xref: /linux/block/sed-opal.c (revision 811f35ff59b6f99ae272d6f5b96bc9e974f88196)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright © 2016 Intel Corporation
4  *
5  * Authors:
6  *    Scott  Bauer      <scott.bauer@intel.com>
7  *    Rafael Antognolli <rafael.antognolli@intel.com>
8  */
9 
10 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
11 
12 #include <linux/delay.h>
13 #include <linux/device.h>
14 #include <linux/kernel.h>
15 #include <linux/list.h>
16 #include <linux/blkdev.h>
17 #include <linux/slab.h>
18 #include <linux/uaccess.h>
19 #include <uapi/linux/sed-opal.h>
20 #include <linux/sed-opal.h>
21 #include <linux/string.h>
22 #include <linux/kdev_t.h>
23 
24 #include "opal_proto.h"
25 
26 #define IO_BUFFER_LENGTH 2048
27 #define MAX_TOKS 64
28 
29 /* Number of bytes needed by cmd_finalize. */
30 #define CMD_FINALIZE_BYTES_NEEDED 7
31 
32 struct opal_step {
33 	int (*fn)(struct opal_dev *dev, void *data);
34 	void *data;
35 };
36 typedef int (cont_fn)(struct opal_dev *dev);
37 
38 enum opal_atom_width {
39 	OPAL_WIDTH_TINY,
40 	OPAL_WIDTH_SHORT,
41 	OPAL_WIDTH_MEDIUM,
42 	OPAL_WIDTH_LONG,
43 	OPAL_WIDTH_TOKEN
44 };
45 
46 /*
47  * On the parsed response, we don't store again the toks that are already
48  * stored in the response buffer. Instead, for each token, we just store a
49  * pointer to the position in the buffer where the token starts, and the size
50  * of the token in bytes.
51  */
52 struct opal_resp_tok {
53 	const u8 *pos;
54 	size_t len;
55 	enum opal_response_token type;
56 	enum opal_atom_width width;
57 	union {
58 		u64 u;
59 		s64 s;
60 	} stored;
61 };
62 
63 /*
64  * From the response header it's not possible to know how many tokens there are
65  * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
66  * if we start dealing with messages that have more than that, we can increase
67  * this number. This is done to avoid having to make two passes through the
68  * response, the first one counting how many tokens we have and the second one
69  * actually storing the positions.
70  */
71 struct parsed_resp {
72 	int num;
73 	struct opal_resp_tok toks[MAX_TOKS];
74 };
75 
76 struct opal_dev {
77 	u32 flags;
78 
79 	void *data;
80 	sec_send_recv *send_recv;
81 
82 	struct mutex dev_lock;
83 	u16 comid;
84 	u32 hsn;
85 	u32 tsn;
86 	u64 align;
87 	u64 lowest_lba;
88 
89 	size_t pos;
90 	u8 *cmd;
91 	u8 *resp;
92 
93 	struct parsed_resp parsed;
94 	size_t prev_d_len;
95 	void *prev_data;
96 
97 	struct list_head unlk_lst;
98 };
99 
100 
101 static const u8 opaluid[][OPAL_UID_LENGTH] = {
102 	/* users */
103 	[OPAL_SMUID_UID] =
104 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
105 	[OPAL_THISSP_UID] =
106 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
107 	[OPAL_ADMINSP_UID] =
108 		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
109 	[OPAL_LOCKINGSP_UID] =
110 		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
111 	[OPAL_ENTERPRISE_LOCKINGSP_UID] =
112 		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
113 	[OPAL_ANYBODY_UID] =
114 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
115 	[OPAL_SID_UID] =
116 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
117 	[OPAL_ADMIN1_UID] =
118 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
119 	[OPAL_USER1_UID] =
120 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
121 	[OPAL_USER2_UID] =
122 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
123 	[OPAL_PSID_UID] =
124 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
125 	[OPAL_ENTERPRISE_BANDMASTER0_UID] =
126 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
127 	[OPAL_ENTERPRISE_ERASEMASTER_UID] =
128 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
129 
130 	/* tables */
131 	[OPAL_TABLE_TABLE] =
132 		{ 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01 },
133 	[OPAL_LOCKINGRANGE_GLOBAL] =
134 		{ 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
135 	[OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
136 		{ 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
137 	[OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
138 		{ 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
139 	[OPAL_MBRCONTROL] =
140 		{ 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
141 	[OPAL_MBR] =
142 		{ 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
143 	[OPAL_AUTHORITY_TABLE] =
144 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
145 	[OPAL_C_PIN_TABLE] =
146 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
147 	[OPAL_LOCKING_INFO_TABLE] =
148 		{ 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
149 	[OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
150 		{ 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
151 	[OPAL_DATASTORE] =
152 		{ 0x00, 0x00, 0x10, 0x01, 0x00, 0x00, 0x00, 0x00 },
153 
154 	/* C_PIN_TABLE object ID's */
155 	[OPAL_C_PIN_MSID] =
156 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
157 	[OPAL_C_PIN_SID] =
158 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
159 	[OPAL_C_PIN_ADMIN1] =
160 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
161 
162 	/* half UID's (only first 4 bytes used) */
163 	[OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
164 		{ 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
165 	[OPAL_HALF_UID_BOOLEAN_ACE] =
166 		{ 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
167 
168 	/* special value for omitted optional parameter */
169 	[OPAL_UID_HEXFF] =
170 		{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
171 };
172 
173 /*
174  * TCG Storage SSC Methods.
175  * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
176  * Section: 6.3 Assigned UIDs
177  */
178 static const u8 opalmethod[][OPAL_METHOD_LENGTH] = {
179 	[OPAL_PROPERTIES] =
180 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
181 	[OPAL_STARTSESSION] =
182 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
183 	[OPAL_REVERT] =
184 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
185 	[OPAL_ACTIVATE] =
186 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
187 	[OPAL_EGET] =
188 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
189 	[OPAL_ESET] =
190 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
191 	[OPAL_NEXT] =
192 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
193 	[OPAL_EAUTHENTICATE] =
194 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
195 	[OPAL_GETACL] =
196 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
197 	[OPAL_GENKEY] =
198 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
199 	[OPAL_REVERTSP] =
200 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
201 	[OPAL_GET] =
202 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
203 	[OPAL_SET] =
204 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
205 	[OPAL_AUTHENTICATE] =
206 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
207 	[OPAL_RANDOM] =
208 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
209 	[OPAL_ERASE] =
210 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
211 };
212 
213 static int end_opal_session_error(struct opal_dev *dev);
214 static int opal_discovery0_step(struct opal_dev *dev);
215 
216 struct opal_suspend_data {
217 	struct opal_lock_unlock unlk;
218 	u8 lr;
219 	struct list_head node;
220 };
221 
222 /*
223  * Derived from:
224  * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
225  * Section: 5.1.5 Method Status Codes
226  */
227 static const char * const opal_errors[] = {
228 	"Success",
229 	"Not Authorized",
230 	"Unknown Error",
231 	"SP Busy",
232 	"SP Failed",
233 	"SP Disabled",
234 	"SP Frozen",
235 	"No Sessions Available",
236 	"Uniqueness Conflict",
237 	"Insufficient Space",
238 	"Insufficient Rows",
239 	"Invalid Function",
240 	"Invalid Parameter",
241 	"Invalid Reference",
242 	"Unknown Error",
243 	"TPER Malfunction",
244 	"Transaction Failure",
245 	"Response Overflow",
246 	"Authority Locked Out",
247 };
248 
249 static const char *opal_error_to_human(int error)
250 {
251 	if (error == 0x3f)
252 		return "Failed";
253 
254 	if (error >= ARRAY_SIZE(opal_errors) || error < 0)
255 		return "Unknown Error";
256 
257 	return opal_errors[error];
258 }
259 
260 static void print_buffer(const u8 *ptr, u32 length)
261 {
262 #ifdef DEBUG
263 	print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
264 	pr_debug("\n");
265 #endif
266 }
267 
268 static bool check_tper(const void *data)
269 {
270 	const struct d0_tper_features *tper = data;
271 	u8 flags = tper->supported_features;
272 
273 	if (!(flags & TPER_SYNC_SUPPORTED)) {
274 		pr_debug("TPer sync not supported. flags = %d\n",
275 			 tper->supported_features);
276 		return false;
277 	}
278 
279 	return true;
280 }
281 
282 static bool check_lcksuppt(const void *data)
283 {
284 	const struct d0_locking_features *lfeat = data;
285 	u8 sup_feat = lfeat->supported_features;
286 
287 	return !!(sup_feat & LOCKING_SUPPORTED_MASK);
288 }
289 
290 static bool check_lckenabled(const void *data)
291 {
292 	const struct d0_locking_features *lfeat = data;
293 	u8 sup_feat = lfeat->supported_features;
294 
295 	return !!(sup_feat & LOCKING_ENABLED_MASK);
296 }
297 
298 static bool check_locked(const void *data)
299 {
300 	const struct d0_locking_features *lfeat = data;
301 	u8 sup_feat = lfeat->supported_features;
302 
303 	return !!(sup_feat & LOCKED_MASK);
304 }
305 
306 static bool check_mbrenabled(const void *data)
307 {
308 	const struct d0_locking_features *lfeat = data;
309 	u8 sup_feat = lfeat->supported_features;
310 
311 	return !!(sup_feat & MBR_ENABLED_MASK);
312 }
313 
314 static bool check_mbrdone(const void *data)
315 {
316 	const struct d0_locking_features *lfeat = data;
317 	u8 sup_feat = lfeat->supported_features;
318 
319 	return !!(sup_feat & MBR_DONE_MASK);
320 }
321 
322 static bool check_sum(const void *data)
323 {
324 	const struct d0_single_user_mode *sum = data;
325 	u32 nlo = be32_to_cpu(sum->num_locking_objects);
326 
327 	if (nlo == 0) {
328 		pr_debug("Need at least one locking object.\n");
329 		return false;
330 	}
331 
332 	pr_debug("Number of locking objects: %d\n", nlo);
333 
334 	return true;
335 }
336 
337 static u16 get_comid_v100(const void *data)
338 {
339 	const struct d0_opal_v100 *v100 = data;
340 
341 	return be16_to_cpu(v100->baseComID);
342 }
343 
344 static u16 get_comid_v200(const void *data)
345 {
346 	const struct d0_opal_v200 *v200 = data;
347 
348 	return be16_to_cpu(v200->baseComID);
349 }
350 
351 static int opal_send_cmd(struct opal_dev *dev)
352 {
353 	return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
354 			      dev->cmd, IO_BUFFER_LENGTH,
355 			      true);
356 }
357 
358 static int opal_recv_cmd(struct opal_dev *dev)
359 {
360 	return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
361 			      dev->resp, IO_BUFFER_LENGTH,
362 			      false);
363 }
364 
365 static int opal_recv_check(struct opal_dev *dev)
366 {
367 	size_t buflen = IO_BUFFER_LENGTH;
368 	void *buffer = dev->resp;
369 	struct opal_header *hdr = buffer;
370 	int ret;
371 
372 	do {
373 		pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
374 			 hdr->cp.outstandingData,
375 			 hdr->cp.minTransfer);
376 
377 		if (hdr->cp.outstandingData == 0 ||
378 		    hdr->cp.minTransfer != 0)
379 			return 0;
380 
381 		memset(buffer, 0, buflen);
382 		ret = opal_recv_cmd(dev);
383 	} while (!ret);
384 
385 	return ret;
386 }
387 
388 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
389 {
390 	int ret;
391 
392 	ret = opal_send_cmd(dev);
393 	if (ret)
394 		return ret;
395 	ret = opal_recv_cmd(dev);
396 	if (ret)
397 		return ret;
398 	ret = opal_recv_check(dev);
399 	if (ret)
400 		return ret;
401 	return cont(dev);
402 }
403 
404 static void check_geometry(struct opal_dev *dev, const void *data)
405 {
406 	const struct d0_geometry_features *geo = data;
407 
408 	dev->align = be64_to_cpu(geo->alignment_granularity);
409 	dev->lowest_lba = be64_to_cpu(geo->lowest_aligned_lba);
410 }
411 
412 static int execute_step(struct opal_dev *dev,
413 			const struct opal_step *step, size_t stepIndex)
414 {
415 	int error = step->fn(dev, step->data);
416 
417 	if (error) {
418 		pr_debug("Step %zu (%pS) failed with error %d: %s\n",
419 			 stepIndex, step->fn, error,
420 			 opal_error_to_human(error));
421 	}
422 
423 	return error;
424 }
425 
426 static int execute_steps(struct opal_dev *dev,
427 			 const struct opal_step *steps, size_t n_steps)
428 {
429 	size_t state = 0;
430 	int error;
431 
432 	/* first do a discovery0 */
433 	error = opal_discovery0_step(dev);
434 	if (error)
435 		return error;
436 
437 	for (state = 0; state < n_steps; state++) {
438 		error = execute_step(dev, &steps[state], state);
439 		if (error)
440 			goto out_error;
441 	}
442 
443 	return 0;
444 
445 out_error:
446 	/*
447 	 * For each OPAL command the first step in steps starts some sort of
448 	 * session. If an error occurred in the initial discovery0 or if an
449 	 * error occurred in the first step (and thus stopping the loop with
450 	 * state == 0) then there was an error before or during the attempt to
451 	 * start a session. Therefore we shouldn't attempt to terminate a
452 	 * session, as one has not yet been created.
453 	 */
454 	if (state > 0)
455 		end_opal_session_error(dev);
456 
457 	return error;
458 }
459 
460 static int opal_discovery0_end(struct opal_dev *dev)
461 {
462 	bool found_com_id = false, supported = true, single_user = false;
463 	const struct d0_header *hdr = (struct d0_header *)dev->resp;
464 	const u8 *epos = dev->resp, *cpos = dev->resp;
465 	u16 comid = 0;
466 	u32 hlen = be32_to_cpu(hdr->length);
467 
468 	print_buffer(dev->resp, hlen);
469 	dev->flags &= OPAL_FL_SUPPORTED;
470 
471 	if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
472 		pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
473 			 sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
474 		return -EFAULT;
475 	}
476 
477 	epos += hlen; /* end of buffer */
478 	cpos += sizeof(*hdr); /* current position on buffer */
479 
480 	while (cpos < epos && supported) {
481 		const struct d0_features *body =
482 			(const struct d0_features *)cpos;
483 
484 		switch (be16_to_cpu(body->code)) {
485 		case FC_TPER:
486 			supported = check_tper(body->features);
487 			break;
488 		case FC_SINGLEUSER:
489 			single_user = check_sum(body->features);
490 			break;
491 		case FC_GEOMETRY:
492 			check_geometry(dev, body);
493 			break;
494 		case FC_LOCKING:
495 			if (check_lcksuppt(body->features))
496 				dev->flags |= OPAL_FL_LOCKING_SUPPORTED;
497 			if (check_lckenabled(body->features))
498 				dev->flags |= OPAL_FL_LOCKING_ENABLED;
499 			if (check_locked(body->features))
500 				dev->flags |= OPAL_FL_LOCKED;
501 			if (check_mbrenabled(body->features))
502 				dev->flags |= OPAL_FL_MBR_ENABLED;
503 			if (check_mbrdone(body->features))
504 				dev->flags |= OPAL_FL_MBR_DONE;
505 			break;
506 		case FC_ENTERPRISE:
507 		case FC_DATASTORE:
508 			/* some ignored properties */
509 			pr_debug("Found OPAL feature description: %d\n",
510 				 be16_to_cpu(body->code));
511 			break;
512 		case FC_OPALV100:
513 			comid = get_comid_v100(body->features);
514 			found_com_id = true;
515 			break;
516 		case FC_OPALV200:
517 			comid = get_comid_v200(body->features);
518 			found_com_id = true;
519 			break;
520 		case 0xbfff ... 0xffff:
521 			/* vendor specific, just ignore */
522 			break;
523 		default:
524 			pr_debug("OPAL Unknown feature: %d\n",
525 				 be16_to_cpu(body->code));
526 
527 		}
528 		cpos += body->length + 4;
529 	}
530 
531 	if (!supported) {
532 		pr_debug("This device is not Opal enabled. Not Supported!\n");
533 		return -EOPNOTSUPP;
534 	}
535 
536 	if (!single_user)
537 		pr_debug("Device doesn't support single user mode\n");
538 
539 
540 	if (!found_com_id) {
541 		pr_debug("Could not find OPAL comid for device. Returning early\n");
542 		return -EOPNOTSUPP;
543 	}
544 
545 	dev->comid = comid;
546 
547 	return 0;
548 }
549 
550 static int opal_discovery0(struct opal_dev *dev, void *data)
551 {
552 	int ret;
553 
554 	memset(dev->resp, 0, IO_BUFFER_LENGTH);
555 	dev->comid = OPAL_DISCOVERY_COMID;
556 	ret = opal_recv_cmd(dev);
557 	if (ret)
558 		return ret;
559 
560 	return opal_discovery0_end(dev);
561 }
562 
563 static int opal_discovery0_step(struct opal_dev *dev)
564 {
565 	const struct opal_step discovery0_step = {
566 		opal_discovery0,
567 	};
568 
569 	return execute_step(dev, &discovery0_step, 0);
570 }
571 
572 static size_t remaining_size(struct opal_dev *cmd)
573 {
574 	return IO_BUFFER_LENGTH - cmd->pos;
575 }
576 
577 static bool can_add(int *err, struct opal_dev *cmd, size_t len)
578 {
579 	if (*err)
580 		return false;
581 
582 	if (remaining_size(cmd) < len) {
583 		pr_debug("Error adding %zu bytes: end of buffer.\n", len);
584 		*err = -ERANGE;
585 		return false;
586 	}
587 
588 	return true;
589 }
590 
591 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
592 {
593 	if (!can_add(err, cmd, 1))
594 		return;
595 
596 	cmd->cmd[cmd->pos++] = tok;
597 }
598 
599 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
600 				  bool has_sign, int len)
601 {
602 	u8 atom;
603 	int err = 0;
604 
605 	atom = SHORT_ATOM_ID;
606 	atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
607 	atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
608 	atom |= len & SHORT_ATOM_LEN_MASK;
609 
610 	add_token_u8(&err, cmd, atom);
611 }
612 
613 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
614 				   bool has_sign, int len)
615 {
616 	u8 header0;
617 
618 	header0 = MEDIUM_ATOM_ID;
619 	header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
620 	header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
621 	header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
622 
623 	cmd->cmd[cmd->pos++] = header0;
624 	cmd->cmd[cmd->pos++] = len;
625 }
626 
627 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
628 {
629 	size_t len;
630 	int msb;
631 
632 	if (!(number & ~TINY_ATOM_DATA_MASK)) {
633 		add_token_u8(err, cmd, number);
634 		return;
635 	}
636 
637 	msb = fls64(number);
638 	len = DIV_ROUND_UP(msb, 8);
639 
640 	if (!can_add(err, cmd, len + 1)) {
641 		pr_debug("Error adding u64: end of buffer.\n");
642 		return;
643 	}
644 	add_short_atom_header(cmd, false, false, len);
645 	while (len--)
646 		add_token_u8(err, cmd, number >> (len * 8));
647 }
648 
649 static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len)
650 {
651 	size_t header_len = 1;
652 	bool is_short_atom = true;
653 
654 	if (len & ~SHORT_ATOM_LEN_MASK) {
655 		header_len = 2;
656 		is_short_atom = false;
657 	}
658 
659 	if (!can_add(err, cmd, header_len + len)) {
660 		pr_debug("Error adding bytestring: end of buffer.\n");
661 		return NULL;
662 	}
663 
664 	if (is_short_atom)
665 		add_short_atom_header(cmd, true, false, len);
666 	else
667 		add_medium_atom_header(cmd, true, false, len);
668 
669 	return &cmd->cmd[cmd->pos];
670 }
671 
672 static void add_token_bytestring(int *err, struct opal_dev *cmd,
673 				 const u8 *bytestring, size_t len)
674 {
675 	u8 *start;
676 
677 	start = add_bytestring_header(err, cmd, len);
678 	if (!start)
679 		return;
680 	memcpy(start, bytestring, len);
681 	cmd->pos += len;
682 }
683 
684 static int build_locking_range(u8 *buffer, size_t length, u8 lr)
685 {
686 	if (length > OPAL_UID_LENGTH) {
687 		pr_debug("Can't build locking range. Length OOB\n");
688 		return -ERANGE;
689 	}
690 
691 	memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
692 
693 	if (lr == 0)
694 		return 0;
695 
696 	buffer[5] = LOCKING_RANGE_NON_GLOBAL;
697 	buffer[7] = lr;
698 
699 	return 0;
700 }
701 
702 static int build_locking_user(u8 *buffer, size_t length, u8 lr)
703 {
704 	if (length > OPAL_UID_LENGTH) {
705 		pr_debug("Can't build locking range user. Length OOB\n");
706 		return -ERANGE;
707 	}
708 
709 	memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
710 
711 	buffer[7] = lr + 1;
712 
713 	return 0;
714 }
715 
716 static void set_comid(struct opal_dev *cmd, u16 comid)
717 {
718 	struct opal_header *hdr = (struct opal_header *)cmd->cmd;
719 
720 	hdr->cp.extendedComID[0] = comid >> 8;
721 	hdr->cp.extendedComID[1] = comid;
722 	hdr->cp.extendedComID[2] = 0;
723 	hdr->cp.extendedComID[3] = 0;
724 }
725 
726 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
727 {
728 	struct opal_header *hdr;
729 	int err = 0;
730 
731 	/*
732 	 * Close the parameter list opened from cmd_start.
733 	 * The number of bytes added must be equal to
734 	 * CMD_FINALIZE_BYTES_NEEDED.
735 	 */
736 	add_token_u8(&err, cmd, OPAL_ENDLIST);
737 
738 	add_token_u8(&err, cmd, OPAL_ENDOFDATA);
739 	add_token_u8(&err, cmd, OPAL_STARTLIST);
740 	add_token_u8(&err, cmd, 0);
741 	add_token_u8(&err, cmd, 0);
742 	add_token_u8(&err, cmd, 0);
743 	add_token_u8(&err, cmd, OPAL_ENDLIST);
744 
745 	if (err) {
746 		pr_debug("Error finalizing command.\n");
747 		return -EFAULT;
748 	}
749 
750 	hdr = (struct opal_header *) cmd->cmd;
751 
752 	hdr->pkt.tsn = cpu_to_be32(tsn);
753 	hdr->pkt.hsn = cpu_to_be32(hsn);
754 
755 	hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
756 	while (cmd->pos % 4) {
757 		if (cmd->pos >= IO_BUFFER_LENGTH) {
758 			pr_debug("Error: Buffer overrun\n");
759 			return -ERANGE;
760 		}
761 		cmd->cmd[cmd->pos++] = 0;
762 	}
763 	hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
764 				      sizeof(hdr->pkt));
765 	hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
766 
767 	return 0;
768 }
769 
770 static const struct opal_resp_tok *response_get_token(
771 				const struct parsed_resp *resp,
772 				int n)
773 {
774 	const struct opal_resp_tok *tok;
775 
776 	if (!resp) {
777 		pr_debug("Response is NULL\n");
778 		return ERR_PTR(-EINVAL);
779 	}
780 
781 	if (n >= resp->num) {
782 		pr_debug("Token number doesn't exist: %d, resp: %d\n",
783 			 n, resp->num);
784 		return ERR_PTR(-EINVAL);
785 	}
786 
787 	tok = &resp->toks[n];
788 	if (tok->len == 0) {
789 		pr_debug("Token length must be non-zero\n");
790 		return ERR_PTR(-EINVAL);
791 	}
792 
793 	return tok;
794 }
795 
796 static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
797 				   const u8 *pos)
798 {
799 	tok->pos = pos;
800 	tok->len = 1;
801 	tok->width = OPAL_WIDTH_TINY;
802 
803 	if (pos[0] & TINY_ATOM_SIGNED) {
804 		tok->type = OPAL_DTA_TOKENID_SINT;
805 	} else {
806 		tok->type = OPAL_DTA_TOKENID_UINT;
807 		tok->stored.u = pos[0] & 0x3f;
808 	}
809 
810 	return tok->len;
811 }
812 
813 static ssize_t response_parse_short(struct opal_resp_tok *tok,
814 				    const u8 *pos)
815 {
816 	tok->pos = pos;
817 	tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
818 	tok->width = OPAL_WIDTH_SHORT;
819 
820 	if (pos[0] & SHORT_ATOM_BYTESTRING) {
821 		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
822 	} else if (pos[0] & SHORT_ATOM_SIGNED) {
823 		tok->type = OPAL_DTA_TOKENID_SINT;
824 	} else {
825 		u64 u_integer = 0;
826 		ssize_t i, b = 0;
827 
828 		tok->type = OPAL_DTA_TOKENID_UINT;
829 		if (tok->len > 9) {
830 			pr_debug("uint64 with more than 8 bytes\n");
831 			return -EINVAL;
832 		}
833 		for (i = tok->len - 1; i > 0; i--) {
834 			u_integer |= ((u64)pos[i] << (8 * b));
835 			b++;
836 		}
837 		tok->stored.u = u_integer;
838 	}
839 
840 	return tok->len;
841 }
842 
843 static ssize_t response_parse_medium(struct opal_resp_tok *tok,
844 				     const u8 *pos)
845 {
846 	tok->pos = pos;
847 	tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
848 	tok->width = OPAL_WIDTH_MEDIUM;
849 
850 	if (pos[0] & MEDIUM_ATOM_BYTESTRING)
851 		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
852 	else if (pos[0] & MEDIUM_ATOM_SIGNED)
853 		tok->type = OPAL_DTA_TOKENID_SINT;
854 	else
855 		tok->type = OPAL_DTA_TOKENID_UINT;
856 
857 	return tok->len;
858 }
859 
860 static ssize_t response_parse_long(struct opal_resp_tok *tok,
861 				   const u8 *pos)
862 {
863 	tok->pos = pos;
864 	tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
865 	tok->width = OPAL_WIDTH_LONG;
866 
867 	if (pos[0] & LONG_ATOM_BYTESTRING)
868 		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
869 	else if (pos[0] & LONG_ATOM_SIGNED)
870 		tok->type = OPAL_DTA_TOKENID_SINT;
871 	else
872 		tok->type = OPAL_DTA_TOKENID_UINT;
873 
874 	return tok->len;
875 }
876 
877 static ssize_t response_parse_token(struct opal_resp_tok *tok,
878 				    const u8 *pos)
879 {
880 	tok->pos = pos;
881 	tok->len = 1;
882 	tok->type = OPAL_DTA_TOKENID_TOKEN;
883 	tok->width = OPAL_WIDTH_TOKEN;
884 
885 	return tok->len;
886 }
887 
888 static int response_parse(const u8 *buf, size_t length,
889 			  struct parsed_resp *resp)
890 {
891 	const struct opal_header *hdr;
892 	struct opal_resp_tok *iter;
893 	int num_entries = 0;
894 	int total;
895 	ssize_t token_length;
896 	const u8 *pos;
897 	u32 clen, plen, slen;
898 
899 	if (!buf)
900 		return -EFAULT;
901 
902 	if (!resp)
903 		return -EFAULT;
904 
905 	hdr = (struct opal_header *)buf;
906 	pos = buf;
907 	pos += sizeof(*hdr);
908 
909 	clen = be32_to_cpu(hdr->cp.length);
910 	plen = be32_to_cpu(hdr->pkt.length);
911 	slen = be32_to_cpu(hdr->subpkt.length);
912 	pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
913 		 clen, plen, slen);
914 
915 	if (clen == 0 || plen == 0 || slen == 0 ||
916 	    slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
917 		pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
918 			 clen, plen, slen);
919 		print_buffer(pos, sizeof(*hdr));
920 		return -EINVAL;
921 	}
922 
923 	if (pos > buf + length)
924 		return -EFAULT;
925 
926 	iter = resp->toks;
927 	total = slen;
928 	print_buffer(pos, total);
929 	while (total > 0) {
930 		if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
931 			token_length = response_parse_tiny(iter, pos);
932 		else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
933 			token_length = response_parse_short(iter, pos);
934 		else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
935 			token_length = response_parse_medium(iter, pos);
936 		else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
937 			token_length = response_parse_long(iter, pos);
938 		else /* TOKEN */
939 			token_length = response_parse_token(iter, pos);
940 
941 		if (token_length < 0)
942 			return token_length;
943 
944 		pos += token_length;
945 		total -= token_length;
946 		iter++;
947 		num_entries++;
948 	}
949 
950 	resp->num = num_entries;
951 
952 	return 0;
953 }
954 
955 static size_t response_get_string(const struct parsed_resp *resp, int n,
956 				  const char **store)
957 {
958 	u8 skip;
959 	const struct opal_resp_tok *tok;
960 
961 	*store = NULL;
962 	tok = response_get_token(resp, n);
963 	if (IS_ERR(tok))
964 		return 0;
965 
966 	if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) {
967 		pr_debug("Token is not a byte string!\n");
968 		return 0;
969 	}
970 
971 	switch (tok->width) {
972 	case OPAL_WIDTH_TINY:
973 	case OPAL_WIDTH_SHORT:
974 		skip = 1;
975 		break;
976 	case OPAL_WIDTH_MEDIUM:
977 		skip = 2;
978 		break;
979 	case OPAL_WIDTH_LONG:
980 		skip = 4;
981 		break;
982 	default:
983 		pr_debug("Token has invalid width!\n");
984 		return 0;
985 	}
986 
987 	*store = tok->pos + skip;
988 
989 	return tok->len - skip;
990 }
991 
992 static u64 response_get_u64(const struct parsed_resp *resp, int n)
993 {
994 	const struct opal_resp_tok *tok;
995 
996 	tok = response_get_token(resp, n);
997 	if (IS_ERR(tok))
998 		return 0;
999 
1000 	if (tok->type != OPAL_DTA_TOKENID_UINT) {
1001 		pr_debug("Token is not unsigned int: %d\n", tok->type);
1002 		return 0;
1003 	}
1004 
1005 	if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) {
1006 		pr_debug("Atom is not short or tiny: %d\n", tok->width);
1007 		return 0;
1008 	}
1009 
1010 	return tok->stored.u;
1011 }
1012 
1013 static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
1014 {
1015 	if (IS_ERR(token) ||
1016 	    token->type != OPAL_DTA_TOKENID_TOKEN ||
1017 	    token->pos[0] != match)
1018 		return false;
1019 	return true;
1020 }
1021 
1022 static u8 response_status(const struct parsed_resp *resp)
1023 {
1024 	const struct opal_resp_tok *tok;
1025 
1026 	tok = response_get_token(resp, 0);
1027 	if (response_token_matches(tok, OPAL_ENDOFSESSION))
1028 		return 0;
1029 
1030 	if (resp->num < 5)
1031 		return DTAERROR_NO_METHOD_STATUS;
1032 
1033 	tok = response_get_token(resp, resp->num - 5);
1034 	if (!response_token_matches(tok, OPAL_STARTLIST))
1035 		return DTAERROR_NO_METHOD_STATUS;
1036 
1037 	tok = response_get_token(resp, resp->num - 1);
1038 	if (!response_token_matches(tok, OPAL_ENDLIST))
1039 		return DTAERROR_NO_METHOD_STATUS;
1040 
1041 	return response_get_u64(resp, resp->num - 4);
1042 }
1043 
1044 /* Parses and checks for errors */
1045 static int parse_and_check_status(struct opal_dev *dev)
1046 {
1047 	int error;
1048 
1049 	print_buffer(dev->cmd, dev->pos);
1050 
1051 	error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
1052 	if (error) {
1053 		pr_debug("Couldn't parse response.\n");
1054 		return error;
1055 	}
1056 
1057 	return response_status(&dev->parsed);
1058 }
1059 
1060 static void clear_opal_cmd(struct opal_dev *dev)
1061 {
1062 	dev->pos = sizeof(struct opal_header);
1063 	memset(dev->cmd, 0, IO_BUFFER_LENGTH);
1064 }
1065 
1066 static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method)
1067 {
1068 	int err = 0;
1069 
1070 	clear_opal_cmd(dev);
1071 	set_comid(dev, dev->comid);
1072 
1073 	add_token_u8(&err, dev, OPAL_CALL);
1074 	add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1075 	add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH);
1076 
1077 	/*
1078 	 * Every method call is followed by its parameters enclosed within
1079 	 * OPAL_STARTLIST and OPAL_ENDLIST tokens. We automatically open the
1080 	 * parameter list here and close it later in cmd_finalize.
1081 	 */
1082 	add_token_u8(&err, dev, OPAL_STARTLIST);
1083 
1084 	return err;
1085 }
1086 
1087 static int start_opal_session_cont(struct opal_dev *dev)
1088 {
1089 	u32 hsn, tsn;
1090 	int error = 0;
1091 
1092 	error = parse_and_check_status(dev);
1093 	if (error)
1094 		return error;
1095 
1096 	hsn = response_get_u64(&dev->parsed, 4);
1097 	tsn = response_get_u64(&dev->parsed, 5);
1098 
1099 	if (hsn != GENERIC_HOST_SESSION_NUM || tsn < FIRST_TPER_SESSION_NUM) {
1100 		pr_debug("Couldn't authenticate session\n");
1101 		return -EPERM;
1102 	}
1103 
1104 	dev->hsn = hsn;
1105 	dev->tsn = tsn;
1106 
1107 	return 0;
1108 }
1109 
1110 static void add_suspend_info(struct opal_dev *dev,
1111 			     struct opal_suspend_data *sus)
1112 {
1113 	struct opal_suspend_data *iter;
1114 
1115 	list_for_each_entry(iter, &dev->unlk_lst, node) {
1116 		if (iter->lr == sus->lr) {
1117 			list_del(&iter->node);
1118 			kfree(iter);
1119 			break;
1120 		}
1121 	}
1122 	list_add_tail(&sus->node, &dev->unlk_lst);
1123 }
1124 
1125 static int end_session_cont(struct opal_dev *dev)
1126 {
1127 	dev->hsn = 0;
1128 	dev->tsn = 0;
1129 
1130 	return parse_and_check_status(dev);
1131 }
1132 
1133 static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1134 {
1135 	int ret;
1136 
1137 	ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1138 	if (ret) {
1139 		pr_debug("Error finalizing command buffer: %d\n", ret);
1140 		return ret;
1141 	}
1142 
1143 	print_buffer(dev->cmd, dev->pos);
1144 
1145 	return opal_send_recv(dev, cont);
1146 }
1147 
1148 /*
1149  * request @column from table @table on device @dev. On success, the column
1150  * data will be available in dev->resp->tok[4]
1151  */
1152 static int generic_get_column(struct opal_dev *dev, const u8 *table,
1153 			      u64 column)
1154 {
1155 	int err;
1156 
1157 	err = cmd_start(dev, table, opalmethod[OPAL_GET]);
1158 
1159 	add_token_u8(&err, dev, OPAL_STARTLIST);
1160 
1161 	add_token_u8(&err, dev, OPAL_STARTNAME);
1162 	add_token_u8(&err, dev, OPAL_STARTCOLUMN);
1163 	add_token_u64(&err, dev, column);
1164 	add_token_u8(&err, dev, OPAL_ENDNAME);
1165 
1166 	add_token_u8(&err, dev, OPAL_STARTNAME);
1167 	add_token_u8(&err, dev, OPAL_ENDCOLUMN);
1168 	add_token_u64(&err, dev, column);
1169 	add_token_u8(&err, dev, OPAL_ENDNAME);
1170 
1171 	add_token_u8(&err, dev, OPAL_ENDLIST);
1172 
1173 	if (err)
1174 		return err;
1175 
1176 	return finalize_and_send(dev, parse_and_check_status);
1177 }
1178 
1179 /*
1180  * see TCG SAS 5.3.2.3 for a description of the available columns
1181  *
1182  * the result is provided in dev->resp->tok[4]
1183  */
1184 static int generic_get_table_info(struct opal_dev *dev, const u8 *table_uid,
1185 				  u64 column)
1186 {
1187 	u8 uid[OPAL_UID_LENGTH];
1188 	const unsigned int half = OPAL_UID_LENGTH_HALF;
1189 
1190 	/* sed-opal UIDs can be split in two halves:
1191 	 *  first:  actual table index
1192 	 *  second: relative index in the table
1193 	 * so we have to get the first half of the OPAL_TABLE_TABLE and use the
1194 	 * first part of the target table as relative index into that table
1195 	 */
1196 	memcpy(uid, opaluid[OPAL_TABLE_TABLE], half);
1197 	memcpy(uid + half, table_uid, half);
1198 
1199 	return generic_get_column(dev, uid, column);
1200 }
1201 
1202 static int gen_key(struct opal_dev *dev, void *data)
1203 {
1204 	u8 uid[OPAL_UID_LENGTH];
1205 	int err;
1206 
1207 	memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1208 	kfree(dev->prev_data);
1209 	dev->prev_data = NULL;
1210 
1211 	err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]);
1212 
1213 	if (err) {
1214 		pr_debug("Error building gen key command\n");
1215 		return err;
1216 
1217 	}
1218 
1219 	return finalize_and_send(dev, parse_and_check_status);
1220 }
1221 
1222 static int get_active_key_cont(struct opal_dev *dev)
1223 {
1224 	const char *activekey;
1225 	size_t keylen;
1226 	int error = 0;
1227 
1228 	error = parse_and_check_status(dev);
1229 	if (error)
1230 		return error;
1231 
1232 	keylen = response_get_string(&dev->parsed, 4, &activekey);
1233 	if (!activekey) {
1234 		pr_debug("%s: Couldn't extract the Activekey from the response\n",
1235 			 __func__);
1236 		return OPAL_INVAL_PARAM;
1237 	}
1238 
1239 	dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1240 
1241 	if (!dev->prev_data)
1242 		return -ENOMEM;
1243 
1244 	dev->prev_d_len = keylen;
1245 
1246 	return 0;
1247 }
1248 
1249 static int get_active_key(struct opal_dev *dev, void *data)
1250 {
1251 	u8 uid[OPAL_UID_LENGTH];
1252 	int err;
1253 	u8 *lr = data;
1254 
1255 	err = build_locking_range(uid, sizeof(uid), *lr);
1256 	if (err)
1257 		return err;
1258 
1259 	err = generic_get_column(dev, uid, OPAL_ACTIVEKEY);
1260 	if (err)
1261 		return err;
1262 
1263 	return get_active_key_cont(dev);
1264 }
1265 
1266 static int generic_table_write_data(struct opal_dev *dev, const u64 data,
1267 				    u64 offset, u64 size, const u8 *uid)
1268 {
1269 	const u8 __user *src = (u8 __user *)(uintptr_t)data;
1270 	u8 *dst;
1271 	u64 len;
1272 	size_t off = 0;
1273 	int err;
1274 
1275 	/* do we fit in the available space? */
1276 	err = generic_get_table_info(dev, uid, OPAL_TABLE_ROWS);
1277 	if (err) {
1278 		pr_debug("Couldn't get the table size\n");
1279 		return err;
1280 	}
1281 
1282 	len = response_get_u64(&dev->parsed, 4);
1283 	if (size > len || offset > len - size) {
1284 		pr_debug("Does not fit in the table (%llu vs. %llu)\n",
1285 			  offset + size, len);
1286 		return -ENOSPC;
1287 	}
1288 
1289 	/* do the actual transmission(s) */
1290 	while (off < size) {
1291 		err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1292 		add_token_u8(&err, dev, OPAL_STARTNAME);
1293 		add_token_u8(&err, dev, OPAL_WHERE);
1294 		add_token_u64(&err, dev, offset + off);
1295 		add_token_u8(&err, dev, OPAL_ENDNAME);
1296 
1297 		add_token_u8(&err, dev, OPAL_STARTNAME);
1298 		add_token_u8(&err, dev, OPAL_VALUES);
1299 
1300 		/*
1301 		 * The bytestring header is either 1 or 2 bytes, so assume 2.
1302 		 * There also needs to be enough space to accommodate the
1303 		 * trailing OPAL_ENDNAME (1 byte) and tokens added by
1304 		 * cmd_finalize.
1305 		 */
1306 		len = min(remaining_size(dev) - (2+1+CMD_FINALIZE_BYTES_NEEDED),
1307 			  (size_t)(size - off));
1308 		pr_debug("Write bytes %zu+%llu/%llu\n", off, len, size);
1309 
1310 		dst = add_bytestring_header(&err, dev, len);
1311 		if (!dst)
1312 			break;
1313 
1314 		if (copy_from_user(dst, src + off, len)) {
1315 			err = -EFAULT;
1316 			break;
1317 		}
1318 
1319 		dev->pos += len;
1320 
1321 		add_token_u8(&err, dev, OPAL_ENDNAME);
1322 		if (err)
1323 			break;
1324 
1325 		err = finalize_and_send(dev, parse_and_check_status);
1326 		if (err)
1327 			break;
1328 
1329 		off += len;
1330 	}
1331 
1332 	return err;
1333 }
1334 
1335 static int generic_lr_enable_disable(struct opal_dev *dev,
1336 				     u8 *uid, bool rle, bool wle,
1337 				     bool rl, bool wl)
1338 {
1339 	int err;
1340 
1341 	err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1342 
1343 	add_token_u8(&err, dev, OPAL_STARTNAME);
1344 	add_token_u8(&err, dev, OPAL_VALUES);
1345 	add_token_u8(&err, dev, OPAL_STARTLIST);
1346 
1347 	add_token_u8(&err, dev, OPAL_STARTNAME);
1348 	add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1349 	add_token_u8(&err, dev, rle);
1350 	add_token_u8(&err, dev, OPAL_ENDNAME);
1351 
1352 	add_token_u8(&err, dev, OPAL_STARTNAME);
1353 	add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1354 	add_token_u8(&err, dev, wle);
1355 	add_token_u8(&err, dev, OPAL_ENDNAME);
1356 
1357 	add_token_u8(&err, dev, OPAL_STARTNAME);
1358 	add_token_u8(&err, dev, OPAL_READLOCKED);
1359 	add_token_u8(&err, dev, rl);
1360 	add_token_u8(&err, dev, OPAL_ENDNAME);
1361 
1362 	add_token_u8(&err, dev, OPAL_STARTNAME);
1363 	add_token_u8(&err, dev, OPAL_WRITELOCKED);
1364 	add_token_u8(&err, dev, wl);
1365 	add_token_u8(&err, dev, OPAL_ENDNAME);
1366 
1367 	add_token_u8(&err, dev, OPAL_ENDLIST);
1368 	add_token_u8(&err, dev, OPAL_ENDNAME);
1369 
1370 	return err;
1371 }
1372 
1373 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1374 				   struct opal_user_lr_setup *setup)
1375 {
1376 	int err;
1377 
1378 	err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1379 					0, 0);
1380 	if (err)
1381 		pr_debug("Failed to create enable global lr command\n");
1382 
1383 	return err;
1384 }
1385 
1386 static int setup_locking_range(struct opal_dev *dev, void *data)
1387 {
1388 	u8 uid[OPAL_UID_LENGTH];
1389 	struct opal_user_lr_setup *setup = data;
1390 	u8 lr;
1391 	int err;
1392 
1393 	lr = setup->session.opal_key.lr;
1394 	err = build_locking_range(uid, sizeof(uid), lr);
1395 	if (err)
1396 		return err;
1397 
1398 	if (lr == 0)
1399 		err = enable_global_lr(dev, uid, setup);
1400 	else {
1401 		err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1402 
1403 		add_token_u8(&err, dev, OPAL_STARTNAME);
1404 		add_token_u8(&err, dev, OPAL_VALUES);
1405 		add_token_u8(&err, dev, OPAL_STARTLIST);
1406 
1407 		add_token_u8(&err, dev, OPAL_STARTNAME);
1408 		add_token_u8(&err, dev, OPAL_RANGESTART);
1409 		add_token_u64(&err, dev, setup->range_start);
1410 		add_token_u8(&err, dev, OPAL_ENDNAME);
1411 
1412 		add_token_u8(&err, dev, OPAL_STARTNAME);
1413 		add_token_u8(&err, dev, OPAL_RANGELENGTH);
1414 		add_token_u64(&err, dev, setup->range_length);
1415 		add_token_u8(&err, dev, OPAL_ENDNAME);
1416 
1417 		add_token_u8(&err, dev, OPAL_STARTNAME);
1418 		add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1419 		add_token_u64(&err, dev, !!setup->RLE);
1420 		add_token_u8(&err, dev, OPAL_ENDNAME);
1421 
1422 		add_token_u8(&err, dev, OPAL_STARTNAME);
1423 		add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1424 		add_token_u64(&err, dev, !!setup->WLE);
1425 		add_token_u8(&err, dev, OPAL_ENDNAME);
1426 
1427 		add_token_u8(&err, dev, OPAL_ENDLIST);
1428 		add_token_u8(&err, dev, OPAL_ENDNAME);
1429 	}
1430 	if (err) {
1431 		pr_debug("Error building Setup Locking range command.\n");
1432 		return err;
1433 	}
1434 
1435 	return finalize_and_send(dev, parse_and_check_status);
1436 }
1437 
1438 static int start_generic_opal_session(struct opal_dev *dev,
1439 				      enum opal_uid auth,
1440 				      enum opal_uid sp_type,
1441 				      const char *key,
1442 				      u8 key_len)
1443 {
1444 	u32 hsn;
1445 	int err;
1446 
1447 	if (key == NULL && auth != OPAL_ANYBODY_UID)
1448 		return OPAL_INVAL_PARAM;
1449 
1450 	hsn = GENERIC_HOST_SESSION_NUM;
1451 	err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1452 			opalmethod[OPAL_STARTSESSION]);
1453 
1454 	add_token_u64(&err, dev, hsn);
1455 	add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1456 	add_token_u8(&err, dev, 1);
1457 
1458 	switch (auth) {
1459 	case OPAL_ANYBODY_UID:
1460 		break;
1461 	case OPAL_ADMIN1_UID:
1462 	case OPAL_SID_UID:
1463 	case OPAL_PSID_UID:
1464 		add_token_u8(&err, dev, OPAL_STARTNAME);
1465 		add_token_u8(&err, dev, 0); /* HostChallenge */
1466 		add_token_bytestring(&err, dev, key, key_len);
1467 		add_token_u8(&err, dev, OPAL_ENDNAME);
1468 		add_token_u8(&err, dev, OPAL_STARTNAME);
1469 		add_token_u8(&err, dev, 3); /* HostSignAuth */
1470 		add_token_bytestring(&err, dev, opaluid[auth],
1471 				     OPAL_UID_LENGTH);
1472 		add_token_u8(&err, dev, OPAL_ENDNAME);
1473 		break;
1474 	default:
1475 		pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1476 		return OPAL_INVAL_PARAM;
1477 	}
1478 
1479 	if (err) {
1480 		pr_debug("Error building start adminsp session command.\n");
1481 		return err;
1482 	}
1483 
1484 	return finalize_and_send(dev, start_opal_session_cont);
1485 }
1486 
1487 static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1488 {
1489 	return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1490 					  OPAL_ADMINSP_UID, NULL, 0);
1491 }
1492 
1493 static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1494 {
1495 	int ret;
1496 	const u8 *key = dev->prev_data;
1497 
1498 	if (!key) {
1499 		const struct opal_key *okey = data;
1500 
1501 		ret = start_generic_opal_session(dev, OPAL_SID_UID,
1502 						 OPAL_ADMINSP_UID,
1503 						 okey->key,
1504 						 okey->key_len);
1505 	} else {
1506 		ret = start_generic_opal_session(dev, OPAL_SID_UID,
1507 						 OPAL_ADMINSP_UID,
1508 						 key, dev->prev_d_len);
1509 		kfree(key);
1510 		dev->prev_data = NULL;
1511 	}
1512 
1513 	return ret;
1514 }
1515 
1516 static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1517 {
1518 	struct opal_key *key = data;
1519 
1520 	return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1521 					  OPAL_LOCKINGSP_UID,
1522 					  key->key, key->key_len);
1523 }
1524 
1525 static int start_PSID_opal_session(struct opal_dev *dev, void *data)
1526 {
1527 	const struct opal_key *okey = data;
1528 
1529 	return start_generic_opal_session(dev, OPAL_PSID_UID,
1530 					  OPAL_ADMINSP_UID,
1531 					  okey->key,
1532 					  okey->key_len);
1533 }
1534 
1535 static int start_auth_opal_session(struct opal_dev *dev, void *data)
1536 {
1537 	struct opal_session_info *session = data;
1538 	u8 lk_ul_user[OPAL_UID_LENGTH];
1539 	size_t keylen = session->opal_key.key_len;
1540 	int err = 0;
1541 
1542 	u8 *key = session->opal_key.key;
1543 	u32 hsn = GENERIC_HOST_SESSION_NUM;
1544 
1545 	if (session->sum)
1546 		err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1547 					 session->opal_key.lr);
1548 	else if (session->who != OPAL_ADMIN1 && !session->sum)
1549 		err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1550 					 session->who - 1);
1551 	else
1552 		memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1553 
1554 	if (err)
1555 		return err;
1556 
1557 	err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1558 			opalmethod[OPAL_STARTSESSION]);
1559 
1560 	add_token_u64(&err, dev, hsn);
1561 	add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1562 			     OPAL_UID_LENGTH);
1563 	add_token_u8(&err, dev, 1);
1564 	add_token_u8(&err, dev, OPAL_STARTNAME);
1565 	add_token_u8(&err, dev, 0);
1566 	add_token_bytestring(&err, dev, key, keylen);
1567 	add_token_u8(&err, dev, OPAL_ENDNAME);
1568 	add_token_u8(&err, dev, OPAL_STARTNAME);
1569 	add_token_u8(&err, dev, 3);
1570 	add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1571 	add_token_u8(&err, dev, OPAL_ENDNAME);
1572 
1573 	if (err) {
1574 		pr_debug("Error building STARTSESSION command.\n");
1575 		return err;
1576 	}
1577 
1578 	return finalize_and_send(dev, start_opal_session_cont);
1579 }
1580 
1581 static int revert_tper(struct opal_dev *dev, void *data)
1582 {
1583 	int err;
1584 
1585 	err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID],
1586 			opalmethod[OPAL_REVERT]);
1587 	if (err) {
1588 		pr_debug("Error building REVERT TPER command.\n");
1589 		return err;
1590 	}
1591 
1592 	return finalize_and_send(dev, parse_and_check_status);
1593 }
1594 
1595 static int internal_activate_user(struct opal_dev *dev, void *data)
1596 {
1597 	struct opal_session_info *session = data;
1598 	u8 uid[OPAL_UID_LENGTH];
1599 	int err;
1600 
1601 	memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1602 	uid[7] = session->who;
1603 
1604 	err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1605 	add_token_u8(&err, dev, OPAL_STARTNAME);
1606 	add_token_u8(&err, dev, OPAL_VALUES);
1607 	add_token_u8(&err, dev, OPAL_STARTLIST);
1608 	add_token_u8(&err, dev, OPAL_STARTNAME);
1609 	add_token_u8(&err, dev, 5); /* Enabled */
1610 	add_token_u8(&err, dev, OPAL_TRUE);
1611 	add_token_u8(&err, dev, OPAL_ENDNAME);
1612 	add_token_u8(&err, dev, OPAL_ENDLIST);
1613 	add_token_u8(&err, dev, OPAL_ENDNAME);
1614 
1615 	if (err) {
1616 		pr_debug("Error building Activate UserN command.\n");
1617 		return err;
1618 	}
1619 
1620 	return finalize_and_send(dev, parse_and_check_status);
1621 }
1622 
1623 static int erase_locking_range(struct opal_dev *dev, void *data)
1624 {
1625 	struct opal_session_info *session = data;
1626 	u8 uid[OPAL_UID_LENGTH];
1627 	int err;
1628 
1629 	if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1630 		return -ERANGE;
1631 
1632 	err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]);
1633 
1634 	if (err) {
1635 		pr_debug("Error building Erase Locking Range Command.\n");
1636 		return err;
1637 	}
1638 
1639 	return finalize_and_send(dev, parse_and_check_status);
1640 }
1641 
1642 static int set_mbr_done(struct opal_dev *dev, void *data)
1643 {
1644 	u8 *mbr_done_tf = data;
1645 	int err;
1646 
1647 	err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1648 			opalmethod[OPAL_SET]);
1649 
1650 	add_token_u8(&err, dev, OPAL_STARTNAME);
1651 	add_token_u8(&err, dev, OPAL_VALUES);
1652 	add_token_u8(&err, dev, OPAL_STARTLIST);
1653 	add_token_u8(&err, dev, OPAL_STARTNAME);
1654 	add_token_u8(&err, dev, OPAL_MBRDONE);
1655 	add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */
1656 	add_token_u8(&err, dev, OPAL_ENDNAME);
1657 	add_token_u8(&err, dev, OPAL_ENDLIST);
1658 	add_token_u8(&err, dev, OPAL_ENDNAME);
1659 
1660 	if (err) {
1661 		pr_debug("Error Building set MBR Done command\n");
1662 		return err;
1663 	}
1664 
1665 	return finalize_and_send(dev, parse_and_check_status);
1666 }
1667 
1668 static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1669 {
1670 	u8 *mbr_en_dis = data;
1671 	int err;
1672 
1673 	err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1674 			opalmethod[OPAL_SET]);
1675 
1676 	add_token_u8(&err, dev, OPAL_STARTNAME);
1677 	add_token_u8(&err, dev, OPAL_VALUES);
1678 	add_token_u8(&err, dev, OPAL_STARTLIST);
1679 	add_token_u8(&err, dev, OPAL_STARTNAME);
1680 	add_token_u8(&err, dev, OPAL_MBRENABLE);
1681 	add_token_u8(&err, dev, *mbr_en_dis);
1682 	add_token_u8(&err, dev, OPAL_ENDNAME);
1683 	add_token_u8(&err, dev, OPAL_ENDLIST);
1684 	add_token_u8(&err, dev, OPAL_ENDNAME);
1685 
1686 	if (err) {
1687 		pr_debug("Error Building set MBR done command\n");
1688 		return err;
1689 	}
1690 
1691 	return finalize_and_send(dev, parse_and_check_status);
1692 }
1693 
1694 static int write_shadow_mbr(struct opal_dev *dev, void *data)
1695 {
1696 	struct opal_shadow_mbr *shadow = data;
1697 
1698 	return generic_table_write_data(dev, shadow->data, shadow->offset,
1699 					shadow->size, opaluid[OPAL_MBR]);
1700 }
1701 
1702 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1703 			  struct opal_dev *dev)
1704 {
1705 	int err;
1706 
1707 	err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]);
1708 
1709 	add_token_u8(&err, dev, OPAL_STARTNAME);
1710 	add_token_u8(&err, dev, OPAL_VALUES);
1711 	add_token_u8(&err, dev, OPAL_STARTLIST);
1712 	add_token_u8(&err, dev, OPAL_STARTNAME);
1713 	add_token_u8(&err, dev, OPAL_PIN);
1714 	add_token_bytestring(&err, dev, key, key_len);
1715 	add_token_u8(&err, dev, OPAL_ENDNAME);
1716 	add_token_u8(&err, dev, OPAL_ENDLIST);
1717 	add_token_u8(&err, dev, OPAL_ENDNAME);
1718 
1719 	return err;
1720 }
1721 
1722 static int set_new_pw(struct opal_dev *dev, void *data)
1723 {
1724 	u8 cpin_uid[OPAL_UID_LENGTH];
1725 	struct opal_session_info *usr = data;
1726 
1727 	memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1728 
1729 	if (usr->who != OPAL_ADMIN1) {
1730 		cpin_uid[5] = 0x03;
1731 		if (usr->sum)
1732 			cpin_uid[7] = usr->opal_key.lr + 1;
1733 		else
1734 			cpin_uid[7] = usr->who;
1735 	}
1736 
1737 	if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
1738 			   cpin_uid, dev)) {
1739 		pr_debug("Error building set password command.\n");
1740 		return -ERANGE;
1741 	}
1742 
1743 	return finalize_and_send(dev, parse_and_check_status);
1744 }
1745 
1746 static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
1747 {
1748 	u8 cpin_uid[OPAL_UID_LENGTH];
1749 	struct opal_key *key = data;
1750 
1751 	memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
1752 
1753 	if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
1754 		pr_debug("Error building Set SID cpin\n");
1755 		return -ERANGE;
1756 	}
1757 	return finalize_and_send(dev, parse_and_check_status);
1758 }
1759 
1760 static int add_user_to_lr(struct opal_dev *dev, void *data)
1761 {
1762 	u8 lr_buffer[OPAL_UID_LENGTH];
1763 	u8 user_uid[OPAL_UID_LENGTH];
1764 	struct opal_lock_unlock *lkul = data;
1765 	int err;
1766 
1767 	memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_RDLOCKED],
1768 	       OPAL_UID_LENGTH);
1769 
1770 	if (lkul->l_state == OPAL_RW)
1771 		memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_WRLOCKED],
1772 		       OPAL_UID_LENGTH);
1773 
1774 	lr_buffer[7] = lkul->session.opal_key.lr;
1775 
1776 	memcpy(user_uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1777 
1778 	user_uid[7] = lkul->session.who;
1779 
1780 	err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1781 
1782 	add_token_u8(&err, dev, OPAL_STARTNAME);
1783 	add_token_u8(&err, dev, OPAL_VALUES);
1784 
1785 	add_token_u8(&err, dev, OPAL_STARTLIST);
1786 	add_token_u8(&err, dev, OPAL_STARTNAME);
1787 	add_token_u8(&err, dev, 3);
1788 
1789 	add_token_u8(&err, dev, OPAL_STARTLIST);
1790 
1791 
1792 	add_token_u8(&err, dev, OPAL_STARTNAME);
1793 	add_token_bytestring(&err, dev,
1794 			     opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1795 			     OPAL_UID_LENGTH/2);
1796 	add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1797 	add_token_u8(&err, dev, OPAL_ENDNAME);
1798 
1799 
1800 	add_token_u8(&err, dev, OPAL_STARTNAME);
1801 	add_token_bytestring(&err, dev,
1802 			     opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1803 			     OPAL_UID_LENGTH/2);
1804 	add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1805 	add_token_u8(&err, dev, OPAL_ENDNAME);
1806 
1807 
1808 	add_token_u8(&err, dev, OPAL_STARTNAME);
1809 	add_token_bytestring(&err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
1810 			     OPAL_UID_LENGTH/2);
1811 	add_token_u8(&err, dev, 1);
1812 	add_token_u8(&err, dev, OPAL_ENDNAME);
1813 
1814 
1815 	add_token_u8(&err, dev, OPAL_ENDLIST);
1816 	add_token_u8(&err, dev, OPAL_ENDNAME);
1817 	add_token_u8(&err, dev, OPAL_ENDLIST);
1818 	add_token_u8(&err, dev, OPAL_ENDNAME);
1819 
1820 	if (err) {
1821 		pr_debug("Error building add user to locking range command.\n");
1822 		return err;
1823 	}
1824 
1825 	return finalize_and_send(dev, parse_and_check_status);
1826 }
1827 
1828 static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
1829 {
1830 	u8 lr_buffer[OPAL_UID_LENGTH];
1831 	struct opal_lock_unlock *lkul = data;
1832 	u8 read_locked = 1, write_locked = 1;
1833 	int err = 0;
1834 
1835 	if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1836 				lkul->session.opal_key.lr) < 0)
1837 		return -ERANGE;
1838 
1839 	switch (lkul->l_state) {
1840 	case OPAL_RO:
1841 		read_locked = 0;
1842 		write_locked = 1;
1843 		break;
1844 	case OPAL_RW:
1845 		read_locked = 0;
1846 		write_locked = 0;
1847 		break;
1848 	case OPAL_LK:
1849 		/* vars are initialized to locked */
1850 		break;
1851 	default:
1852 		pr_debug("Tried to set an invalid locking state... returning to uland\n");
1853 		return OPAL_INVAL_PARAM;
1854 	}
1855 
1856 	err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1857 
1858 	add_token_u8(&err, dev, OPAL_STARTNAME);
1859 	add_token_u8(&err, dev, OPAL_VALUES);
1860 	add_token_u8(&err, dev, OPAL_STARTLIST);
1861 
1862 	add_token_u8(&err, dev, OPAL_STARTNAME);
1863 	add_token_u8(&err, dev, OPAL_READLOCKED);
1864 	add_token_u8(&err, dev, read_locked);
1865 	add_token_u8(&err, dev, OPAL_ENDNAME);
1866 
1867 	add_token_u8(&err, dev, OPAL_STARTNAME);
1868 	add_token_u8(&err, dev, OPAL_WRITELOCKED);
1869 	add_token_u8(&err, dev, write_locked);
1870 	add_token_u8(&err, dev, OPAL_ENDNAME);
1871 
1872 	add_token_u8(&err, dev, OPAL_ENDLIST);
1873 	add_token_u8(&err, dev, OPAL_ENDNAME);
1874 
1875 	if (err) {
1876 		pr_debug("Error building SET command.\n");
1877 		return err;
1878 	}
1879 
1880 	return finalize_and_send(dev, parse_and_check_status);
1881 }
1882 
1883 
1884 static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
1885 {
1886 	u8 lr_buffer[OPAL_UID_LENGTH];
1887 	u8 read_locked = 1, write_locked = 1;
1888 	struct opal_lock_unlock *lkul = data;
1889 	int ret;
1890 
1891 	clear_opal_cmd(dev);
1892 	set_comid(dev, dev->comid);
1893 
1894 	if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1895 				lkul->session.opal_key.lr) < 0)
1896 		return -ERANGE;
1897 
1898 	switch (lkul->l_state) {
1899 	case OPAL_RO:
1900 		read_locked = 0;
1901 		write_locked = 1;
1902 		break;
1903 	case OPAL_RW:
1904 		read_locked = 0;
1905 		write_locked = 0;
1906 		break;
1907 	case OPAL_LK:
1908 		/* vars are initialized to locked */
1909 		break;
1910 	default:
1911 		pr_debug("Tried to set an invalid locking state.\n");
1912 		return OPAL_INVAL_PARAM;
1913 	}
1914 	ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
1915 					read_locked, write_locked);
1916 
1917 	if (ret < 0) {
1918 		pr_debug("Error building SET command.\n");
1919 		return ret;
1920 	}
1921 
1922 	return finalize_and_send(dev, parse_and_check_status);
1923 }
1924 
1925 static int activate_lsp(struct opal_dev *dev, void *data)
1926 {
1927 	struct opal_lr_act *opal_act = data;
1928 	u8 user_lr[OPAL_UID_LENGTH];
1929 	int err, i;
1930 
1931 	err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID],
1932 			opalmethod[OPAL_ACTIVATE]);
1933 
1934 	if (opal_act->sum) {
1935 		err = build_locking_range(user_lr, sizeof(user_lr),
1936 					  opal_act->lr[0]);
1937 		if (err)
1938 			return err;
1939 
1940 		add_token_u8(&err, dev, OPAL_STARTNAME);
1941 		add_token_u64(&err, dev, OPAL_SUM_SET_LIST);
1942 
1943 		add_token_u8(&err, dev, OPAL_STARTLIST);
1944 		add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1945 		for (i = 1; i < opal_act->num_lrs; i++) {
1946 			user_lr[7] = opal_act->lr[i];
1947 			add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1948 		}
1949 		add_token_u8(&err, dev, OPAL_ENDLIST);
1950 		add_token_u8(&err, dev, OPAL_ENDNAME);
1951 	}
1952 
1953 	if (err) {
1954 		pr_debug("Error building Activate LockingSP command.\n");
1955 		return err;
1956 	}
1957 
1958 	return finalize_and_send(dev, parse_and_check_status);
1959 }
1960 
1961 /* Determine if we're in the Manufactured Inactive or Active state */
1962 static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
1963 {
1964 	u8 lc_status;
1965 	int err;
1966 
1967 	err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID],
1968 				 OPAL_LIFECYCLE);
1969 	if (err)
1970 		return err;
1971 
1972 	lc_status = response_get_u64(&dev->parsed, 4);
1973 	/* 0x08 is Manufactured Inactive */
1974 	/* 0x09 is Manufactured */
1975 	if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
1976 		pr_debug("Couldn't determine the status of the Lifecycle state\n");
1977 		return -ENODEV;
1978 	}
1979 
1980 	return 0;
1981 }
1982 
1983 static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
1984 {
1985 	const char *msid_pin;
1986 	size_t strlen;
1987 	int err;
1988 
1989 	err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN);
1990 	if (err)
1991 		return err;
1992 
1993 	strlen = response_get_string(&dev->parsed, 4, &msid_pin);
1994 	if (!msid_pin) {
1995 		pr_debug("Couldn't extract MSID_CPIN from response\n");
1996 		return OPAL_INVAL_PARAM;
1997 	}
1998 
1999 	dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
2000 	if (!dev->prev_data)
2001 		return -ENOMEM;
2002 
2003 	dev->prev_d_len = strlen;
2004 
2005 	return 0;
2006 }
2007 
2008 static int write_table_data(struct opal_dev *dev, void *data)
2009 {
2010 	struct opal_read_write_table *write_tbl = data;
2011 
2012 	return generic_table_write_data(dev, write_tbl->data, write_tbl->offset,
2013 					write_tbl->size, write_tbl->table_uid);
2014 }
2015 
2016 static int read_table_data_cont(struct opal_dev *dev)
2017 {
2018 	int err;
2019 	const char *data_read;
2020 
2021 	err = parse_and_check_status(dev);
2022 	if (err)
2023 		return err;
2024 
2025 	dev->prev_d_len = response_get_string(&dev->parsed, 1, &data_read);
2026 	dev->prev_data = (void *)data_read;
2027 	if (!dev->prev_data) {
2028 		pr_debug("%s: Couldn't read data from the table.\n", __func__);
2029 		return OPAL_INVAL_PARAM;
2030 	}
2031 
2032 	return 0;
2033 }
2034 
2035 /*
2036  * IO_BUFFER_LENGTH = 2048
2037  * sizeof(header) = 56
2038  * No. of Token Bytes in the Response = 11
2039  * MAX size of data that can be carried in response buffer
2040  * at a time is : 2048 - (56 + 11) = 1981 = 0x7BD.
2041  */
2042 #define OPAL_MAX_READ_TABLE (0x7BD)
2043 
2044 static int read_table_data(struct opal_dev *dev, void *data)
2045 {
2046 	struct opal_read_write_table *read_tbl = data;
2047 	int err;
2048 	size_t off = 0, max_read_size = OPAL_MAX_READ_TABLE;
2049 	u64 table_len, len;
2050 	u64 offset = read_tbl->offset, read_size = read_tbl->size - 1;
2051 	u8 __user *dst;
2052 
2053 	err = generic_get_table_info(dev, read_tbl->table_uid, OPAL_TABLE_ROWS);
2054 	if (err) {
2055 		pr_debug("Couldn't get the table size\n");
2056 		return err;
2057 	}
2058 
2059 	table_len = response_get_u64(&dev->parsed, 4);
2060 
2061 	/* Check if the user is trying to read from the table limits */
2062 	if (read_size > table_len || offset > table_len - read_size) {
2063 		pr_debug("Read size exceeds the Table size limits (%llu vs. %llu)\n",
2064 			  offset + read_size, table_len);
2065 		return -EINVAL;
2066 	}
2067 
2068 	while (off < read_size) {
2069 		err = cmd_start(dev, read_tbl->table_uid, opalmethod[OPAL_GET]);
2070 
2071 		add_token_u8(&err, dev, OPAL_STARTLIST);
2072 		add_token_u8(&err, dev, OPAL_STARTNAME);
2073 		add_token_u8(&err, dev, OPAL_STARTROW);
2074 		add_token_u64(&err, dev, offset + off); /* start row value */
2075 		add_token_u8(&err, dev, OPAL_ENDNAME);
2076 
2077 		add_token_u8(&err, dev, OPAL_STARTNAME);
2078 		add_token_u8(&err, dev, OPAL_ENDROW);
2079 
2080 		len = min(max_read_size, (size_t)(read_size - off));
2081 		add_token_u64(&err, dev, offset + off + len); /* end row value
2082 							       */
2083 		add_token_u8(&err, dev, OPAL_ENDNAME);
2084 		add_token_u8(&err, dev, OPAL_ENDLIST);
2085 
2086 		if (err) {
2087 			pr_debug("Error building read table data command.\n");
2088 			break;
2089 		}
2090 
2091 		err = finalize_and_send(dev, read_table_data_cont);
2092 		if (err)
2093 			break;
2094 
2095 		/* len+1: This includes the NULL terminator at the end*/
2096 		if (dev->prev_d_len > len + 1) {
2097 			err = -EOVERFLOW;
2098 			break;
2099 		}
2100 
2101 		dst = (u8 __user *)(uintptr_t)read_tbl->data;
2102 		if (copy_to_user(dst + off, dev->prev_data, dev->prev_d_len)) {
2103 			pr_debug("Error copying data to userspace\n");
2104 			err = -EFAULT;
2105 			break;
2106 		}
2107 		dev->prev_data = NULL;
2108 
2109 		off += len;
2110 	}
2111 
2112 	return err;
2113 }
2114 
2115 static int end_opal_session(struct opal_dev *dev, void *data)
2116 {
2117 	int err = 0;
2118 
2119 	clear_opal_cmd(dev);
2120 	set_comid(dev, dev->comid);
2121 	add_token_u8(&err, dev, OPAL_ENDOFSESSION);
2122 
2123 	if (err < 0)
2124 		return err;
2125 
2126 	return finalize_and_send(dev, end_session_cont);
2127 }
2128 
2129 static int end_opal_session_error(struct opal_dev *dev)
2130 {
2131 	const struct opal_step error_end_session = {
2132 		end_opal_session,
2133 	};
2134 
2135 	return execute_step(dev, &error_end_session, 0);
2136 }
2137 
2138 static inline void setup_opal_dev(struct opal_dev *dev)
2139 {
2140 	dev->tsn = 0;
2141 	dev->hsn = 0;
2142 	dev->prev_data = NULL;
2143 }
2144 
2145 static int check_opal_support(struct opal_dev *dev)
2146 {
2147 	int ret;
2148 
2149 	mutex_lock(&dev->dev_lock);
2150 	setup_opal_dev(dev);
2151 	ret = opal_discovery0_step(dev);
2152 	if (!ret)
2153 		dev->flags |= OPAL_FL_SUPPORTED;
2154 	mutex_unlock(&dev->dev_lock);
2155 
2156 	return ret;
2157 }
2158 
2159 static void clean_opal_dev(struct opal_dev *dev)
2160 {
2161 
2162 	struct opal_suspend_data *suspend, *next;
2163 
2164 	mutex_lock(&dev->dev_lock);
2165 	list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
2166 		list_del(&suspend->node);
2167 		kfree(suspend);
2168 	}
2169 	mutex_unlock(&dev->dev_lock);
2170 }
2171 
2172 void free_opal_dev(struct opal_dev *dev)
2173 {
2174 	if (!dev)
2175 		return;
2176 
2177 	clean_opal_dev(dev);
2178 	kfree(dev->resp);
2179 	kfree(dev->cmd);
2180 	kfree(dev);
2181 }
2182 EXPORT_SYMBOL(free_opal_dev);
2183 
2184 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2185 {
2186 	struct opal_dev *dev;
2187 
2188 	dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2189 	if (!dev)
2190 		return NULL;
2191 
2192 	/*
2193 	 * Presumably DMA-able buffers must be cache-aligned. Kmalloc makes
2194 	 * sure the allocated buffer is DMA-safe in that regard.
2195 	 */
2196 	dev->cmd = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2197 	if (!dev->cmd)
2198 		goto err_free_dev;
2199 
2200 	dev->resp = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2201 	if (!dev->resp)
2202 		goto err_free_cmd;
2203 
2204 	INIT_LIST_HEAD(&dev->unlk_lst);
2205 	mutex_init(&dev->dev_lock);
2206 	dev->flags = 0;
2207 	dev->data = data;
2208 	dev->send_recv = send_recv;
2209 	if (check_opal_support(dev) != 0) {
2210 		pr_debug("Opal is not supported on this device\n");
2211 		goto err_free_resp;
2212 	}
2213 
2214 	return dev;
2215 
2216 err_free_resp:
2217 	kfree(dev->resp);
2218 
2219 err_free_cmd:
2220 	kfree(dev->cmd);
2221 
2222 err_free_dev:
2223 	kfree(dev);
2224 
2225 	return NULL;
2226 }
2227 EXPORT_SYMBOL(init_opal_dev);
2228 
2229 static int opal_secure_erase_locking_range(struct opal_dev *dev,
2230 					   struct opal_session_info *opal_session)
2231 {
2232 	const struct opal_step erase_steps[] = {
2233 		{ start_auth_opal_session, opal_session },
2234 		{ get_active_key, &opal_session->opal_key.lr },
2235 		{ gen_key, },
2236 		{ end_opal_session, }
2237 	};
2238 	int ret;
2239 
2240 	mutex_lock(&dev->dev_lock);
2241 	setup_opal_dev(dev);
2242 	ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2243 	mutex_unlock(&dev->dev_lock);
2244 
2245 	return ret;
2246 }
2247 
2248 static int opal_erase_locking_range(struct opal_dev *dev,
2249 				    struct opal_session_info *opal_session)
2250 {
2251 	const struct opal_step erase_steps[] = {
2252 		{ start_auth_opal_session, opal_session },
2253 		{ erase_locking_range, opal_session },
2254 		{ end_opal_session, }
2255 	};
2256 	int ret;
2257 
2258 	mutex_lock(&dev->dev_lock);
2259 	setup_opal_dev(dev);
2260 	ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2261 	mutex_unlock(&dev->dev_lock);
2262 
2263 	return ret;
2264 }
2265 
2266 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2267 					  struct opal_mbr_data *opal_mbr)
2268 {
2269 	u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ?
2270 		OPAL_TRUE : OPAL_FALSE;
2271 
2272 	const struct opal_step mbr_steps[] = {
2273 		{ start_admin1LSP_opal_session, &opal_mbr->key },
2274 		{ set_mbr_done, &enable_disable },
2275 		{ end_opal_session, },
2276 		{ start_admin1LSP_opal_session, &opal_mbr->key },
2277 		{ set_mbr_enable_disable, &enable_disable },
2278 		{ end_opal_session, }
2279 	};
2280 	int ret;
2281 
2282 	if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2283 	    opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2284 		return -EINVAL;
2285 
2286 	mutex_lock(&dev->dev_lock);
2287 	setup_opal_dev(dev);
2288 	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2289 	mutex_unlock(&dev->dev_lock);
2290 
2291 	return ret;
2292 }
2293 
2294 static int opal_set_mbr_done(struct opal_dev *dev,
2295 			     struct opal_mbr_done *mbr_done)
2296 {
2297 	u8 mbr_done_tf = mbr_done->done_flag == OPAL_MBR_DONE ?
2298 		OPAL_TRUE : OPAL_FALSE;
2299 
2300 	const struct opal_step mbr_steps[] = {
2301 		{ start_admin1LSP_opal_session, &mbr_done->key },
2302 		{ set_mbr_done, &mbr_done_tf },
2303 		{ end_opal_session, }
2304 	};
2305 	int ret;
2306 
2307 	if (mbr_done->done_flag != OPAL_MBR_DONE &&
2308 	    mbr_done->done_flag != OPAL_MBR_NOT_DONE)
2309 		return -EINVAL;
2310 
2311 	mutex_lock(&dev->dev_lock);
2312 	setup_opal_dev(dev);
2313 	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2314 	mutex_unlock(&dev->dev_lock);
2315 
2316 	return ret;
2317 }
2318 
2319 static int opal_write_shadow_mbr(struct opal_dev *dev,
2320 				 struct opal_shadow_mbr *info)
2321 {
2322 	const struct opal_step mbr_steps[] = {
2323 		{ start_admin1LSP_opal_session, &info->key },
2324 		{ write_shadow_mbr, info },
2325 		{ end_opal_session, }
2326 	};
2327 	int ret;
2328 
2329 	if (info->size == 0)
2330 		return 0;
2331 
2332 	mutex_lock(&dev->dev_lock);
2333 	setup_opal_dev(dev);
2334 	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2335 	mutex_unlock(&dev->dev_lock);
2336 
2337 	return ret;
2338 }
2339 
2340 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2341 {
2342 	struct opal_suspend_data *suspend;
2343 
2344 	suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2345 	if (!suspend)
2346 		return -ENOMEM;
2347 
2348 	suspend->unlk = *lk_unlk;
2349 	suspend->lr = lk_unlk->session.opal_key.lr;
2350 
2351 	mutex_lock(&dev->dev_lock);
2352 	setup_opal_dev(dev);
2353 	add_suspend_info(dev, suspend);
2354 	mutex_unlock(&dev->dev_lock);
2355 
2356 	return 0;
2357 }
2358 
2359 static int opal_add_user_to_lr(struct opal_dev *dev,
2360 			       struct opal_lock_unlock *lk_unlk)
2361 {
2362 	const struct opal_step steps[] = {
2363 		{ start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2364 		{ add_user_to_lr, lk_unlk },
2365 		{ end_opal_session, }
2366 	};
2367 	int ret;
2368 
2369 	if (lk_unlk->l_state != OPAL_RO &&
2370 	    lk_unlk->l_state != OPAL_RW) {
2371 		pr_debug("Locking state was not RO or RW\n");
2372 		return -EINVAL;
2373 	}
2374 
2375 	if (lk_unlk->session.who < OPAL_USER1 ||
2376 	    lk_unlk->session.who > OPAL_USER9) {
2377 		pr_debug("Authority was not within the range of users: %d\n",
2378 			 lk_unlk->session.who);
2379 		return -EINVAL;
2380 	}
2381 
2382 	if (lk_unlk->session.sum) {
2383 		pr_debug("%s not supported in sum. Use setup locking range\n",
2384 			 __func__);
2385 		return -EINVAL;
2386 	}
2387 
2388 	mutex_lock(&dev->dev_lock);
2389 	setup_opal_dev(dev);
2390 	ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2391 	mutex_unlock(&dev->dev_lock);
2392 
2393 	return ret;
2394 }
2395 
2396 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psid)
2397 {
2398 	/* controller will terminate session */
2399 	const struct opal_step revert_steps[] = {
2400 		{ start_SIDASP_opal_session, opal },
2401 		{ revert_tper, }
2402 	};
2403 	const struct opal_step psid_revert_steps[] = {
2404 		{ start_PSID_opal_session, opal },
2405 		{ revert_tper, }
2406 	};
2407 
2408 	int ret;
2409 
2410 	mutex_lock(&dev->dev_lock);
2411 	setup_opal_dev(dev);
2412 	if (psid)
2413 		ret = execute_steps(dev, psid_revert_steps,
2414 				    ARRAY_SIZE(psid_revert_steps));
2415 	else
2416 		ret = execute_steps(dev, revert_steps,
2417 				    ARRAY_SIZE(revert_steps));
2418 	mutex_unlock(&dev->dev_lock);
2419 
2420 	/*
2421 	 * If we successfully reverted lets clean
2422 	 * any saved locking ranges.
2423 	 */
2424 	if (!ret)
2425 		clean_opal_dev(dev);
2426 
2427 	return ret;
2428 }
2429 
2430 static int __opal_lock_unlock(struct opal_dev *dev,
2431 			      struct opal_lock_unlock *lk_unlk)
2432 {
2433 	const struct opal_step unlock_steps[] = {
2434 		{ start_auth_opal_session, &lk_unlk->session },
2435 		{ lock_unlock_locking_range, lk_unlk },
2436 		{ end_opal_session, }
2437 	};
2438 	const struct opal_step unlock_sum_steps[] = {
2439 		{ start_auth_opal_session, &lk_unlk->session },
2440 		{ lock_unlock_locking_range_sum, lk_unlk },
2441 		{ end_opal_session, }
2442 	};
2443 
2444 	if (lk_unlk->session.sum)
2445 		return execute_steps(dev, unlock_sum_steps,
2446 				     ARRAY_SIZE(unlock_sum_steps));
2447 	else
2448 		return execute_steps(dev, unlock_steps,
2449 				     ARRAY_SIZE(unlock_steps));
2450 }
2451 
2452 static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2453 {
2454 	u8 mbr_done_tf = OPAL_TRUE;
2455 	const struct opal_step mbrdone_step[] = {
2456 		{ start_admin1LSP_opal_session, key },
2457 		{ set_mbr_done, &mbr_done_tf },
2458 		{ end_opal_session, }
2459 	};
2460 
2461 	return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step));
2462 }
2463 
2464 static void opal_lock_check_for_saved_key(struct opal_dev *dev,
2465 			    struct opal_lock_unlock *lk_unlk)
2466 {
2467 	struct opal_suspend_data *iter;
2468 
2469 	if (lk_unlk->l_state != OPAL_LK ||
2470 			lk_unlk->session.opal_key.key_len > 0)
2471 		return;
2472 
2473 	/*
2474 	 * Usually when closing a crypto device (eg: dm-crypt with LUKS) the
2475 	 * volume key is not required, as it requires root privileges anyway,
2476 	 * and root can deny access to a disk in many ways regardless.
2477 	 * Requiring the volume key to lock the device is a peculiarity of the
2478 	 * OPAL specification. Given we might already have saved the key if
2479 	 * the user requested it via the 'IOC_OPAL_SAVE' ioctl, we can use
2480 	 * that key to lock the device if no key was provided here, the
2481 	 * locking range matches and the appropriate flag was passed with
2482 	 * 'IOC_OPAL_SAVE'.
2483 	 * This allows integrating OPAL with tools and libraries that are used
2484 	 * to the common behaviour and do not ask for the volume key when
2485 	 * closing a device.
2486 	 */
2487 	setup_opal_dev(dev);
2488 	list_for_each_entry(iter, &dev->unlk_lst, node) {
2489 		if ((iter->unlk.flags & OPAL_SAVE_FOR_LOCK) &&
2490 				iter->lr == lk_unlk->session.opal_key.lr &&
2491 				iter->unlk.session.opal_key.key_len > 0) {
2492 			lk_unlk->session.opal_key.key_len =
2493 				iter->unlk.session.opal_key.key_len;
2494 			memcpy(lk_unlk->session.opal_key.key,
2495 				iter->unlk.session.opal_key.key,
2496 				iter->unlk.session.opal_key.key_len);
2497 			break;
2498 		}
2499 	}
2500 }
2501 
2502 static int opal_lock_unlock(struct opal_dev *dev,
2503 			    struct opal_lock_unlock *lk_unlk)
2504 {
2505 	int ret;
2506 
2507 	if (lk_unlk->session.who > OPAL_USER9)
2508 		return -EINVAL;
2509 
2510 	mutex_lock(&dev->dev_lock);
2511 	opal_lock_check_for_saved_key(dev, lk_unlk);
2512 	ret = __opal_lock_unlock(dev, lk_unlk);
2513 	mutex_unlock(&dev->dev_lock);
2514 
2515 	return ret;
2516 }
2517 
2518 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2519 {
2520 	const struct opal_step owner_steps[] = {
2521 		{ start_anybodyASP_opal_session, },
2522 		{ get_msid_cpin_pin, },
2523 		{ end_opal_session, },
2524 		{ start_SIDASP_opal_session, opal },
2525 		{ set_sid_cpin_pin, opal },
2526 		{ end_opal_session, }
2527 	};
2528 	int ret;
2529 
2530 	if (!dev)
2531 		return -ENODEV;
2532 
2533 	mutex_lock(&dev->dev_lock);
2534 	setup_opal_dev(dev);
2535 	ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
2536 	mutex_unlock(&dev->dev_lock);
2537 
2538 	return ret;
2539 }
2540 
2541 static int opal_activate_lsp(struct opal_dev *dev,
2542 			     struct opal_lr_act *opal_lr_act)
2543 {
2544 	const struct opal_step active_steps[] = {
2545 		{ start_SIDASP_opal_session, &opal_lr_act->key },
2546 		{ get_lsp_lifecycle, },
2547 		{ activate_lsp, opal_lr_act },
2548 		{ end_opal_session, }
2549 	};
2550 	int ret;
2551 
2552 	if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2553 		return -EINVAL;
2554 
2555 	mutex_lock(&dev->dev_lock);
2556 	setup_opal_dev(dev);
2557 	ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
2558 	mutex_unlock(&dev->dev_lock);
2559 
2560 	return ret;
2561 }
2562 
2563 static int opal_setup_locking_range(struct opal_dev *dev,
2564 				    struct opal_user_lr_setup *opal_lrs)
2565 {
2566 	const struct opal_step lr_steps[] = {
2567 		{ start_auth_opal_session, &opal_lrs->session },
2568 		{ setup_locking_range, opal_lrs },
2569 		{ end_opal_session, }
2570 	};
2571 	int ret;
2572 
2573 	mutex_lock(&dev->dev_lock);
2574 	setup_opal_dev(dev);
2575 	ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2576 	mutex_unlock(&dev->dev_lock);
2577 
2578 	return ret;
2579 }
2580 
2581 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
2582 {
2583 	const struct opal_step pw_steps[] = {
2584 		{ start_auth_opal_session, &opal_pw->session },
2585 		{ set_new_pw, &opal_pw->new_user_pw },
2586 		{ end_opal_session, }
2587 	};
2588 	int ret;
2589 
2590 	if (opal_pw->session.who > OPAL_USER9  ||
2591 	    opal_pw->new_user_pw.who > OPAL_USER9)
2592 		return -EINVAL;
2593 
2594 	mutex_lock(&dev->dev_lock);
2595 	setup_opal_dev(dev);
2596 	ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
2597 	mutex_unlock(&dev->dev_lock);
2598 
2599 	return ret;
2600 }
2601 
2602 static int opal_activate_user(struct opal_dev *dev,
2603 			      struct opal_session_info *opal_session)
2604 {
2605 	const struct opal_step act_steps[] = {
2606 		{ start_admin1LSP_opal_session, &opal_session->opal_key },
2607 		{ internal_activate_user, opal_session },
2608 		{ end_opal_session, }
2609 	};
2610 	int ret;
2611 
2612 	/* We can't activate Admin1 it's active as manufactured */
2613 	if (opal_session->who < OPAL_USER1 ||
2614 	    opal_session->who > OPAL_USER9) {
2615 		pr_debug("Who was not a valid user: %d\n", opal_session->who);
2616 		return -EINVAL;
2617 	}
2618 
2619 	mutex_lock(&dev->dev_lock);
2620 	setup_opal_dev(dev);
2621 	ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
2622 	mutex_unlock(&dev->dev_lock);
2623 
2624 	return ret;
2625 }
2626 
2627 bool opal_unlock_from_suspend(struct opal_dev *dev)
2628 {
2629 	struct opal_suspend_data *suspend;
2630 	bool was_failure = false;
2631 	int ret = 0;
2632 
2633 	if (!dev)
2634 		return false;
2635 
2636 	if (!(dev->flags & OPAL_FL_SUPPORTED))
2637 		return false;
2638 
2639 	mutex_lock(&dev->dev_lock);
2640 	setup_opal_dev(dev);
2641 
2642 	list_for_each_entry(suspend, &dev->unlk_lst, node) {
2643 		dev->tsn = 0;
2644 		dev->hsn = 0;
2645 
2646 		ret = __opal_lock_unlock(dev, &suspend->unlk);
2647 		if (ret) {
2648 			pr_debug("Failed to unlock LR %hhu with sum %d\n",
2649 				 suspend->unlk.session.opal_key.lr,
2650 				 suspend->unlk.session.sum);
2651 			was_failure = true;
2652 		}
2653 
2654 		if (dev->flags & OPAL_FL_MBR_ENABLED) {
2655 			ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
2656 			if (ret)
2657 				pr_debug("Failed to set MBR Done in S3 resume\n");
2658 		}
2659 	}
2660 	mutex_unlock(&dev->dev_lock);
2661 
2662 	return was_failure;
2663 }
2664 EXPORT_SYMBOL(opal_unlock_from_suspend);
2665 
2666 static int opal_read_table(struct opal_dev *dev,
2667 			   struct opal_read_write_table *rw_tbl)
2668 {
2669 	const struct opal_step read_table_steps[] = {
2670 		{ start_admin1LSP_opal_session, &rw_tbl->key },
2671 		{ read_table_data, rw_tbl },
2672 		{ end_opal_session, }
2673 	};
2674 	int ret = 0;
2675 
2676 	if (!rw_tbl->size)
2677 		return ret;
2678 
2679 	return execute_steps(dev, read_table_steps,
2680 			     ARRAY_SIZE(read_table_steps));
2681 }
2682 
2683 static int opal_write_table(struct opal_dev *dev,
2684 			    struct opal_read_write_table *rw_tbl)
2685 {
2686 	const struct opal_step write_table_steps[] = {
2687 		{ start_admin1LSP_opal_session, &rw_tbl->key },
2688 		{ write_table_data, rw_tbl },
2689 		{ end_opal_session, }
2690 	};
2691 	int ret = 0;
2692 
2693 	if (!rw_tbl->size)
2694 		return ret;
2695 
2696 	return execute_steps(dev, write_table_steps,
2697 			     ARRAY_SIZE(write_table_steps));
2698 }
2699 
2700 static int opal_generic_read_write_table(struct opal_dev *dev,
2701 					 struct opal_read_write_table *rw_tbl)
2702 {
2703 	int ret, bit_set;
2704 
2705 	mutex_lock(&dev->dev_lock);
2706 	setup_opal_dev(dev);
2707 
2708 	bit_set = fls64(rw_tbl->flags) - 1;
2709 	switch (bit_set) {
2710 	case OPAL_READ_TABLE:
2711 		ret = opal_read_table(dev, rw_tbl);
2712 		break;
2713 	case OPAL_WRITE_TABLE:
2714 		ret = opal_write_table(dev, rw_tbl);
2715 		break;
2716 	default:
2717 		pr_debug("Invalid bit set in the flag (%016llx).\n",
2718 			 rw_tbl->flags);
2719 		ret = -EINVAL;
2720 		break;
2721 	}
2722 
2723 	mutex_unlock(&dev->dev_lock);
2724 
2725 	return ret;
2726 }
2727 
2728 static int opal_get_status(struct opal_dev *dev, void __user *data)
2729 {
2730 	struct opal_status sts = {0};
2731 
2732 	/*
2733 	 * check_opal_support() error is not fatal,
2734 	 * !dev->supported is a valid condition
2735 	 */
2736 	if (!check_opal_support(dev))
2737 		sts.flags = dev->flags;
2738 	if (copy_to_user(data, &sts, sizeof(sts))) {
2739 		pr_debug("Error copying status to userspace\n");
2740 		return -EFAULT;
2741 	}
2742 	return 0;
2743 }
2744 
2745 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
2746 {
2747 	void *p;
2748 	int ret = -ENOTTY;
2749 
2750 	if (!capable(CAP_SYS_ADMIN))
2751 		return -EACCES;
2752 	if (!dev)
2753 		return -ENOTSUPP;
2754 	if (!(dev->flags & OPAL_FL_SUPPORTED))
2755 		return -ENOTSUPP;
2756 
2757 	if (cmd & IOC_IN) {
2758 		p = memdup_user(arg, _IOC_SIZE(cmd));
2759 		if (IS_ERR(p))
2760 			return PTR_ERR(p);
2761 	}
2762 
2763 	switch (cmd) {
2764 	case IOC_OPAL_SAVE:
2765 		ret = opal_save(dev, p);
2766 		break;
2767 	case IOC_OPAL_LOCK_UNLOCK:
2768 		ret = opal_lock_unlock(dev, p);
2769 		break;
2770 	case IOC_OPAL_TAKE_OWNERSHIP:
2771 		ret = opal_take_ownership(dev, p);
2772 		break;
2773 	case IOC_OPAL_ACTIVATE_LSP:
2774 		ret = opal_activate_lsp(dev, p);
2775 		break;
2776 	case IOC_OPAL_SET_PW:
2777 		ret = opal_set_new_pw(dev, p);
2778 		break;
2779 	case IOC_OPAL_ACTIVATE_USR:
2780 		ret = opal_activate_user(dev, p);
2781 		break;
2782 	case IOC_OPAL_REVERT_TPR:
2783 		ret = opal_reverttper(dev, p, false);
2784 		break;
2785 	case IOC_OPAL_LR_SETUP:
2786 		ret = opal_setup_locking_range(dev, p);
2787 		break;
2788 	case IOC_OPAL_ADD_USR_TO_LR:
2789 		ret = opal_add_user_to_lr(dev, p);
2790 		break;
2791 	case IOC_OPAL_ENABLE_DISABLE_MBR:
2792 		ret = opal_enable_disable_shadow_mbr(dev, p);
2793 		break;
2794 	case IOC_OPAL_MBR_DONE:
2795 		ret = opal_set_mbr_done(dev, p);
2796 		break;
2797 	case IOC_OPAL_WRITE_SHADOW_MBR:
2798 		ret = opal_write_shadow_mbr(dev, p);
2799 		break;
2800 	case IOC_OPAL_ERASE_LR:
2801 		ret = opal_erase_locking_range(dev, p);
2802 		break;
2803 	case IOC_OPAL_SECURE_ERASE_LR:
2804 		ret = opal_secure_erase_locking_range(dev, p);
2805 		break;
2806 	case IOC_OPAL_PSID_REVERT_TPR:
2807 		ret = opal_reverttper(dev, p, true);
2808 		break;
2809 	case IOC_OPAL_GENERIC_TABLE_RW:
2810 		ret = opal_generic_read_write_table(dev, p);
2811 		break;
2812 	case IOC_OPAL_GET_STATUS:
2813 		ret = opal_get_status(dev, arg);
2814 		break;
2815 	default:
2816 		break;
2817 	}
2818 
2819 	if (cmd & IOC_IN)
2820 		kfree(p);
2821 	return ret;
2822 }
2823 EXPORT_SYMBOL_GPL(sed_ioctl);
2824