SET command.\n"); 1919 return ret; 1920 } 1921 1922 return finalize_and_send(dev, parse_and_check_status); 1923 } 1924 1925 static int activate_lsp(struct opal_dev *dev, void *data) 1926 { 1927 struct opal_lr_act *opal_act = data; 1928 u8 user_lr[OPAL_UID_LENGTH]; 1929 int err, i; 1930 1931 err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID], 1932 opalmethod[OPAL_ACTIVATE]); 1933 1934 if (opal_act->sum) { 1935 err = build_locking_range(user_lr, sizeof(user_lr), 1936 opal_act->lr[0]); 1937 if (err) 1938 return err; 1939 1940 add_token_u8(&err, dev, OPAL_STARTNAME); 1941 add_token_u64(&err, dev, OPAL_SUM_SET_LIST); 1942 1943 add_token_u8(&err, dev, OPAL_STARTLIST); 1944 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH); 1945 for (i = 1; i < opal_act->num_lrs; i++) { 1946 user_lr[7] = opal_act->lr[i]; 1947 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH); 1948 } 1949 add_token_u8(&err, dev, OPAL_ENDLIST); 1950 add_token_u8(&err, dev, OPAL_ENDNAME); 1951 } 1952 1953 if (err) { 1954 pr_debug("Error building Activate LockingSP command.\n"); 1955 return err; 1956 } 1957 1958 return finalize_and_send(dev, parse_and_check_status); 1959 } 1960 1961 /* Determine if we're in the Manufactured Inactive or Active state */ 1962 static int get_lsp_lifecycle(struct opal_dev *dev, void *data) 1963 { 1964 u8 lc_status; 1965 int err; 1966 1967 err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID], 1968 OPAL_LIFECYCLE); 1969 if (err) 1970 return err; 1971 1972 lc_status = response_get_u64(&dev->parsed, 4); 1973 /* 0x08 is Manufactured Inactive */ 1974 /* 0x09 is Manufactured */ 1975 if (lc_status != OPAL_MANUFACTURED_INACTIVE) { 1976 pr_debug("Couldn't determine the status of the Lifecycle state\n"); 1977 return -ENODEV; 1978 } 1979 1980 return 0; 1981 } 1982 1983 static int get_msid_cpin_pin(struct opal_dev *dev, void *data) 1984 { 1985 const char *msid_pin; 1986 size_t strlen; 1987 int err; 1988 1989 err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN); 1990 if (err) 1991 return err; 1992 1993 strlen = response_get_string(&dev->parsed, 4, &msid_pin); 1994 if (!msid_pin) { 1995 pr_debug("Couldn't extract MSID_CPIN from response\n"); 1996 return OPAL_INVAL_PARAM; 1997 } 1998 1999 dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL); 2000 if (!dev->prev_data) 2001 return -ENOMEM; 2002 2003 dev->prev_d_len = strlen; 2004 2005 return 0; 2006 } 2007 2008 static int write_table_data(struct opal_dev *dev, void *data) 2009 { 2010 struct opal_read_write_table *write_tbl = data; 2011 2012 return generic_table_write_data(dev, write_tbl->data, write_tbl->offset, 2013 write_tbl->size, write_tbl->table_uid); 2014 } 2015 2016 static int read_table_data_cont(struct opal_dev *dev) 2017 { 2018 int err; 2019 const char *data_read; 2020 2021 err = parse_and_check_status(dev); 2022 if (err) 2023 return err; 2024 2025 dev->prev_d_len = response_get_string(&dev->parsed, 1, &data_read); 2026 dev->prev_data = (void *)data_read; 2027 if (!dev->prev_data) { 2028 pr_debug("%s: Couldn't read data from the table.\n", __func__); 2029 return OPAL_INVAL_PARAM; 2030 } 2031 2032 return 0; 2033 } 2034 2035 /* 2036 * IO_BUFFER_LENGTH = 2048 2037 * sizeof(header) = 56 2038 * No. of Token Bytes in the Response = 11 2039 * MAX size of data that can be carried in response buffer 2040 * at a time is : 2048 - (56 + 11) = 1981 = 0x7BD. 2041 */ 2042 #define OPAL_MAX_READ_TABLE (0x7BD) 2043 2044 static int read_table_data(struct opal_dev *dev, void *data) 2045 { 2046 struct opal_read_write_table *read_tbl = data; 2047 int err; 2048 size_t off = 0, max_read_size = OPAL_MAX_READ_TABLE; 2049 u64 table_len, len; 2050 u64 offset = read_tbl->offset, read_size = read_tbl->size - 1; 2051 u8 __user *dst; 2052 2053 err = generic_get_table_info(dev, read_tbl->table_uid, OPAL_TABLE_ROWS); 2054 if (err) { 2055 pr_debug("Couldn't get the table size\n"); 2056 return err; 2057 } 2058 2059 table_len = response_get_u64(&dev->parsed, 4); 2060 2061 /* Check if the user is trying to read from the table limits */ 2062 if (read_size > table_len || offset > table_len - read_size) { 2063 pr_debug("Read size exceeds the Table size limits (%llu vs. %llu)\n", 2064 offset + read_size, table_len); 2065 return -EINVAL; 2066 } 2067 2068 while (off < read_size) { 2069 err = cmd_start(dev, read_tbl->table_uid, opalmethod[OPAL_GET]); 2070 2071 add_token_u8(&err, dev, OPAL_STARTLIST); 2072 add_token_u8(&err, dev, OPAL_STARTNAME); 2073 add_token_u8(&err, dev, OPAL_STARTROW); 2074 add_token_u64(&err, dev, offset + off); /* start row value */ 2075 add_token_u8(&err, dev, OPAL_ENDNAME); 2076 2077 add_token_u8(&err, dev, OPAL_STARTNAME); 2078 add_token_u8(&err, dev, OPAL_ENDROW); 2079 2080 len = min(max_read_size, (size_t)(read_size - off)); 2081 add_token_u64(&err, dev, offset + off + len); /* end row value 2082 */ 2083 add_token_u8(&err, dev, OPAL_ENDNAME); 2084 add_token_u8(&err, dev, OPAL_ENDLIST); 2085 2086 if (err) { 2087 pr_debug("Error building read table data command.\n"); 2088 break; 2089 } 2090 2091 err = finalize_and_send(dev, read_table_data_cont); 2092 if (err) 2093 break; 2094 2095 /* len+1: This includes the NULL terminator at the end*/ 2096 if (dev->prev_d_len > len + 1) { 2097 err = -EOVERFLOW; 2098 break; 2099 } 2100 2101 dst = (u8 __user *)(uintptr_t)read_tbl->data; 2102 if (copy_to_user(dst + off, dev->prev_data, dev->prev_d_len)) { 2103 pr_debug("Error copying data to userspace\n"); 2104 err = -EFAULT; 2105 break; 2106 } 2107 dev->prev_data = NULL; 2108 2109 off += len; 2110 } 2111 2112 return err; 2113 } 2114 2115 static int end_opal_session(struct opal_dev *dev, void *data) 2116 { 2117 int err = 0; 2118 2119 clear_opal_cmd(dev); 2120 set_comid(dev, dev->comid); 2121 add_token_u8(&err, dev, OPAL_ENDOFSESSION); 2122 2123 if (err < 0) 2124 return err; 2125 2126 return finalize_and_send(dev, end_session_cont); 2127 } 2128 2129 static int end_opal_session_error(struct opal_dev *dev) 2130 { 2131 const struct opal_step error_end_session = { 2132 end_opal_session, 2133 }; 2134 2135 return execute_step(dev, &error_end_session, 0); 2136 } 2137 2138 static inline void setup_opal_dev(struct opal_dev *dev) 2139 { 2140 dev->tsn = 0; 2141 dev->hsn = 0; 2142 dev->prev_data = NULL; 2143 } 2144 2145 static int check_opal_support(struct opal_dev *dev) 2146 { 2147 int ret; 2148 2149 mutex_lock(&dev->dev_lock); 2150 setup_opal_dev(dev); 2151 ret = opal_discovery0_step(dev); 2152 if (!ret) 2153 dev->flags |= OPAL_FL_SUPPORTED; 2154 mutex_unlock(&dev->dev_lock); 2155 2156 return ret; 2157 } 2158 2159 static void clean_opal_dev(struct opal_dev *dev) 2160 { 2161 2162 struct opal_suspend_data *suspend, *next; 2163 2164 mutex_lock(&dev->dev_lock); 2165 list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) { 2166 list_del(&suspend->node); 2167 kfree(suspend); 2168 } 2169 mutex_unlock(&dev->dev_lock); 2170 } 2171 2172 void free_opal_dev(struct opal_dev *dev) 2173 { 2174 if (!dev) 2175 return; 2176 2177 clean_opal_dev(dev); 2178 kfree(dev->resp); 2179 kfree(dev->cmd); 2180 kfree(dev); 2181 } 2182 EXPORT_SYMBOL(free_opal_dev); 2183 2184 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv) 2185 { 2186 struct opal_dev *dev; 2187 2188 dev = kmalloc(sizeof(*dev), GFP_KERNEL); 2189 if (!dev) 2190 return NULL; 2191 2192 /* 2193 * Presumably DMA-able buffers must be cache-aligned. Kmalloc makes 2194 * sure the allocated buffer is DMA-safe in that regard. 2195 */ 2196 dev->cmd = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL); 2197 if (!dev->cmd) 2198 goto err_free_dev; 2199 2200 dev->resp = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL); 2201 if (!dev->resp) 2202 goto err_free_cmd; 2203 2204 INIT_LIST_HEAD(&dev->unlk_lst); 2205 mutex_init(&dev->dev_lock); 2206 dev->flags = 0; 2207 dev->data = data; 2208 dev->send_recv = send_recv; 2209 if (check_opal_support(dev) != 0) { 2210 pr_debug("Opal is not supported on this device\n"); 2211 goto err_free_resp; 2212 } 2213 2214 return dev; 2215 2216 err_free_resp: 2217 kfree(dev->resp); 2218 2219 err_free_cmd: 2220 kfree(dev->cmd); 2221 2222 err_free_dev: 2223 kfree(dev); 2224 2225 return NULL; 2226 } 2227 EXPORT_SYMBOL(init_opal_dev); 2228 2229 static int opal_secure_erase_locking_range(struct opal_dev *dev, 2230 struct opal_session_info *opal_session) 2231 { 2232 const struct opal_step erase_steps[] = { 2233 { start_auth_opal_session, opal_session }, 2234 { get_active_key, &opal_session->opal_key.lr }, 2235 { gen_key, }, 2236 { end_opal_session, } 2237 }; 2238 int ret; 2239 2240 mutex_lock(&dev->dev_lock); 2241 setup_opal_dev(dev); 2242 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps)); 2243 mutex_unlock(&dev->dev_lock); 2244 2245 return ret; 2246 } 2247 2248 static int opal_erase_locking_range(struct opal_dev *dev, 2249 struct opal_session_info *opal_session) 2250 { 2251 const struct opal_step erase_steps[] = { 2252 { start_auth_opal_session, opal_session }, 2253 { erase_locking_range, opal_session }, 2254 { end_opal_session, } 2255 }; 2256 int ret; 2257 2258 mutex_lock(&dev->dev_lock); 2259 setup_opal_dev(dev); 2260 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps)); 2261 mutex_unlock(&dev->dev_lock); 2262 2263 return ret; 2264 } 2265 2266 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev, 2267 struct opal_mbr_data *opal_mbr) 2268 { 2269 u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ? 2270 OPAL_TRUE : OPAL_FALSE; 2271 2272 const struct opal_step mbr_steps[] = { 2273 { start_admin1LSP_opal_session, &opal_mbr->key }, 2274 { set_mbr_done, &enable_disable }, 2275 { end_opal_session, }, 2276 { start_admin1LSP_opal_session, &opal_mbr->key }, 2277 { set_mbr_enable_disable, &enable_disable }, 2278 { end_opal_session, } 2279 }; 2280 int ret; 2281 2282 if (opal_mbr->enable_disable != OPAL_MBR_ENABLE && 2283 opal_mbr->enable_disable != OPAL_MBR_DISABLE) 2284 return -EINVAL; 2285 2286 mutex_lock(&dev->dev_lock); 2287 setup_opal_dev(dev); 2288 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps)); 2289 mutex_unlock(&dev->dev_lock); 2290 2291 return ret; 2292 } 2293 2294 static int opal_set_mbr_done(struct opal_dev *dev, 2295 struct opal_mbr_done *mbr_done) 2296 { 2297 u8 mbr_done_tf = mbr_done->done_flag == OPAL_MBR_DONE ? 2298 OPAL_TRUE : OPAL_FALSE; 2299 2300 const struct opal_step mbr_steps[] = { 2301 { start_admin1LSP_opal_session, &mbr_done->key }, 2302 { set_mbr_done, &mbr_done_tf }, 2303 { end_opal_session, } 2304 }; 2305 int ret; 2306 2307 if (mbr_done->done_flag != OPAL_MBR_DONE && 2308 mbr_done->done_flag != OPAL_MBR_NOT_DONE) 2309 return -EINVAL; 2310 2311 mutex_lock(&dev->dev_lock); 2312 setup_opal_dev(dev); 2313 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps)); 2314 mutex_unlock(&dev->dev_lock); 2315 2316 return ret; 2317 } 2318 2319 static int opal_write_shadow_mbr(struct opal_dev *dev, 2320 struct opal_shadow_mbr *info) 2321 { 2322 const struct opal_step mbr_steps[] = { 2323 { start_admin1LSP_opal_session, &info->key }, 2324 { write_shadow_mbr, info }, 2325 { end_opal_session, } 2326 }; 2327 int ret; 2328 2329 if (info->size == 0) 2330 return 0; 2331 2332 mutex_lock(&dev->dev_lock); 2333 setup_opal_dev(dev); 2334 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps)); 2335 mutex_unlock(&dev->dev_lock); 2336 2337 return ret; 2338 } 2339 2340 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk) 2341 { 2342 struct opal_suspend_data *suspend; 2343 2344 suspend = kzalloc(sizeof(*suspend), GFP_KERNEL); 2345 if (!suspend) 2346 return -ENOMEM; 2347 2348 suspend->unlk = *lk_unlk; 2349 suspend->lr = lk_unlk->session.opal_key.lr; 2350 2351 mutex_lock(&dev->dev_lock); 2352 setup_opal_dev(dev); 2353 add_suspend_info(dev, suspend); 2354 mutex_unlock(&dev->dev_lock); 2355 2356 return 0; 2357 } 2358 2359 static int opal_add_user_to_lr(struct opal_dev *dev, 2360 struct opal_lock_unlock *lk_unlk) 2361 { 2362 const struct opal_step steps[] = { 2363 { start_admin1LSP_opal_session, &lk_unlk->session.opal_key }, 2364 { add_user_to_lr, lk_unlk }, 2365 { end_opal_session, } 2366 }; 2367 int ret; 2368 2369 if (lk_unlk->l_state != OPAL_RO && 2370 lk_unlk->l_state != OPAL_RW) { 2371 pr_debug("Locking state was not RO or RW\n"); 2372 return -EINVAL; 2373 } 2374 2375 if (lk_unlk->session.who < OPAL_USER1 || 2376 lk_unlk->session.who > OPAL_USER9) { 2377 pr_debug("Authority was not within the range of users: %d\n", 2378 lk_unlk->session.who); 2379 return -EINVAL; 2380 } 2381 2382 if (lk_unlk->session.sum) { 2383 pr_debug("%s not supported in sum. Use setup locking range\n", 2384 __func__); 2385 return -EINVAL; 2386 } 2387 2388 mutex_lock(&dev->dev_lock); 2389 setup_opal_dev(dev); 2390 ret = execute_steps(dev, steps, ARRAY_SIZE(steps)); 2391 mutex_unlock(&dev->dev_lock); 2392 2393 return ret; 2394 } 2395 2396 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psid) 2397 { 2398 /* controller will terminate session */ 2399 const struct opal_step revert_steps[] = { 2400 { start_SIDASP_opal_session, opal }, 2401 { revert_tper, } 2402 }; 2403 const struct opal_step psid_revert_steps[] = { 2404 { start_PSID_opal_session, opal }, 2405 { revert_tper, } 2406 }; 2407 2408 int ret; 2409 2410 mutex_lock(&dev->dev_lock); 2411 setup_opal_dev(dev); 2412 if (psid) 2413 ret = execute_steps(dev, psid_revert_steps, 2414 ARRAY_SIZE(psid_revert_steps)); 2415 else 2416 ret = execute_steps(dev, revert_steps, 2417 ARRAY_SIZE(revert_steps)); 2418 mutex_unlock(&dev->dev_lock); 2419 2420 /* 2421 * If we successfully reverted lets clean 2422 * any saved locking ranges. 2423 */ 2424 if (!ret) 2425 clean_opal_dev(dev); 2426 2427 return ret; 2428 } 2429 2430 static int __opal_lock_unlock(struct opal_dev *dev, 2431 struct opal_lock_unlock *lk_unlk) 2432 { 2433 const struct opal_step unlock_steps[] = { 2434 { start_auth_opal_session, &lk_unlk->session }, 2435 { lock_unlock_locking_range, lk_unlk }, 2436 { end_opal_session, } 2437 }; 2438 const struct opal_step unlock_sum_steps[] = { 2439 { start_auth_opal_session, &lk_unlk->session }, 2440 { lock_unlock_locking_range_sum, lk_unlk }, 2441 { end_opal_session, } 2442 }; 2443 2444 if (lk_unlk->session.sum) 2445 return execute_steps(dev, unlock_sum_steps, 2446 ARRAY_SIZE(unlock_sum_steps)); 2447 else 2448 return execute_steps(dev, unlock_steps, 2449 ARRAY_SIZE(unlock_steps)); 2450 } 2451 2452 static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key) 2453 { 2454 u8 mbr_done_tf = OPAL_TRUE; 2455 const struct opal_step mbrdone_step[] = { 2456 { start_admin1LSP_opal_session, key }, 2457 { set_mbr_done, &mbr_done_tf }, 2458 { end_opal_session, } 2459 }; 2460 2461 return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step)); 2462 } 2463 2464 static void opal_lock_check_for_saved_key(struct opal_dev *dev, 2465 struct opal_lock_unlock *lk_unlk) 2466 { 2467 struct opal_suspend_data *iter; 2468 2469 if (lk_unlk->l_state != OPAL_LK || 2470 lk_unlk->session.opal_key.key_len > 0) 2471 return; 2472 2473 /* 2474 * Usually when closing a crypto device (eg: dm-crypt with LUKS) the 2475 * volume key is not required, as it requires root privileges anyway, 2476 * and root can deny access to a disk in many ways regardless. 2477 * Requiring the volume key to lock the device is a peculiarity of the 2478 * OPAL specification. Given we might already have saved the key if 2479 * the user requested it via the 'IOC_OPAL_SAVE' ioctl, we can use 2480 * that key to lock the device if no key was provided here, the 2481 * locking range matches and the appropriate flag was passed with 2482 * 'IOC_OPAL_SAVE'. 2483 * This allows integrating OPAL with tools and libraries that are used 2484 * to the common behaviour and do not ask for the volume key when 2485 * closing a device. 2486 */ 2487 setup_opal_dev(dev); 2488 list_for_each_entry(iter, &dev->unlk_lst, node) { 2489 if ((iter->unlk.flags & OPAL_SAVE_FOR_LOCK) && 2490 iter->lr == lk_unlk->session.opal_key.lr && 2491 iter->unlk.session.opal_key.key_len > 0) { 2492 lk_unlk->session.opal_key.key_len = 2493 iter->unlk.session.opal_key.key_len; 2494 memcpy(lk_unlk->session.opal_key.key, 2495 iter->unlk.session.opal_key.key, 2496 iter->unlk.session.opal_key.key_len); 2497 break; 2498 } 2499 } 2500 } 2501 2502 static int opal_lock_unlock(struct opal_dev *dev, 2503 struct opal_lock_unlock *lk_unlk) 2504 { 2505 int ret; 2506 2507 if (lk_unlk->session.who > OPAL_USER9) 2508 return -EINVAL; 2509 2510 mutex_lock(&dev->dev_lock); 2511 opal_lock_check_for_saved_key(dev, lk_unlk); 2512 ret = __opal_lock_unlock(dev, lk_unlk); 2513 mutex_unlock(&dev->dev_lock); 2514 2515 return ret; 2516 } 2517 2518 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal) 2519 { 2520 const struct opal_step owner_steps[] = { 2521 { start_anybodyASP_opal_session, }, 2522 { get_msid_cpin_pin, }, 2523 { end_opal_session, }, 2524 { start_SIDASP_opal_session, opal }, 2525 { set_sid_cpin_pin, opal }, 2526 { end_opal_session, } 2527 }; 2528 int ret; 2529 2530 if (!dev) 2531 return -ENODEV; 2532 2533 mutex_lock(&dev->dev_lock); 2534 setup_opal_dev(dev); 2535 ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps)); 2536 mutex_unlock(&dev->dev_lock); 2537 2538 return ret; 2539 } 2540 2541 static int opal_activate_lsp(struct opal_dev *dev, 2542 struct opal_lr_act *opal_lr_act) 2543 { 2544 const struct opal_step active_steps[] = { 2545 { start_SIDASP_opal_session, &opal_lr_act->key }, 2546 { get_lsp_lifecycle, }, 2547 { activate_lsp, opal_lr_act }, 2548 { end_opal_session, } 2549 }; 2550 int ret; 2551 2552 if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS) 2553 return -EINVAL; 2554 2555 mutex_lock(&dev->dev_lock); 2556 setup_opal_dev(dev); 2557 ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps)); 2558 mutex_unlock(&dev->dev_lock); 2559 2560 return ret; 2561 } 2562 2563 static int opal_setup_locking_range(struct opal_dev *dev, 2564 struct opal_user_lr_setup *opal_lrs) 2565 { 2566 const struct opal_step lr_steps[] = { 2567 { start_auth_opal_session, &opal_lrs->session }, 2568 { setup_locking_range, opal_lrs }, 2569 { end_opal_session, } 2570 }; 2571 int ret; 2572 2573 mutex_lock(&dev->dev_lock); 2574 setup_opal_dev(dev); 2575 ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps)); 2576 mutex_unlock(&dev->dev_lock); 2577 2578 return ret; 2579 } 2580 2581 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw) 2582 { 2583 const struct opal_step pw_steps[] = { 2584 { start_auth_opal_session, &opal_pw->session }, 2585 { set_new_pw, &opal_pw->new_user_pw }, 2586 { end_opal_session, } 2587 }; 2588 int ret; 2589 2590 if (opal_pw->session.who > OPAL_USER9 || 2591 opal_pw->new_user_pw.who > OPAL_USER9) 2592 return -EINVAL; 2593 2594 mutex_lock(&dev->dev_lock); 2595 setup_opal_dev(dev); 2596 ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps)); 2597 mutex_unlock(&dev->dev_lock); 2598 2599 return ret; 2600 } 2601 2602 static int opal_activate_user(struct opal_dev *dev, 2603 struct opal_session_info *opal_session) 2604 { 2605 const struct opal_step act_steps[] = { 2606 { start_admin1LSP_opal_session, &opal_session->opal_key }, 2607 { internal_activate_user, opal_session }, 2608 { end_opal_session, } 2609 }; 2610 int ret; 2611 2612 /* We can't activate Admin1 it's active as manufactured */ 2613 if (opal_session->who < OPAL_USER1 || 2614 opal_session->who > OPAL_USER9) { 2615 pr_debug("Who was not a valid user: %d\n", opal_session->who); 2616 return -EINVAL; 2617 } 2618 2619 mutex_lock(&dev->dev_lock); 2620 setup_opal_dev(dev); 2621 ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps)); 2622 mutex_unlock(&dev->dev_lock); 2623 2624 return ret; 2625 } 2626 2627 bool opal_unlock_from_suspend(struct opal_dev *dev) 2628 { 2629 struct opal_suspend_data *suspend; 2630 bool was_failure = false; 2631 int ret = 0; 2632 2633 if (!dev) 2634 return false; 2635 2636 if (!(dev->flags & OPAL_FL_SUPPORTED)) 2637 return false; 2638 2639 mutex_lock(&dev->dev_lock); 2640 setup_opal_dev(dev); 2641 2642 list_for_each_entry(suspend, &dev->unlk_lst, node) { 2643 dev->tsn = 0; 2644 dev->hsn = 0; 2645 2646 ret = __opal_lock_unlock(dev, &suspend->unlk); 2647 if (ret) { 2648 pr_debug("Failed to unlock LR %hhu with sum %d\n", 2649 suspend->unlk.session.opal_key.lr, 2650 suspend->unlk.session.sum); 2651 was_failure = true; 2652 } 2653 2654 if (dev->flags & OPAL_FL_MBR_ENABLED) { 2655 ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key); 2656 if (ret) 2657 pr_debug("Failed to set MBR Done in S3 resume\n"); 2658 } 2659 } 2660 mutex_unlock(&dev->dev_lock); 2661 2662 return was_failure; 2663 } 2664 EXPORT_SYMBOL(opal_unlock_from_suspend); 2665 2666 static int opal_read_table(struct opal_dev *dev, 2667 struct opal_read_write_table *rw_tbl) 2668 { 2669 const struct opal_step read_table_steps[] = { 2670 { start_admin1LSP_opal_session, &rw_tbl->key }, 2671 { read_table_data, rw_tbl }, 2672 { end_opal_session, } 2673 }; 2674 int ret = 0; 2675 2676 if (!rw_tbl->size) 2677 return ret; 2678 2679 return execute_steps(dev, read_table_steps, 2680 ARRAY_SIZE(read_table_steps)); 2681 } 2682 2683 static int opal_write_table(struct opal_dev *dev, 2684 struct opal_read_write_table *rw_tbl) 2685 { 2686 const struct opal_step write_table_steps[] = { 2687 { start_admin1LSP_opal_session, &rw_tbl->key }, 2688 { write_table_data, rw_tbl }, 2689 { end_opal_session, } 2690 }; 2691 int ret = 0; 2692 2693 if (!rw_tbl->size) 2694 return ret; 2695 2696 return execute_steps(dev, write_table_steps, 2697 ARRAY_SIZE(write_table_steps)); 2698 } 2699 2700 static int opal_generic_read_write_table(struct opal_dev *dev, 2701 struct opal_read_write_table *rw_tbl) 2702 { 2703 int ret, bit_set; 2704 2705 mutex_lock(&dev->dev_lock); 2706 setup_opal_dev(dev); 2707 2708 bit_set = fls64(rw_tbl->flags) - 1; 2709 switch (bit_set) { 2710 case OPAL_READ_TABLE: 2711 ret = opal_read_table(dev, rw_tbl); 2712 break; 2713 case OPAL_WRITE_TABLE: 2714 ret = opal_write_table(dev, rw_tbl); 2715 break; 2716 default: 2717 pr_debug("Invalid bit set in the flag (%016llx).\n", 2718 rw_tbl->flags); 2719 ret = -EINVAL; 2720 break; 2721 } 2722 2723 mutex_unlock(&dev->dev_lock); 2724 2725 return ret; 2726 } 2727 2728 static int opal_get_status(struct opal_dev *dev, void __user *data) 2729 { 2730 struct opal_status sts = {0}; 2731 2732 /* 2733 * check_opal_support() error is not fatal, 2734 * !dev->supported is a valid condition 2735 */ 2736 if (!check_opal_support(dev)) 2737 sts.flags = dev->flags; 2738 if (copy_to_user(data, &sts, sizeof(sts))) { 2739 pr_debug("Error copying status to userspace\n"); 2740 return -EFAULT; 2741 } 2742 return 0; 2743 } 2744 2745 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg) 2746 { 2747 void *p; 2748 int ret = -ENOTTY; 2749 2750 if (!capable(CAP_SYS_ADMIN)) 2751 return -EACCES; 2752 if (!dev) 2753 return -ENOTSUPP; 2754 if (!(dev->flags & OPAL_FL_SUPPORTED)) 2755 return -ENOTSUPP; 2756 2757 if (cmd & IOC_IN) { 2758 p = memdup_user(arg, _IOC_SIZE(cmd)); 2759 if (IS_ERR(p)) 2760 return PTR_ERR(p); 2761 } 2762 2763 switch (cmd) { 2764 case IOC_OPAL_SAVE: 2765 ret = opal_save(dev, p); 2766 break; 2767 case IOC_OPAL_LOCK_UNLOCK: 2768 ret = opal_lock_unlock(dev, p); 2769 break; 2770 case IOC_OPAL_TAKE_OWNERSHIP: 2771 ret = opal_take_ownership(dev, p); 2772 break; 2773 case IOC_OPAL_ACTIVATE_LSP: 2774 ret = opal_activate_lsp(dev, p); 2775 break; 2776 case IOC_OPAL_SET_PW: 2777 ret = opal_set_new_pw(dev, p); 2778 break; 2779 case IOC_OPAL_ACTIVATE_USR: 2780 ret = opal_activate_user(dev, p); 2781 break; 2782 case IOC_OPAL_REVERT_TPR: 2783 ret = opal_reverttper(dev, p, false); 2784 break; 2785 case IOC_OPAL_LR_SETUP: 2786 ret = opal_setup_locking_range(dev, p); 2787 break; 2788 case IOC_OPAL_ADD_USR_TO_LR: 2789 ret = opal_add_user_to_lr(dev, p); 2790 break; 2791 case IOC_OPAL_ENABLE_DISABLE_MBR: 2792 ret = opal_enable_disable_shadow_mbr(dev, p); 2793 break; 2794 case IOC_OPAL_MBR_DONE: 2795 ret = opal_set_mbr_done(dev, p); 2796 break; 2797 case IOC_OPAL_WRITE_SHADOW_MBR: 2798 ret = opal_write_shadow_mbr(dev, p); 2799 break; 2800 case IOC_OPAL_ERASE_LR: 2801 ret = opal_erase_locking_range(dev, p); 2802 break; 2803 case IOC_OPAL_SECURE_ERASE_LR: 2804 ret = opal_secure_erase_locking_range(dev, p); 2805 break; 2806 case IOC_OPAL_PSID_REVERT_TPR: 2807 ret = opal_reverttper(dev, p, true); 2808 break; 2809 case IOC_OPAL_GENERIC_TABLE_RW: 2810 ret = opal_generic_read_write_table(dev, p); 2811 break; 2812 case IOC_OPAL_GET_STATUS: 2813 ret = opal_get_status(dev, arg); 2814 break; 2815 default: 2816 break; 2817 } 2818 2819 if (cmd & IOC_IN) 2820 kfree(p); 2821 return ret; 2822 } 2823 EXPORT_SYMBOL_GPL(sed_ioctl); 2824