1 /* 2 * Copyright © 2016 Intel Corporation 3 * 4 * Authors: 5 * Scott Bauer <scott.bauer@intel.com> 6 * Rafael Antognolli <rafael.antognolli@intel.com> 7 * 8 * This program is free software; you can redistribute it and/or modify it 9 * under the terms and conditions of the GNU General Public License, 10 * version 2, as published by the Free Software Foundation. 11 * 12 * This program is distributed in the hope it will be useful, but WITHOUT 13 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 15 * more details. 16 */ 17 18 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt 19 20 #include <linux/delay.h> 21 #include <linux/device.h> 22 #include <linux/kernel.h> 23 #include <linux/list.h> 24 #include <linux/genhd.h> 25 #include <linux/slab.h> 26 #include <linux/uaccess.h> 27 #include <uapi/linux/sed-opal.h> 28 #include <linux/sed-opal.h> 29 #include <linux/string.h> 30 #include <linux/kdev_t.h> 31 32 #include "opal_proto.h" 33 34 #define IO_BUFFER_LENGTH 2048 35 #define MAX_TOKS 64 36 37 struct opal_step { 38 int (*fn)(struct opal_dev *dev, void *data); 39 void *data; 40 }; 41 typedef int (cont_fn)(struct opal_dev *dev); 42 43 enum opal_atom_width { 44 OPAL_WIDTH_TINY, 45 OPAL_WIDTH_SHORT, 46 OPAL_WIDTH_MEDIUM, 47 OPAL_WIDTH_LONG, 48 OPAL_WIDTH_TOKEN 49 }; 50 51 /* 52 * On the parsed response, we don't store again the toks that are already 53 * stored in the response buffer. Instead, for each token, we just store a 54 * pointer to the position in the buffer where the token starts, and the size 55 * of the token in bytes. 56 */ 57 struct opal_resp_tok { 58 const u8 *pos; 59 size_t len; 60 enum opal_response_token type; 61 enum opal_atom_width width; 62 union { 63 u64 u; 64 s64 s; 65 } stored; 66 }; 67 68 /* 69 * From the response header it's not possible to know how many tokens there are 70 * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later 71 * if we start dealing with messages that have more than that, we can increase 72 * this number. This is done to avoid having to make two passes through the 73 * response, the first one counting how many tokens we have and the second one 74 * actually storing the positions. 75 */ 76 struct parsed_resp { 77 int num; 78 struct opal_resp_tok toks[MAX_TOKS]; 79 }; 80 81 struct opal_dev { 82 bool supported; 83 bool mbr_enabled; 84 85 void *data; 86 sec_send_recv *send_recv; 87 88 const struct opal_step *steps; 89 struct mutex dev_lock; 90 u16 comid; 91 u32 hsn; 92 u32 tsn; 93 u64 align; 94 u64 lowest_lba; 95 96 size_t pos; 97 u8 cmd[IO_BUFFER_LENGTH]; 98 u8 resp[IO_BUFFER_LENGTH]; 99 100 struct parsed_resp parsed; 101 size_t prev_d_len; 102 void *prev_data; 103 104 struct list_head unlk_lst; 105 }; 106 107 108 static const u8 opaluid[][OPAL_UID_LENGTH] = { 109 /* users */ 110 [OPAL_SMUID_UID] = 111 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff }, 112 [OPAL_THISSP_UID] = 113 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, 114 [OPAL_ADMINSP_UID] = 115 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 }, 116 [OPAL_LOCKINGSP_UID] = 117 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 }, 118 [OPAL_ENTERPRISE_LOCKINGSP_UID] = 119 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 }, 120 [OPAL_ANYBODY_UID] = 121 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 }, 122 [OPAL_SID_UID] = 123 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 }, 124 [OPAL_ADMIN1_UID] = 125 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 }, 126 [OPAL_USER1_UID] = 127 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 }, 128 [OPAL_USER2_UID] = 129 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 }, 130 [OPAL_PSID_UID] = 131 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 }, 132 [OPAL_ENTERPRISE_BANDMASTER0_UID] = 133 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 }, 134 [OPAL_ENTERPRISE_ERASEMASTER_UID] = 135 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 }, 136 137 /* tables */ 138 139 [OPAL_LOCKINGRANGE_GLOBAL] = 140 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 }, 141 [OPAL_LOCKINGRANGE_ACE_RDLOCKED] = 142 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 }, 143 [OPAL_LOCKINGRANGE_ACE_WRLOCKED] = 144 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 }, 145 [OPAL_MBRCONTROL] = 146 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 }, 147 [OPAL_MBR] = 148 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 }, 149 [OPAL_AUTHORITY_TABLE] = 150 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00}, 151 [OPAL_C_PIN_TABLE] = 152 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00}, 153 [OPAL_LOCKING_INFO_TABLE] = 154 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 }, 155 [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] = 156 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 }, 157 158 /* C_PIN_TABLE object ID's */ 159 160 [OPAL_C_PIN_MSID] = 161 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02}, 162 [OPAL_C_PIN_SID] = 163 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01}, 164 [OPAL_C_PIN_ADMIN1] = 165 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01}, 166 167 /* half UID's (only first 4 bytes used) */ 168 169 [OPAL_HALF_UID_AUTHORITY_OBJ_REF] = 170 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff }, 171 [OPAL_HALF_UID_BOOLEAN_ACE] = 172 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff }, 173 174 /* special value for omitted optional parameter */ 175 [OPAL_UID_HEXFF] = 176 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 177 }; 178 179 /* 180 * TCG Storage SSC Methods. 181 * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00 182 * Section: 6.3 Assigned UIDs 183 */ 184 static const u8 opalmethod[][OPAL_UID_LENGTH] = { 185 [OPAL_PROPERTIES] = 186 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 }, 187 [OPAL_STARTSESSION] = 188 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 }, 189 [OPAL_REVERT] = 190 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 }, 191 [OPAL_ACTIVATE] = 192 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 }, 193 [OPAL_EGET] = 194 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 }, 195 [OPAL_ESET] = 196 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 }, 197 [OPAL_NEXT] = 198 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 }, 199 [OPAL_EAUTHENTICATE] = 200 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c }, 201 [OPAL_GETACL] = 202 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d }, 203 [OPAL_GENKEY] = 204 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 }, 205 [OPAL_REVERTSP] = 206 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 }, 207 [OPAL_GET] = 208 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 }, 209 [OPAL_SET] = 210 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 }, 211 [OPAL_AUTHENTICATE] = 212 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c }, 213 [OPAL_RANDOM] = 214 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 }, 215 [OPAL_ERASE] = 216 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 }, 217 }; 218 219 static int end_opal_session_error(struct opal_dev *dev); 220 221 struct opal_suspend_data { 222 struct opal_lock_unlock unlk; 223 u8 lr; 224 struct list_head node; 225 }; 226 227 /* 228 * Derived from: 229 * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00 230 * Section: 5.1.5 Method Status Codes 231 */ 232 static const char * const opal_errors[] = { 233 "Success", 234 "Not Authorized", 235 "Unknown Error", 236 "SP Busy", 237 "SP Failed", 238 "SP Disabled", 239 "SP Frozen", 240 "No Sessions Available", 241 "Uniqueness Conflict", 242 "Insufficient Space", 243 "Insufficient Rows", 244 "Invalid Function", 245 "Invalid Parameter", 246 "Invalid Reference", 247 "Unknown Error", 248 "TPER Malfunction", 249 "Transaction Failure", 250 "Response Overflow", 251 "Authority Locked Out", 252 }; 253 254 static const char *opal_error_to_human(int error) 255 { 256 if (error == 0x3f) 257 return "Failed"; 258 259 if (error >= ARRAY_SIZE(opal_errors) || error < 0) 260 return "Unknown Error"; 261 262 return opal_errors[error]; 263 } 264 265 static void print_buffer(const u8 *ptr, u32 length) 266 { 267 #ifdef DEBUG 268 print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length); 269 pr_debug("\n"); 270 #endif 271 } 272 273 static bool check_tper(const void *data) 274 { 275 const struct d0_tper_features *tper = data; 276 u8 flags = tper->supported_features; 277 278 if (!(flags & TPER_SYNC_SUPPORTED)) { 279 pr_debug("TPer sync not supported. flags = %d\n", 280 tper->supported_features); 281 return false; 282 } 283 284 return true; 285 } 286 287 static bool check_mbrenabled(const void *data) 288 { 289 const struct d0_locking_features *lfeat = data; 290 u8 sup_feat = lfeat->supported_features; 291 292 return !!(sup_feat & MBR_ENABLED_MASK); 293 } 294 295 static bool check_sum(const void *data) 296 { 297 const struct d0_single_user_mode *sum = data; 298 u32 nlo = be32_to_cpu(sum->num_locking_objects); 299 300 if (nlo == 0) { 301 pr_debug("Need at least one locking object.\n"); 302 return false; 303 } 304 305 pr_debug("Number of locking objects: %d\n", nlo); 306 307 return true; 308 } 309 310 static u16 get_comid_v100(const void *data) 311 { 312 const struct d0_opal_v100 *v100 = data; 313 314 return be16_to_cpu(v100->baseComID); 315 } 316 317 static u16 get_comid_v200(const void *data) 318 { 319 const struct d0_opal_v200 *v200 = data; 320 321 return be16_to_cpu(v200->baseComID); 322 } 323 324 static int opal_send_cmd(struct opal_dev *dev) 325 { 326 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01, 327 dev->cmd, IO_BUFFER_LENGTH, 328 true); 329 } 330 331 static int opal_recv_cmd(struct opal_dev *dev) 332 { 333 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01, 334 dev->resp, IO_BUFFER_LENGTH, 335 false); 336 } 337 338 static int opal_recv_check(struct opal_dev *dev) 339 { 340 size_t buflen = IO_BUFFER_LENGTH; 341 void *buffer = dev->resp; 342 struct opal_header *hdr = buffer; 343 int ret; 344 345 do { 346 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n", 347 hdr->cp.outstandingData, 348 hdr->cp.minTransfer); 349 350 if (hdr->cp.outstandingData == 0 || 351 hdr->cp.minTransfer != 0) 352 return 0; 353 354 memset(buffer, 0, buflen); 355 ret = opal_recv_cmd(dev); 356 } while (!ret); 357 358 return ret; 359 } 360 361 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont) 362 { 363 int ret; 364 365 ret = opal_send_cmd(dev); 366 if (ret) 367 return ret; 368 ret = opal_recv_cmd(dev); 369 if (ret) 370 return ret; 371 ret = opal_recv_check(dev); 372 if (ret) 373 return ret; 374 return cont(dev); 375 } 376 377 static void check_geometry(struct opal_dev *dev, const void *data) 378 { 379 const struct d0_geometry_features *geo = data; 380 381 dev->align = geo->alignment_granularity; 382 dev->lowest_lba = geo->lowest_aligned_lba; 383 } 384 385 static int next(struct opal_dev *dev) 386 { 387 const struct opal_step *step; 388 int state = 0, error = 0; 389 390 do { 391 step = &dev->steps[state]; 392 if (!step->fn) 393 break; 394 395 error = step->fn(dev, step->data); 396 if (error) { 397 pr_debug("Error on step function: %d with error %d: %s\n", 398 state, error, 399 opal_error_to_human(error)); 400 401 /* For each OPAL command we do a discovery0 then we 402 * start some sort of session. 403 * If we haven't passed state 1 then there was an error 404 * on discovery0 or during the attempt to start a 405 * session. Therefore we shouldn't attempt to terminate 406 * a session, as one has not yet been created. 407 */ 408 if (state > 1) { 409 end_opal_session_error(dev); 410 return error; 411 } 412 413 } 414 state++; 415 } while (!error); 416 417 return error; 418 } 419 420 static int opal_discovery0_end(struct opal_dev *dev) 421 { 422 bool found_com_id = false, supported = true, single_user = false; 423 const struct d0_header *hdr = (struct d0_header *)dev->resp; 424 const u8 *epos = dev->resp, *cpos = dev->resp; 425 u16 comid = 0; 426 u32 hlen = be32_to_cpu(hdr->length); 427 428 print_buffer(dev->resp, hlen); 429 dev->mbr_enabled = false; 430 431 if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) { 432 pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n", 433 sizeof(*hdr), hlen, IO_BUFFER_LENGTH); 434 return -EFAULT; 435 } 436 437 epos += hlen; /* end of buffer */ 438 cpos += sizeof(*hdr); /* current position on buffer */ 439 440 while (cpos < epos && supported) { 441 const struct d0_features *body = 442 (const struct d0_features *)cpos; 443 444 switch (be16_to_cpu(body->code)) { 445 case FC_TPER: 446 supported = check_tper(body->features); 447 break; 448 case FC_SINGLEUSER: 449 single_user = check_sum(body->features); 450 break; 451 case FC_GEOMETRY: 452 check_geometry(dev, body); 453 break; 454 case FC_LOCKING: 455 dev->mbr_enabled = check_mbrenabled(body->features); 456 break; 457 case FC_ENTERPRISE: 458 case FC_DATASTORE: 459 /* some ignored properties */ 460 pr_debug("Found OPAL feature description: %d\n", 461 be16_to_cpu(body->code)); 462 break; 463 case FC_OPALV100: 464 comid = get_comid_v100(body->features); 465 found_com_id = true; 466 break; 467 case FC_OPALV200: 468 comid = get_comid_v200(body->features); 469 found_com_id = true; 470 break; 471 case 0xbfff ... 0xffff: 472 /* vendor specific, just ignore */ 473 break; 474 default: 475 pr_debug("OPAL Unknown feature: %d\n", 476 be16_to_cpu(body->code)); 477 478 } 479 cpos += body->length + 4; 480 } 481 482 if (!supported) { 483 pr_debug("This device is not Opal enabled. Not Supported!\n"); 484 return -EOPNOTSUPP; 485 } 486 487 if (!single_user) 488 pr_debug("Device doesn't support single user mode\n"); 489 490 491 if (!found_com_id) { 492 pr_debug("Could not find OPAL comid for device. Returning early\n"); 493 return -EOPNOTSUPP; 494 } 495 496 dev->comid = comid; 497 498 return 0; 499 } 500 501 static int opal_discovery0(struct opal_dev *dev, void *data) 502 { 503 int ret; 504 505 memset(dev->resp, 0, IO_BUFFER_LENGTH); 506 dev->comid = OPAL_DISCOVERY_COMID; 507 ret = opal_recv_cmd(dev); 508 if (ret) 509 return ret; 510 return opal_discovery0_end(dev); 511 } 512 513 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok) 514 { 515 if (*err) 516 return; 517 if (cmd->pos >= IO_BUFFER_LENGTH - 1) { 518 pr_debug("Error adding u8: end of buffer.\n"); 519 *err = -ERANGE; 520 return; 521 } 522 cmd->cmd[cmd->pos++] = tok; 523 } 524 525 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring, 526 bool has_sign, int len) 527 { 528 u8 atom; 529 int err = 0; 530 531 atom = SHORT_ATOM_ID; 532 atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0; 533 atom |= has_sign ? SHORT_ATOM_SIGNED : 0; 534 atom |= len & SHORT_ATOM_LEN_MASK; 535 536 add_token_u8(&err, cmd, atom); 537 } 538 539 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring, 540 bool has_sign, int len) 541 { 542 u8 header0; 543 544 header0 = MEDIUM_ATOM_ID; 545 header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0; 546 header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0; 547 header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK; 548 cmd->cmd[cmd->pos++] = header0; 549 cmd->cmd[cmd->pos++] = len; 550 } 551 552 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number) 553 { 554 555 size_t len; 556 int msb; 557 558 if (!(number & ~TINY_ATOM_DATA_MASK)) { 559 add_token_u8(err, cmd, number); 560 return; 561 } 562 563 msb = fls64(number); 564 len = DIV_ROUND_UP(msb, 8); 565 566 if (cmd->pos >= IO_BUFFER_LENGTH - len - 1) { 567 pr_debug("Error adding u64: end of buffer.\n"); 568 *err = -ERANGE; 569 return; 570 } 571 add_short_atom_header(cmd, false, false, len); 572 while (len--) 573 add_token_u8(err, cmd, number >> (len * 8)); 574 } 575 576 static void add_token_bytestring(int *err, struct opal_dev *cmd, 577 const u8 *bytestring, size_t len) 578 { 579 size_t header_len = 1; 580 bool is_short_atom = true; 581 582 if (*err) 583 return; 584 585 if (len & ~SHORT_ATOM_LEN_MASK) { 586 header_len = 2; 587 is_short_atom = false; 588 } 589 590 if (len >= IO_BUFFER_LENGTH - cmd->pos - header_len) { 591 pr_debug("Error adding bytestring: end of buffer.\n"); 592 *err = -ERANGE; 593 return; 594 } 595 596 if (is_short_atom) 597 add_short_atom_header(cmd, true, false, len); 598 else 599 add_medium_atom_header(cmd, true, false, len); 600 601 memcpy(&cmd->cmd[cmd->pos], bytestring, len); 602 cmd->pos += len; 603 604 } 605 606 static int build_locking_range(u8 *buffer, size_t length, u8 lr) 607 { 608 if (length > OPAL_UID_LENGTH) { 609 pr_debug("Can't build locking range. Length OOB\n"); 610 return -ERANGE; 611 } 612 613 memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH); 614 615 if (lr == 0) 616 return 0; 617 buffer[5] = LOCKING_RANGE_NON_GLOBAL; 618 buffer[7] = lr; 619 620 return 0; 621 } 622 623 static int build_locking_user(u8 *buffer, size_t length, u8 lr) 624 { 625 if (length > OPAL_UID_LENGTH) { 626 pr_debug("Can't build locking range user, Length OOB\n"); 627 return -ERANGE; 628 } 629 630 memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH); 631 632 buffer[7] = lr + 1; 633 634 return 0; 635 } 636 637 static void set_comid(struct opal_dev *cmd, u16 comid) 638 { 639 struct opal_header *hdr = (struct opal_header *)cmd->cmd; 640 641 hdr->cp.extendedComID[0] = comid >> 8; 642 hdr->cp.extendedComID[1] = comid; 643 hdr->cp.extendedComID[2] = 0; 644 hdr->cp.extendedComID[3] = 0; 645 } 646 647 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn) 648 { 649 struct opal_header *hdr; 650 int err = 0; 651 652 add_token_u8(&err, cmd, OPAL_ENDOFDATA); 653 add_token_u8(&err, cmd, OPAL_STARTLIST); 654 add_token_u8(&err, cmd, 0); 655 add_token_u8(&err, cmd, 0); 656 add_token_u8(&err, cmd, 0); 657 add_token_u8(&err, cmd, OPAL_ENDLIST); 658 659 if (err) { 660 pr_debug("Error finalizing command.\n"); 661 return -EFAULT; 662 } 663 664 hdr = (struct opal_header *) cmd->cmd; 665 666 hdr->pkt.tsn = cpu_to_be32(tsn); 667 hdr->pkt.hsn = cpu_to_be32(hsn); 668 669 hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr)); 670 while (cmd->pos % 4) { 671 if (cmd->pos >= IO_BUFFER_LENGTH) { 672 pr_debug("Error: Buffer overrun\n"); 673 return -ERANGE; 674 } 675 cmd->cmd[cmd->pos++] = 0; 676 } 677 hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) - 678 sizeof(hdr->pkt)); 679 hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp)); 680 681 return 0; 682 } 683 684 static const struct opal_resp_tok *response_get_token( 685 const struct parsed_resp *resp, 686 int n) 687 { 688 const struct opal_resp_tok *tok; 689 690 if (n >= resp->num) { 691 pr_debug("Token number doesn't exist: %d, resp: %d\n", 692 n, resp->num); 693 return ERR_PTR(-EINVAL); 694 } 695 696 tok = &resp->toks[n]; 697 if (tok->len == 0) { 698 pr_debug("Token length must be non-zero\n"); 699 return ERR_PTR(-EINVAL); 700 } 701 702 return tok; 703 } 704 705 static ssize_t response_parse_tiny(struct opal_resp_tok *tok, 706 const u8 *pos) 707 { 708 tok->pos = pos; 709 tok->len = 1; 710 tok->width = OPAL_WIDTH_TINY; 711 712 if (pos[0] & TINY_ATOM_SIGNED) { 713 tok->type = OPAL_DTA_TOKENID_SINT; 714 } else { 715 tok->type = OPAL_DTA_TOKENID_UINT; 716 tok->stored.u = pos[0] & 0x3f; 717 } 718 719 return tok->len; 720 } 721 722 static ssize_t response_parse_short(struct opal_resp_tok *tok, 723 const u8 *pos) 724 { 725 tok->pos = pos; 726 tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1; 727 tok->width = OPAL_WIDTH_SHORT; 728 729 if (pos[0] & SHORT_ATOM_BYTESTRING) { 730 tok->type = OPAL_DTA_TOKENID_BYTESTRING; 731 } else if (pos[0] & SHORT_ATOM_SIGNED) { 732 tok->type = OPAL_DTA_TOKENID_SINT; 733 } else { 734 u64 u_integer = 0; 735 ssize_t i, b = 0; 736 737 tok->type = OPAL_DTA_TOKENID_UINT; 738 if (tok->len > 9) { 739 pr_debug("uint64 with more than 8 bytes\n"); 740 return -EINVAL; 741 } 742 for (i = tok->len - 1; i > 0; i--) { 743 u_integer |= ((u64)pos[i] << (8 * b)); 744 b++; 745 } 746 tok->stored.u = u_integer; 747 } 748 749 return tok->len; 750 } 751 752 static ssize_t response_parse_medium(struct opal_resp_tok *tok, 753 const u8 *pos) 754 { 755 tok->pos = pos; 756 tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2; 757 tok->width = OPAL_WIDTH_MEDIUM; 758 759 if (pos[0] & MEDIUM_ATOM_BYTESTRING) 760 tok->type = OPAL_DTA_TOKENID_BYTESTRING; 761 else if (pos[0] & MEDIUM_ATOM_SIGNED) 762 tok->type = OPAL_DTA_TOKENID_SINT; 763 else 764 tok->type = OPAL_DTA_TOKENID_UINT; 765 766 return tok->len; 767 } 768 769 static ssize_t response_parse_long(struct opal_resp_tok *tok, 770 const u8 *pos) 771 { 772 tok->pos = pos; 773 tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4; 774 tok->width = OPAL_WIDTH_LONG; 775 776 if (pos[0] & LONG_ATOM_BYTESTRING) 777 tok->type = OPAL_DTA_TOKENID_BYTESTRING; 778 else if (pos[0] & LONG_ATOM_SIGNED) 779 tok->type = OPAL_DTA_TOKENID_SINT; 780 else 781 tok->type = OPAL_DTA_TOKENID_UINT; 782 783 return tok->len; 784 } 785 786 static ssize_t response_parse_token(struct opal_resp_tok *tok, 787 const u8 *pos) 788 { 789 tok->pos = pos; 790 tok->len = 1; 791 tok->type = OPAL_DTA_TOKENID_TOKEN; 792 tok->width = OPAL_WIDTH_TOKEN; 793 794 return tok->len; 795 } 796 797 static int response_parse(const u8 *buf, size_t length, 798 struct parsed_resp *resp) 799 { 800 const struct opal_header *hdr; 801 struct opal_resp_tok *iter; 802 int num_entries = 0; 803 int total; 804 ssize_t token_length; 805 const u8 *pos; 806 u32 clen, plen, slen; 807 808 if (!buf) 809 return -EFAULT; 810 811 if (!resp) 812 return -EFAULT; 813 814 hdr = (struct opal_header *)buf; 815 pos = buf; 816 pos += sizeof(*hdr); 817 818 clen = be32_to_cpu(hdr->cp.length); 819 plen = be32_to_cpu(hdr->pkt.length); 820 slen = be32_to_cpu(hdr->subpkt.length); 821 pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n", 822 clen, plen, slen); 823 824 if (clen == 0 || plen == 0 || slen == 0 || 825 slen > IO_BUFFER_LENGTH - sizeof(*hdr)) { 826 pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n", 827 clen, plen, slen); 828 print_buffer(pos, sizeof(*hdr)); 829 return -EINVAL; 830 } 831 832 if (pos > buf + length) 833 return -EFAULT; 834 835 iter = resp->toks; 836 total = slen; 837 print_buffer(pos, total); 838 while (total > 0) { 839 if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */ 840 token_length = response_parse_tiny(iter, pos); 841 else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */ 842 token_length = response_parse_short(iter, pos); 843 else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */ 844 token_length = response_parse_medium(iter, pos); 845 else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */ 846 token_length = response_parse_long(iter, pos); 847 else /* TOKEN */ 848 token_length = response_parse_token(iter, pos); 849 850 if (token_length < 0) 851 return token_length; 852 853 pos += token_length; 854 total -= token_length; 855 iter++; 856 num_entries++; 857 } 858 859 if (num_entries == 0) { 860 pr_debug("Couldn't parse response.\n"); 861 return -EINVAL; 862 } 863 resp->num = num_entries; 864 865 return 0; 866 } 867 868 static size_t response_get_string(const struct parsed_resp *resp, int n, 869 const char **store) 870 { 871 u8 skip; 872 const struct opal_resp_tok *token; 873 874 *store = NULL; 875 if (!resp) { 876 pr_debug("Response is NULL\n"); 877 return 0; 878 } 879 880 if (n >= resp->num) { 881 pr_debug("Response has %d tokens. Can't access %d\n", 882 resp->num, n); 883 return 0; 884 } 885 886 token = &resp->toks[n]; 887 if (token->type != OPAL_DTA_TOKENID_BYTESTRING) { 888 pr_debug("Token is not a byte string!\n"); 889 return 0; 890 } 891 892 switch (token->width) { 893 case OPAL_WIDTH_TINY: 894 case OPAL_WIDTH_SHORT: 895 skip = 1; 896 break; 897 case OPAL_WIDTH_MEDIUM: 898 skip = 2; 899 break; 900 case OPAL_WIDTH_LONG: 901 skip = 4; 902 break; 903 default: 904 pr_debug("Token has invalid width!\n"); 905 return 0; 906 } 907 908 *store = token->pos + skip; 909 return token->len - skip; 910 } 911 912 static u64 response_get_u64(const struct parsed_resp *resp, int n) 913 { 914 if (!resp) { 915 pr_debug("Response is NULL\n"); 916 return 0; 917 } 918 919 if (n >= resp->num) { 920 pr_debug("Response has %d tokens. Can't access %d\n", 921 resp->num, n); 922 return 0; 923 } 924 925 if (resp->toks[n].type != OPAL_DTA_TOKENID_UINT) { 926 pr_debug("Token is not unsigned it: %d\n", 927 resp->toks[n].type); 928 return 0; 929 } 930 931 if (!(resp->toks[n].width == OPAL_WIDTH_TINY || 932 resp->toks[n].width == OPAL_WIDTH_SHORT)) { 933 pr_debug("Atom is not short or tiny: %d\n", 934 resp->toks[n].width); 935 return 0; 936 } 937 938 return resp->toks[n].stored.u; 939 } 940 941 static bool response_token_matches(const struct opal_resp_tok *token, u8 match) 942 { 943 if (IS_ERR(token) || 944 token->type != OPAL_DTA_TOKENID_TOKEN || 945 token->pos[0] != match) 946 return false; 947 return true; 948 } 949 950 static u8 response_status(const struct parsed_resp *resp) 951 { 952 const struct opal_resp_tok *tok; 953 954 tok = response_get_token(resp, 0); 955 if (response_token_matches(tok, OPAL_ENDOFSESSION)) 956 return 0; 957 958 if (resp->num < 5) 959 return DTAERROR_NO_METHOD_STATUS; 960 961 tok = response_get_token(resp, resp->num - 5); 962 if (!response_token_matches(tok, OPAL_STARTLIST)) 963 return DTAERROR_NO_METHOD_STATUS; 964 965 tok = response_get_token(resp, resp->num - 1); 966 if (!response_token_matches(tok, OPAL_ENDLIST)) 967 return DTAERROR_NO_METHOD_STATUS; 968 969 return response_get_u64(resp, resp->num - 4); 970 } 971 972 /* Parses and checks for errors */ 973 static int parse_and_check_status(struct opal_dev *dev) 974 { 975 int error; 976 977 print_buffer(dev->cmd, dev->pos); 978 979 error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed); 980 if (error) { 981 pr_debug("Couldn't parse response.\n"); 982 return error; 983 } 984 985 return response_status(&dev->parsed); 986 } 987 988 static void clear_opal_cmd(struct opal_dev *dev) 989 { 990 dev->pos = sizeof(struct opal_header); 991 memset(dev->cmd, 0, IO_BUFFER_LENGTH); 992 } 993 994 static int start_opal_session_cont(struct opal_dev *dev) 995 { 996 u32 hsn, tsn; 997 int error = 0; 998 999 error = parse_and_check_status(dev); 1000 if (error) 1001 return error; 1002 1003 hsn = response_get_u64(&dev->parsed, 4); 1004 tsn = response_get_u64(&dev->parsed, 5); 1005 1006 if (hsn == 0 && tsn == 0) { 1007 pr_debug("Couldn't authenticate session\n"); 1008 return -EPERM; 1009 } 1010 1011 dev->hsn = hsn; 1012 dev->tsn = tsn; 1013 return 0; 1014 } 1015 1016 static void add_suspend_info(struct opal_dev *dev, 1017 struct opal_suspend_data *sus) 1018 { 1019 struct opal_suspend_data *iter; 1020 1021 list_for_each_entry(iter, &dev->unlk_lst, node) { 1022 if (iter->lr == sus->lr) { 1023 list_del(&iter->node); 1024 kfree(iter); 1025 break; 1026 } 1027 } 1028 list_add_tail(&sus->node, &dev->unlk_lst); 1029 } 1030 1031 static int end_session_cont(struct opal_dev *dev) 1032 { 1033 dev->hsn = 0; 1034 dev->tsn = 0; 1035 return parse_and_check_status(dev); 1036 } 1037 1038 static int finalize_and_send(struct opal_dev *dev, cont_fn cont) 1039 { 1040 int ret; 1041 1042 ret = cmd_finalize(dev, dev->hsn, dev->tsn); 1043 if (ret) { 1044 pr_debug("Error finalizing command buffer: %d\n", ret); 1045 return ret; 1046 } 1047 1048 print_buffer(dev->cmd, dev->pos); 1049 1050 return opal_send_recv(dev, cont); 1051 } 1052 1053 static int gen_key(struct opal_dev *dev, void *data) 1054 { 1055 u8 uid[OPAL_UID_LENGTH]; 1056 int err = 0; 1057 1058 clear_opal_cmd(dev); 1059 set_comid(dev, dev->comid); 1060 1061 memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len)); 1062 kfree(dev->prev_data); 1063 dev->prev_data = NULL; 1064 1065 add_token_u8(&err, dev, OPAL_CALL); 1066 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH); 1067 add_token_bytestring(&err, dev, opalmethod[OPAL_GENKEY], 1068 OPAL_UID_LENGTH); 1069 add_token_u8(&err, dev, OPAL_STARTLIST); 1070 add_token_u8(&err, dev, OPAL_ENDLIST); 1071 1072 if (err) { 1073 pr_debug("Error building gen key command\n"); 1074 return err; 1075 1076 } 1077 return finalize_and_send(dev, parse_and_check_status); 1078 } 1079 1080 static int get_active_key_cont(struct opal_dev *dev) 1081 { 1082 const char *activekey; 1083 size_t keylen; 1084 int error = 0; 1085 1086 error = parse_and_check_status(dev); 1087 if (error) 1088 return error; 1089 keylen = response_get_string(&dev->parsed, 4, &activekey); 1090 if (!activekey) { 1091 pr_debug("%s: Couldn't extract the Activekey from the response\n", 1092 __func__); 1093 return OPAL_INVAL_PARAM; 1094 } 1095 dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL); 1096 1097 if (!dev->prev_data) 1098 return -ENOMEM; 1099 1100 dev->prev_d_len = keylen; 1101 1102 return 0; 1103 } 1104 1105 static int get_active_key(struct opal_dev *dev, void *data) 1106 { 1107 u8 uid[OPAL_UID_LENGTH]; 1108 int err = 0; 1109 u8 *lr = data; 1110 1111 clear_opal_cmd(dev); 1112 set_comid(dev, dev->comid); 1113 1114 err = build_locking_range(uid, sizeof(uid), *lr); 1115 if (err) 1116 return err; 1117 1118 err = 0; 1119 add_token_u8(&err, dev, OPAL_CALL); 1120 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH); 1121 add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH); 1122 add_token_u8(&err, dev, OPAL_STARTLIST); 1123 add_token_u8(&err, dev, OPAL_STARTLIST); 1124 add_token_u8(&err, dev, OPAL_STARTNAME); 1125 add_token_u8(&err, dev, 3); /* startCloumn */ 1126 add_token_u8(&err, dev, 10); /* ActiveKey */ 1127 add_token_u8(&err, dev, OPAL_ENDNAME); 1128 add_token_u8(&err, dev, OPAL_STARTNAME); 1129 add_token_u8(&err, dev, 4); /* endColumn */ 1130 add_token_u8(&err, dev, 10); /* ActiveKey */ 1131 add_token_u8(&err, dev, OPAL_ENDNAME); 1132 add_token_u8(&err, dev, OPAL_ENDLIST); 1133 add_token_u8(&err, dev, OPAL_ENDLIST); 1134 if (err) { 1135 pr_debug("Error building get active key command\n"); 1136 return err; 1137 } 1138 1139 return finalize_and_send(dev, get_active_key_cont); 1140 } 1141 1142 static int generic_lr_enable_disable(struct opal_dev *dev, 1143 u8 *uid, bool rle, bool wle, 1144 bool rl, bool wl) 1145 { 1146 int err = 0; 1147 1148 add_token_u8(&err, dev, OPAL_CALL); 1149 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH); 1150 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH); 1151 1152 add_token_u8(&err, dev, OPAL_STARTLIST); 1153 add_token_u8(&err, dev, OPAL_STARTNAME); 1154 add_token_u8(&err, dev, OPAL_VALUES); 1155 add_token_u8(&err, dev, OPAL_STARTLIST); 1156 1157 add_token_u8(&err, dev, OPAL_STARTNAME); 1158 add_token_u8(&err, dev, 5); /* ReadLockEnabled */ 1159 add_token_u8(&err, dev, rle); 1160 add_token_u8(&err, dev, OPAL_ENDNAME); 1161 1162 add_token_u8(&err, dev, OPAL_STARTNAME); 1163 add_token_u8(&err, dev, 6); /* WriteLockEnabled */ 1164 add_token_u8(&err, dev, wle); 1165 add_token_u8(&err, dev, OPAL_ENDNAME); 1166 1167 add_token_u8(&err, dev, OPAL_STARTNAME); 1168 add_token_u8(&err, dev, OPAL_READLOCKED); 1169 add_token_u8(&err, dev, rl); 1170 add_token_u8(&err, dev, OPAL_ENDNAME); 1171 1172 add_token_u8(&err, dev, OPAL_STARTNAME); 1173 add_token_u8(&err, dev, OPAL_WRITELOCKED); 1174 add_token_u8(&err, dev, wl); 1175 add_token_u8(&err, dev, OPAL_ENDNAME); 1176 1177 add_token_u8(&err, dev, OPAL_ENDLIST); 1178 add_token_u8(&err, dev, OPAL_ENDNAME); 1179 add_token_u8(&err, dev, OPAL_ENDLIST); 1180 return err; 1181 } 1182 1183 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid, 1184 struct opal_user_lr_setup *setup) 1185 { 1186 int err; 1187 1188 err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE, 1189 0, 0); 1190 if (err) 1191 pr_debug("Failed to create enable global lr command\n"); 1192 return err; 1193 } 1194 1195 static int setup_locking_range(struct opal_dev *dev, void *data) 1196 { 1197 u8 uid[OPAL_UID_LENGTH]; 1198 struct opal_user_lr_setup *setup = data; 1199 u8 lr; 1200 int err = 0; 1201 1202 clear_opal_cmd(dev); 1203 set_comid(dev, dev->comid); 1204 1205 lr = setup->session.opal_key.lr; 1206 err = build_locking_range(uid, sizeof(uid), lr); 1207 if (err) 1208 return err; 1209 1210 if (lr == 0) 1211 err = enable_global_lr(dev, uid, setup); 1212 else { 1213 add_token_u8(&err, dev, OPAL_CALL); 1214 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH); 1215 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], 1216 OPAL_UID_LENGTH); 1217 1218 add_token_u8(&err, dev, OPAL_STARTLIST); 1219 add_token_u8(&err, dev, OPAL_STARTNAME); 1220 add_token_u8(&err, dev, OPAL_VALUES); 1221 add_token_u8(&err, dev, OPAL_STARTLIST); 1222 1223 add_token_u8(&err, dev, OPAL_STARTNAME); 1224 add_token_u8(&err, dev, 3); /* Ranges Start */ 1225 add_token_u64(&err, dev, setup->range_start); 1226 add_token_u8(&err, dev, OPAL_ENDNAME); 1227 1228 add_token_u8(&err, dev, OPAL_STARTNAME); 1229 add_token_u8(&err, dev, 4); /* Ranges length */ 1230 add_token_u64(&err, dev, setup->range_length); 1231 add_token_u8(&err, dev, OPAL_ENDNAME); 1232 1233 add_token_u8(&err, dev, OPAL_STARTNAME); 1234 add_token_u8(&err, dev, 5); /*ReadLockEnabled */ 1235 add_token_u64(&err, dev, !!setup->RLE); 1236 add_token_u8(&err, dev, OPAL_ENDNAME); 1237 1238 add_token_u8(&err, dev, OPAL_STARTNAME); 1239 add_token_u8(&err, dev, 6); /*WriteLockEnabled*/ 1240 add_token_u64(&err, dev, !!setup->WLE); 1241 add_token_u8(&err, dev, OPAL_ENDNAME); 1242 1243 add_token_u8(&err, dev, OPAL_ENDLIST); 1244 add_token_u8(&err, dev, OPAL_ENDNAME); 1245 add_token_u8(&err, dev, OPAL_ENDLIST); 1246 1247 } 1248 if (err) { 1249 pr_debug("Error building Setup Locking range command.\n"); 1250 return err; 1251 1252 } 1253 1254 return finalize_and_send(dev, parse_and_check_status); 1255 } 1256 1257 static int start_generic_opal_session(struct opal_dev *dev, 1258 enum opal_uid auth, 1259 enum opal_uid sp_type, 1260 const char *key, 1261 u8 key_len) 1262 { 1263 u32 hsn; 1264 int err = 0; 1265 1266 if (key == NULL && auth != OPAL_ANYBODY_UID) 1267 return OPAL_INVAL_PARAM; 1268 1269 clear_opal_cmd(dev); 1270 1271 set_comid(dev, dev->comid); 1272 hsn = GENERIC_HOST_SESSION_NUM; 1273 1274 add_token_u8(&err, dev, OPAL_CALL); 1275 add_token_bytestring(&err, dev, opaluid[OPAL_SMUID_UID], 1276 OPAL_UID_LENGTH); 1277 add_token_bytestring(&err, dev, opalmethod[OPAL_STARTSESSION], 1278 OPAL_UID_LENGTH); 1279 add_token_u8(&err, dev, OPAL_STARTLIST); 1280 add_token_u64(&err, dev, hsn); 1281 add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH); 1282 add_token_u8(&err, dev, 1); 1283 1284 switch (auth) { 1285 case OPAL_ANYBODY_UID: 1286 add_token_u8(&err, dev, OPAL_ENDLIST); 1287 break; 1288 case OPAL_ADMIN1_UID: 1289 case OPAL_SID_UID: 1290 add_token_u8(&err, dev, OPAL_STARTNAME); 1291 add_token_u8(&err, dev, 0); /* HostChallenge */ 1292 add_token_bytestring(&err, dev, key, key_len); 1293 add_token_u8(&err, dev, OPAL_ENDNAME); 1294 add_token_u8(&err, dev, OPAL_STARTNAME); 1295 add_token_u8(&err, dev, 3); /* HostSignAuth */ 1296 add_token_bytestring(&err, dev, opaluid[auth], 1297 OPAL_UID_LENGTH); 1298 add_token_u8(&err, dev, OPAL_ENDNAME); 1299 add_token_u8(&err, dev, OPAL_ENDLIST); 1300 break; 1301 default: 1302 pr_debug("Cannot start Admin SP session with auth %d\n", auth); 1303 return OPAL_INVAL_PARAM; 1304 } 1305 1306 if (err) { 1307 pr_debug("Error building start adminsp session command.\n"); 1308 return err; 1309 } 1310 1311 return finalize_and_send(dev, start_opal_session_cont); 1312 } 1313 1314 static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data) 1315 { 1316 return start_generic_opal_session(dev, OPAL_ANYBODY_UID, 1317 OPAL_ADMINSP_UID, NULL, 0); 1318 } 1319 1320 static int start_SIDASP_opal_session(struct opal_dev *dev, void *data) 1321 { 1322 int ret; 1323 const u8 *key = dev->prev_data; 1324 1325 if (!key) { 1326 const struct opal_key *okey = data; 1327 ret = start_generic_opal_session(dev, OPAL_SID_UID, 1328 OPAL_ADMINSP_UID, 1329 okey->key, 1330 okey->key_len); 1331 } else { 1332 ret = start_generic_opal_session(dev, OPAL_SID_UID, 1333 OPAL_ADMINSP_UID, 1334 key, dev->prev_d_len); 1335 kfree(key); 1336 dev->prev_data = NULL; 1337 } 1338 return ret; 1339 } 1340 1341 static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data) 1342 { 1343 struct opal_key *key = data; 1344 return start_generic_opal_session(dev, OPAL_ADMIN1_UID, 1345 OPAL_LOCKINGSP_UID, 1346 key->key, key->key_len); 1347 } 1348 1349 static int start_auth_opal_session(struct opal_dev *dev, void *data) 1350 { 1351 struct opal_session_info *session = data; 1352 u8 lk_ul_user[OPAL_UID_LENGTH]; 1353 size_t keylen = session->opal_key.key_len; 1354 int err = 0; 1355 1356 u8 *key = session->opal_key.key; 1357 u32 hsn = GENERIC_HOST_SESSION_NUM; 1358 1359 clear_opal_cmd(dev); 1360 set_comid(dev, dev->comid); 1361 1362 if (session->sum) { 1363 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user), 1364 session->opal_key.lr); 1365 if (err) 1366 return err; 1367 1368 } else if (session->who != OPAL_ADMIN1 && !session->sum) { 1369 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user), 1370 session->who - 1); 1371 if (err) 1372 return err; 1373 } else 1374 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH); 1375 1376 add_token_u8(&err, dev, OPAL_CALL); 1377 add_token_bytestring(&err, dev, opaluid[OPAL_SMUID_UID], 1378 OPAL_UID_LENGTH); 1379 add_token_bytestring(&err, dev, opalmethod[OPAL_STARTSESSION], 1380 OPAL_UID_LENGTH); 1381 1382 add_token_u8(&err, dev, OPAL_STARTLIST); 1383 add_token_u64(&err, dev, hsn); 1384 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID], 1385 OPAL_UID_LENGTH); 1386 add_token_u8(&err, dev, 1); 1387 add_token_u8(&err, dev, OPAL_STARTNAME); 1388 add_token_u8(&err, dev, 0); 1389 add_token_bytestring(&err, dev, key, keylen); 1390 add_token_u8(&err, dev, OPAL_ENDNAME); 1391 add_token_u8(&err, dev, OPAL_STARTNAME); 1392 add_token_u8(&err, dev, 3); 1393 add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH); 1394 add_token_u8(&err, dev, OPAL_ENDNAME); 1395 add_token_u8(&err, dev, OPAL_ENDLIST); 1396 1397 if (err) { 1398 pr_debug("Error building STARTSESSION command.\n"); 1399 return err; 1400 } 1401 1402 return finalize_and_send(dev, start_opal_session_cont); 1403 } 1404 1405 static int revert_tper(struct opal_dev *dev, void *data) 1406 { 1407 int err = 0; 1408 1409 clear_opal_cmd(dev); 1410 set_comid(dev, dev->comid); 1411 1412 add_token_u8(&err, dev, OPAL_CALL); 1413 add_token_bytestring(&err, dev, opaluid[OPAL_ADMINSP_UID], 1414 OPAL_UID_LENGTH); 1415 add_token_bytestring(&err, dev, opalmethod[OPAL_REVERT], 1416 OPAL_UID_LENGTH); 1417 add_token_u8(&err, dev, OPAL_STARTLIST); 1418 add_token_u8(&err, dev, OPAL_ENDLIST); 1419 if (err) { 1420 pr_debug("Error building REVERT TPER command.\n"); 1421 return err; 1422 } 1423 1424 return finalize_and_send(dev, parse_and_check_status); 1425 } 1426 1427 static int internal_activate_user(struct opal_dev *dev, void *data) 1428 { 1429 struct opal_session_info *session = data; 1430 u8 uid[OPAL_UID_LENGTH]; 1431 int err = 0; 1432 1433 clear_opal_cmd(dev); 1434 set_comid(dev, dev->comid); 1435 1436 memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH); 1437 uid[7] = session->who; 1438 1439 add_token_u8(&err, dev, OPAL_CALL); 1440 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH); 1441 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH); 1442 add_token_u8(&err, dev, OPAL_STARTLIST); 1443 add_token_u8(&err, dev, OPAL_STARTNAME); 1444 add_token_u8(&err, dev, OPAL_VALUES); 1445 add_token_u8(&err, dev, OPAL_STARTLIST); 1446 add_token_u8(&err, dev, OPAL_STARTNAME); 1447 add_token_u8(&err, dev, 5); /* Enabled */ 1448 add_token_u8(&err, dev, OPAL_TRUE); 1449 add_token_u8(&err, dev, OPAL_ENDNAME); 1450 add_token_u8(&err, dev, OPAL_ENDLIST); 1451 add_token_u8(&err, dev, OPAL_ENDNAME); 1452 add_token_u8(&err, dev, OPAL_ENDLIST); 1453 1454 if (err) { 1455 pr_debug("Error building Activate UserN command.\n"); 1456 return err; 1457 } 1458 1459 return finalize_and_send(dev, parse_and_check_status); 1460 } 1461 1462 static int erase_locking_range(struct opal_dev *dev, void *data) 1463 { 1464 struct opal_session_info *session = data; 1465 u8 uid[OPAL_UID_LENGTH]; 1466 int err = 0; 1467 1468 clear_opal_cmd(dev); 1469 set_comid(dev, dev->comid); 1470 1471 if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0) 1472 return -ERANGE; 1473 1474 add_token_u8(&err, dev, OPAL_CALL); 1475 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH); 1476 add_token_bytestring(&err, dev, opalmethod[OPAL_ERASE], 1477 OPAL_UID_LENGTH); 1478 add_token_u8(&err, dev, OPAL_STARTLIST); 1479 add_token_u8(&err, dev, OPAL_ENDLIST); 1480 1481 if (err) { 1482 pr_debug("Error building Erase Locking Range Command.\n"); 1483 return err; 1484 } 1485 return finalize_and_send(dev, parse_and_check_status); 1486 } 1487 1488 static int set_mbr_done(struct opal_dev *dev, void *data) 1489 { 1490 u8 *mbr_done_tf = data; 1491 int err = 0; 1492 1493 clear_opal_cmd(dev); 1494 set_comid(dev, dev->comid); 1495 1496 add_token_u8(&err, dev, OPAL_CALL); 1497 add_token_bytestring(&err, dev, opaluid[OPAL_MBRCONTROL], 1498 OPAL_UID_LENGTH); 1499 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH); 1500 add_token_u8(&err, dev, OPAL_STARTLIST); 1501 add_token_u8(&err, dev, OPAL_STARTNAME); 1502 add_token_u8(&err, dev, OPAL_VALUES); 1503 add_token_u8(&err, dev, OPAL_STARTLIST); 1504 add_token_u8(&err, dev, OPAL_STARTNAME); 1505 add_token_u8(&err, dev, 2); /* Done */ 1506 add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */ 1507 add_token_u8(&err, dev, OPAL_ENDNAME); 1508 add_token_u8(&err, dev, OPAL_ENDLIST); 1509 add_token_u8(&err, dev, OPAL_ENDNAME); 1510 add_token_u8(&err, dev, OPAL_ENDLIST); 1511 1512 if (err) { 1513 pr_debug("Error Building set MBR Done command\n"); 1514 return err; 1515 } 1516 1517 return finalize_and_send(dev, parse_and_check_status); 1518 } 1519 1520 static int set_mbr_enable_disable(struct opal_dev *dev, void *data) 1521 { 1522 u8 *mbr_en_dis = data; 1523 int err = 0; 1524 1525 clear_opal_cmd(dev); 1526 set_comid(dev, dev->comid); 1527 1528 add_token_u8(&err, dev, OPAL_CALL); 1529 add_token_bytestring(&err, dev, opaluid[OPAL_MBRCONTROL], 1530 OPAL_UID_LENGTH); 1531 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH); 1532 add_token_u8(&err, dev, OPAL_STARTLIST); 1533 add_token_u8(&err, dev, OPAL_STARTNAME); 1534 add_token_u8(&err, dev, OPAL_VALUES); 1535 add_token_u8(&err, dev, OPAL_STARTLIST); 1536 add_token_u8(&err, dev, OPAL_STARTNAME); 1537 add_token_u8(&err, dev, 1); 1538 add_token_u8(&err, dev, *mbr_en_dis); 1539 add_token_u8(&err, dev, OPAL_ENDNAME); 1540 add_token_u8(&err, dev, OPAL_ENDLIST); 1541 add_token_u8(&err, dev, OPAL_ENDNAME); 1542 add_token_u8(&err, dev, OPAL_ENDLIST); 1543 1544 if (err) { 1545 pr_debug("Error Building set MBR done command\n"); 1546 return err; 1547 } 1548 1549 return finalize_and_send(dev, parse_and_check_status); 1550 } 1551 1552 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid, 1553 struct opal_dev *dev) 1554 { 1555 int err = 0; 1556 1557 clear_opal_cmd(dev); 1558 set_comid(dev, dev->comid); 1559 1560 add_token_u8(&err, dev, OPAL_CALL); 1561 add_token_bytestring(&err, dev, cpin_uid, OPAL_UID_LENGTH); 1562 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], 1563 OPAL_UID_LENGTH); 1564 add_token_u8(&err, dev, OPAL_STARTLIST); 1565 add_token_u8(&err, dev, OPAL_STARTNAME); 1566 add_token_u8(&err, dev, OPAL_VALUES); 1567 add_token_u8(&err, dev, OPAL_STARTLIST); 1568 add_token_u8(&err, dev, OPAL_STARTNAME); 1569 add_token_u8(&err, dev, 3); /* PIN */ 1570 add_token_bytestring(&err, dev, key, key_len); 1571 add_token_u8(&err, dev, OPAL_ENDNAME); 1572 add_token_u8(&err, dev, OPAL_ENDLIST); 1573 add_token_u8(&err, dev, OPAL_ENDNAME); 1574 add_token_u8(&err, dev, OPAL_ENDLIST); 1575 1576 return err; 1577 } 1578 1579 static int set_new_pw(struct opal_dev *dev, void *data) 1580 { 1581 u8 cpin_uid[OPAL_UID_LENGTH]; 1582 struct opal_session_info *usr = data; 1583 1584 memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH); 1585 1586 if (usr->who != OPAL_ADMIN1) { 1587 cpin_uid[5] = 0x03; 1588 if (usr->sum) 1589 cpin_uid[7] = usr->opal_key.lr + 1; 1590 else 1591 cpin_uid[7] = usr->who; 1592 } 1593 1594 if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len, 1595 cpin_uid, dev)) { 1596 pr_debug("Error building set password command.\n"); 1597 return -ERANGE; 1598 } 1599 1600 return finalize_and_send(dev, parse_and_check_status); 1601 } 1602 1603 static int set_sid_cpin_pin(struct opal_dev *dev, void *data) 1604 { 1605 u8 cpin_uid[OPAL_UID_LENGTH]; 1606 struct opal_key *key = data; 1607 1608 memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH); 1609 1610 if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) { 1611 pr_debug("Error building Set SID cpin\n"); 1612 return -ERANGE; 1613 } 1614 return finalize_and_send(dev, parse_and_check_status); 1615 } 1616 1617 static int add_user_to_lr(struct opal_dev *dev, void *data) 1618 { 1619 u8 lr_buffer[OPAL_UID_LENGTH]; 1620 u8 user_uid[OPAL_UID_LENGTH]; 1621 struct opal_lock_unlock *lkul = data; 1622 int err = 0; 1623 1624 clear_opal_cmd(dev); 1625 set_comid(dev, dev->comid); 1626 1627 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_RDLOCKED], 1628 OPAL_UID_LENGTH); 1629 1630 if (lkul->l_state == OPAL_RW) 1631 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_WRLOCKED], 1632 OPAL_UID_LENGTH); 1633 1634 lr_buffer[7] = lkul->session.opal_key.lr; 1635 1636 memcpy(user_uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH); 1637 1638 user_uid[7] = lkul->session.who; 1639 1640 add_token_u8(&err, dev, OPAL_CALL); 1641 add_token_bytestring(&err, dev, lr_buffer, OPAL_UID_LENGTH); 1642 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], 1643 OPAL_UID_LENGTH); 1644 1645 add_token_u8(&err, dev, OPAL_STARTLIST); 1646 add_token_u8(&err, dev, OPAL_STARTNAME); 1647 add_token_u8(&err, dev, OPAL_VALUES); 1648 1649 add_token_u8(&err, dev, OPAL_STARTLIST); 1650 add_token_u8(&err, dev, OPAL_STARTNAME); 1651 add_token_u8(&err, dev, 3); 1652 1653 add_token_u8(&err, dev, OPAL_STARTLIST); 1654 1655 1656 add_token_u8(&err, dev, OPAL_STARTNAME); 1657 add_token_bytestring(&err, dev, 1658 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF], 1659 OPAL_UID_LENGTH/2); 1660 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH); 1661 add_token_u8(&err, dev, OPAL_ENDNAME); 1662 1663 1664 add_token_u8(&err, dev, OPAL_STARTNAME); 1665 add_token_bytestring(&err, dev, 1666 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF], 1667 OPAL_UID_LENGTH/2); 1668 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH); 1669 add_token_u8(&err, dev, OPAL_ENDNAME); 1670 1671 1672 add_token_u8(&err, dev, OPAL_STARTNAME); 1673 add_token_bytestring(&err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE], 1674 OPAL_UID_LENGTH/2); 1675 add_token_u8(&err, dev, 1); 1676 add_token_u8(&err, dev, OPAL_ENDNAME); 1677 1678 1679 add_token_u8(&err, dev, OPAL_ENDLIST); 1680 add_token_u8(&err, dev, OPAL_ENDNAME); 1681 add_token_u8(&err, dev, OPAL_ENDLIST); 1682 add_token_u8(&err, dev, OPAL_ENDNAME); 1683 add_token_u8(&err, dev, OPAL_ENDLIST); 1684 1685 if (err) { 1686 pr_debug("Error building add user to locking range command.\n"); 1687 return err; 1688 } 1689 1690 return finalize_and_send(dev, parse_and_check_status); 1691 } 1692 1693 static int lock_unlock_locking_range(struct opal_dev *dev, void *data) 1694 { 1695 u8 lr_buffer[OPAL_UID_LENGTH]; 1696 struct opal_lock_unlock *lkul = data; 1697 u8 read_locked = 1, write_locked = 1; 1698 int err = 0; 1699 1700 clear_opal_cmd(dev); 1701 set_comid(dev, dev->comid); 1702 1703 if (build_locking_range(lr_buffer, sizeof(lr_buffer), 1704 lkul->session.opal_key.lr) < 0) 1705 return -ERANGE; 1706 1707 switch (lkul->l_state) { 1708 case OPAL_RO: 1709 read_locked = 0; 1710 write_locked = 1; 1711 break; 1712 case OPAL_RW: 1713 read_locked = 0; 1714 write_locked = 0; 1715 break; 1716 case OPAL_LK: 1717 /* vars are initalized to locked */ 1718 break; 1719 default: 1720 pr_debug("Tried to set an invalid locking state... returning to uland\n"); 1721 return OPAL_INVAL_PARAM; 1722 } 1723 1724 add_token_u8(&err, dev, OPAL_CALL); 1725 add_token_bytestring(&err, dev, lr_buffer, OPAL_UID_LENGTH); 1726 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH); 1727 add_token_u8(&err, dev, OPAL_STARTLIST); 1728 add_token_u8(&err, dev, OPAL_STARTNAME); 1729 add_token_u8(&err, dev, OPAL_VALUES); 1730 add_token_u8(&err, dev, OPAL_STARTLIST); 1731 1732 add_token_u8(&err, dev, OPAL_STARTNAME); 1733 add_token_u8(&err, dev, OPAL_READLOCKED); 1734 add_token_u8(&err, dev, read_locked); 1735 add_token_u8(&err, dev, OPAL_ENDNAME); 1736 1737 add_token_u8(&err, dev, OPAL_STARTNAME); 1738 add_token_u8(&err, dev, OPAL_WRITELOCKED); 1739 add_token_u8(&err, dev, write_locked); 1740 add_token_u8(&err, dev, OPAL_ENDNAME); 1741 1742 add_token_u8(&err, dev, OPAL_ENDLIST); 1743 add_token_u8(&err, dev, OPAL_ENDNAME); 1744 add_token_u8(&err, dev, OPAL_ENDLIST); 1745 1746 if (err) { 1747 pr_debug("Error building SET command.\n"); 1748 return err; 1749 } 1750 return finalize_and_send(dev, parse_and_check_status); 1751 } 1752 1753 1754 static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data) 1755 { 1756 u8 lr_buffer[OPAL_UID_LENGTH]; 1757 u8 read_locked = 1, write_locked = 1; 1758 struct opal_lock_unlock *lkul = data; 1759 int ret; 1760 1761 clear_opal_cmd(dev); 1762 set_comid(dev, dev->comid); 1763 1764 if (build_locking_range(lr_buffer, sizeof(lr_buffer), 1765 lkul->session.opal_key.lr) < 0) 1766 return -ERANGE; 1767 1768 switch (lkul->l_state) { 1769 case OPAL_RO: 1770 read_locked = 0; 1771 write_locked = 1; 1772 break; 1773 case OPAL_RW: 1774 read_locked = 0; 1775 write_locked = 0; 1776 break; 1777 case OPAL_LK: 1778 /* vars are initalized to locked */ 1779 break; 1780 default: 1781 pr_debug("Tried to set an invalid locking state.\n"); 1782 return OPAL_INVAL_PARAM; 1783 } 1784 ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1, 1785 read_locked, write_locked); 1786 1787 if (ret < 0) { 1788 pr_debug("Error building SET command.\n"); 1789 return ret; 1790 } 1791 return finalize_and_send(dev, parse_and_check_status); 1792 } 1793 1794 static int activate_lsp(struct opal_dev *dev, void *data) 1795 { 1796 struct opal_lr_act *opal_act = data; 1797 u8 user_lr[OPAL_UID_LENGTH]; 1798 u8 uint_3 = 0x83; 1799 int err = 0, i; 1800 1801 clear_opal_cmd(dev); 1802 set_comid(dev, dev->comid); 1803 1804 add_token_u8(&err, dev, OPAL_CALL); 1805 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID], 1806 OPAL_UID_LENGTH); 1807 add_token_bytestring(&err, dev, opalmethod[OPAL_ACTIVATE], 1808 OPAL_UID_LENGTH); 1809 1810 1811 if (opal_act->sum) { 1812 err = build_locking_range(user_lr, sizeof(user_lr), 1813 opal_act->lr[0]); 1814 if (err) 1815 return err; 1816 1817 add_token_u8(&err, dev, OPAL_STARTLIST); 1818 add_token_u8(&err, dev, OPAL_STARTNAME); 1819 add_token_u8(&err, dev, uint_3); 1820 add_token_u8(&err, dev, 6); 1821 add_token_u8(&err, dev, 0); 1822 add_token_u8(&err, dev, 0); 1823 1824 add_token_u8(&err, dev, OPAL_STARTLIST); 1825 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH); 1826 for (i = 1; i < opal_act->num_lrs; i++) { 1827 user_lr[7] = opal_act->lr[i]; 1828 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH); 1829 } 1830 add_token_u8(&err, dev, OPAL_ENDLIST); 1831 add_token_u8(&err, dev, OPAL_ENDNAME); 1832 add_token_u8(&err, dev, OPAL_ENDLIST); 1833 1834 } else { 1835 add_token_u8(&err, dev, OPAL_STARTLIST); 1836 add_token_u8(&err, dev, OPAL_ENDLIST); 1837 } 1838 1839 if (err) { 1840 pr_debug("Error building Activate LockingSP command.\n"); 1841 return err; 1842 } 1843 1844 return finalize_and_send(dev, parse_and_check_status); 1845 } 1846 1847 static int get_lsp_lifecycle_cont(struct opal_dev *dev) 1848 { 1849 u8 lc_status; 1850 int error = 0; 1851 1852 error = parse_and_check_status(dev); 1853 if (error) 1854 return error; 1855 1856 lc_status = response_get_u64(&dev->parsed, 4); 1857 /* 0x08 is Manufacured Inactive */ 1858 /* 0x09 is Manufactured */ 1859 if (lc_status != OPAL_MANUFACTURED_INACTIVE) { 1860 pr_debug("Couldn't determine the status of the Lifecycle state\n"); 1861 return -ENODEV; 1862 } 1863 1864 return 0; 1865 } 1866 1867 /* Determine if we're in the Manufactured Inactive or Active state */ 1868 static int get_lsp_lifecycle(struct opal_dev *dev, void *data) 1869 { 1870 int err = 0; 1871 1872 clear_opal_cmd(dev); 1873 set_comid(dev, dev->comid); 1874 1875 add_token_u8(&err, dev, OPAL_CALL); 1876 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID], 1877 OPAL_UID_LENGTH); 1878 add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH); 1879 1880 add_token_u8(&err, dev, OPAL_STARTLIST); 1881 add_token_u8(&err, dev, OPAL_STARTLIST); 1882 1883 add_token_u8(&err, dev, OPAL_STARTNAME); 1884 add_token_u8(&err, dev, 3); /* Start Column */ 1885 add_token_u8(&err, dev, 6); /* Lifecycle Column */ 1886 add_token_u8(&err, dev, OPAL_ENDNAME); 1887 1888 add_token_u8(&err, dev, OPAL_STARTNAME); 1889 add_token_u8(&err, dev, 4); /* End Column */ 1890 add_token_u8(&err, dev, 6); /* Lifecycle Column */ 1891 add_token_u8(&err, dev, OPAL_ENDNAME); 1892 1893 add_token_u8(&err, dev, OPAL_ENDLIST); 1894 add_token_u8(&err, dev, OPAL_ENDLIST); 1895 1896 if (err) { 1897 pr_debug("Error Building GET Lifecycle Status command\n"); 1898 return err; 1899 } 1900 1901 return finalize_and_send(dev, get_lsp_lifecycle_cont); 1902 } 1903 1904 static int get_msid_cpin_pin_cont(struct opal_dev *dev) 1905 { 1906 const char *msid_pin; 1907 size_t strlen; 1908 int error = 0; 1909 1910 error = parse_and_check_status(dev); 1911 if (error) 1912 return error; 1913 1914 strlen = response_get_string(&dev->parsed, 4, &msid_pin); 1915 if (!msid_pin) { 1916 pr_debug("%s: Couldn't extract PIN from response\n", __func__); 1917 return OPAL_INVAL_PARAM; 1918 } 1919 1920 dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL); 1921 if (!dev->prev_data) 1922 return -ENOMEM; 1923 1924 dev->prev_d_len = strlen; 1925 1926 return 0; 1927 } 1928 1929 static int get_msid_cpin_pin(struct opal_dev *dev, void *data) 1930 { 1931 int err = 0; 1932 1933 clear_opal_cmd(dev); 1934 set_comid(dev, dev->comid); 1935 1936 add_token_u8(&err, dev, OPAL_CALL); 1937 add_token_bytestring(&err, dev, opaluid[OPAL_C_PIN_MSID], 1938 OPAL_UID_LENGTH); 1939 add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH); 1940 1941 add_token_u8(&err, dev, OPAL_STARTLIST); 1942 add_token_u8(&err, dev, OPAL_STARTLIST); 1943 1944 add_token_u8(&err, dev, OPAL_STARTNAME); 1945 add_token_u8(&err, dev, 3); /* Start Column */ 1946 add_token_u8(&err, dev, 3); /* PIN */ 1947 add_token_u8(&err, dev, OPAL_ENDNAME); 1948 1949 add_token_u8(&err, dev, OPAL_STARTNAME); 1950 add_token_u8(&err, dev, 4); /* End Column */ 1951 add_token_u8(&err, dev, 3); /* Lifecycle Column */ 1952 add_token_u8(&err, dev, OPAL_ENDNAME); 1953 1954 add_token_u8(&err, dev, OPAL_ENDLIST); 1955 add_token_u8(&err, dev, OPAL_ENDLIST); 1956 1957 if (err) { 1958 pr_debug("Error building Get MSID CPIN PIN command.\n"); 1959 return err; 1960 } 1961 1962 return finalize_and_send(dev, get_msid_cpin_pin_cont); 1963 } 1964 1965 static int end_opal_session(struct opal_dev *dev, void *data) 1966 { 1967 int err = 0; 1968 1969 clear_opal_cmd(dev); 1970 set_comid(dev, dev->comid); 1971 add_token_u8(&err, dev, OPAL_ENDOFSESSION); 1972 1973 if (err < 0) 1974 return err; 1975 return finalize_and_send(dev, end_session_cont); 1976 } 1977 1978 static int end_opal_session_error(struct opal_dev *dev) 1979 { 1980 const struct opal_step error_end_session[] = { 1981 { end_opal_session, }, 1982 { NULL, } 1983 }; 1984 dev->steps = error_end_session; 1985 return next(dev); 1986 } 1987 1988 static inline void setup_opal_dev(struct opal_dev *dev, 1989 const struct opal_step *steps) 1990 { 1991 dev->steps = steps; 1992 dev->tsn = 0; 1993 dev->hsn = 0; 1994 dev->prev_data = NULL; 1995 } 1996 1997 static int check_opal_support(struct opal_dev *dev) 1998 { 1999 const struct opal_step steps[] = { 2000 { opal_discovery0, }, 2001 { NULL, } 2002 }; 2003 int ret; 2004 2005 mutex_lock(&dev->dev_lock); 2006 setup_opal_dev(dev, steps); 2007 ret = next(dev); 2008 dev->supported = !ret; 2009 mutex_unlock(&dev->dev_lock); 2010 return ret; 2011 } 2012 2013 static void clean_opal_dev(struct opal_dev *dev) 2014 { 2015 2016 struct opal_suspend_data *suspend, *next; 2017 2018 mutex_lock(&dev->dev_lock); 2019 list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) { 2020 list_del(&suspend->node); 2021 kfree(suspend); 2022 } 2023 mutex_unlock(&dev->dev_lock); 2024 } 2025 2026 void free_opal_dev(struct opal_dev *dev) 2027 { 2028 if (!dev) 2029 return; 2030 clean_opal_dev(dev); 2031 kfree(dev); 2032 } 2033 EXPORT_SYMBOL(free_opal_dev); 2034 2035 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv) 2036 { 2037 struct opal_dev *dev; 2038 2039 dev = kmalloc(sizeof(*dev), GFP_KERNEL); 2040 if (!dev) 2041 return NULL; 2042 2043 INIT_LIST_HEAD(&dev->unlk_lst); 2044 mutex_init(&dev->dev_lock); 2045 dev->data = data; 2046 dev->send_recv = send_recv; 2047 if (check_opal_support(dev) != 0) { 2048 pr_debug("Opal is not supported on this device\n"); 2049 kfree(dev); 2050 return NULL; 2051 } 2052 return dev; 2053 } 2054 EXPORT_SYMBOL(init_opal_dev); 2055 2056 static int opal_secure_erase_locking_range(struct opal_dev *dev, 2057 struct opal_session_info *opal_session) 2058 { 2059 const struct opal_step erase_steps[] = { 2060 { opal_discovery0, }, 2061 { start_auth_opal_session, opal_session }, 2062 { get_active_key, &opal_session->opal_key.lr }, 2063 { gen_key, }, 2064 { end_opal_session, }, 2065 { NULL, } 2066 }; 2067 int ret; 2068 2069 mutex_lock(&dev->dev_lock); 2070 setup_opal_dev(dev, erase_steps); 2071 ret = next(dev); 2072 mutex_unlock(&dev->dev_lock); 2073 return ret; 2074 } 2075 2076 static int opal_erase_locking_range(struct opal_dev *dev, 2077 struct opal_session_info *opal_session) 2078 { 2079 const struct opal_step erase_steps[] = { 2080 { opal_discovery0, }, 2081 { start_auth_opal_session, opal_session }, 2082 { erase_locking_range, opal_session }, 2083 { end_opal_session, }, 2084 { NULL, } 2085 }; 2086 int ret; 2087 2088 mutex_lock(&dev->dev_lock); 2089 setup_opal_dev(dev, erase_steps); 2090 ret = next(dev); 2091 mutex_unlock(&dev->dev_lock); 2092 return ret; 2093 } 2094 2095 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev, 2096 struct opal_mbr_data *opal_mbr) 2097 { 2098 const struct opal_step mbr_steps[] = { 2099 { opal_discovery0, }, 2100 { start_admin1LSP_opal_session, &opal_mbr->key }, 2101 { set_mbr_done, &opal_mbr->enable_disable }, 2102 { end_opal_session, }, 2103 { start_admin1LSP_opal_session, &opal_mbr->key }, 2104 { set_mbr_enable_disable, &opal_mbr->enable_disable }, 2105 { end_opal_session, }, 2106 { NULL, } 2107 }; 2108 int ret; 2109 2110 if (opal_mbr->enable_disable != OPAL_MBR_ENABLE && 2111 opal_mbr->enable_disable != OPAL_MBR_DISABLE) 2112 return -EINVAL; 2113 2114 mutex_lock(&dev->dev_lock); 2115 setup_opal_dev(dev, mbr_steps); 2116 ret = next(dev); 2117 mutex_unlock(&dev->dev_lock); 2118 return ret; 2119 } 2120 2121 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk) 2122 { 2123 struct opal_suspend_data *suspend; 2124 2125 suspend = kzalloc(sizeof(*suspend), GFP_KERNEL); 2126 if (!suspend) 2127 return -ENOMEM; 2128 2129 suspend->unlk = *lk_unlk; 2130 suspend->lr = lk_unlk->session.opal_key.lr; 2131 2132 mutex_lock(&dev->dev_lock); 2133 setup_opal_dev(dev, NULL); 2134 add_suspend_info(dev, suspend); 2135 mutex_unlock(&dev->dev_lock); 2136 return 0; 2137 } 2138 2139 static int opal_add_user_to_lr(struct opal_dev *dev, 2140 struct opal_lock_unlock *lk_unlk) 2141 { 2142 const struct opal_step steps[] = { 2143 { opal_discovery0, }, 2144 { start_admin1LSP_opal_session, &lk_unlk->session.opal_key }, 2145 { add_user_to_lr, lk_unlk }, 2146 { end_opal_session, }, 2147 { NULL, } 2148 }; 2149 int ret; 2150 2151 if (lk_unlk->l_state != OPAL_RO && 2152 lk_unlk->l_state != OPAL_RW) { 2153 pr_debug("Locking state was not RO or RW\n"); 2154 return -EINVAL; 2155 } 2156 if (lk_unlk->session.who < OPAL_USER1 || 2157 lk_unlk->session.who > OPAL_USER9) { 2158 pr_debug("Authority was not within the range of users: %d\n", 2159 lk_unlk->session.who); 2160 return -EINVAL; 2161 } 2162 if (lk_unlk->session.sum) { 2163 pr_debug("%s not supported in sum. Use setup locking range\n", 2164 __func__); 2165 return -EINVAL; 2166 } 2167 2168 mutex_lock(&dev->dev_lock); 2169 setup_opal_dev(dev, steps); 2170 ret = next(dev); 2171 mutex_unlock(&dev->dev_lock); 2172 return ret; 2173 } 2174 2175 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal) 2176 { 2177 const struct opal_step revert_steps[] = { 2178 { opal_discovery0, }, 2179 { start_SIDASP_opal_session, opal }, 2180 { revert_tper, }, /* controller will terminate session */ 2181 { NULL, } 2182 }; 2183 int ret; 2184 2185 mutex_lock(&dev->dev_lock); 2186 setup_opal_dev(dev, revert_steps); 2187 ret = next(dev); 2188 mutex_unlock(&dev->dev_lock); 2189 2190 /* 2191 * If we successfully reverted lets clean 2192 * any saved locking ranges. 2193 */ 2194 if (!ret) 2195 clean_opal_dev(dev); 2196 2197 return ret; 2198 } 2199 2200 static int __opal_lock_unlock(struct opal_dev *dev, 2201 struct opal_lock_unlock *lk_unlk) 2202 { 2203 const struct opal_step unlock_steps[] = { 2204 { opal_discovery0, }, 2205 { start_auth_opal_session, &lk_unlk->session }, 2206 { lock_unlock_locking_range, lk_unlk }, 2207 { end_opal_session, }, 2208 { NULL, } 2209 }; 2210 const struct opal_step unlock_sum_steps[] = { 2211 { opal_discovery0, }, 2212 { start_auth_opal_session, &lk_unlk->session }, 2213 { lock_unlock_locking_range_sum, lk_unlk }, 2214 { end_opal_session, }, 2215 { NULL, } 2216 }; 2217 2218 dev->steps = lk_unlk->session.sum ? unlock_sum_steps : unlock_steps; 2219 return next(dev); 2220 } 2221 2222 static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key) 2223 { 2224 u8 mbr_done_tf = 1; 2225 const struct opal_step mbrdone_step [] = { 2226 { opal_discovery0, }, 2227 { start_admin1LSP_opal_session, key }, 2228 { set_mbr_done, &mbr_done_tf }, 2229 { end_opal_session, }, 2230 { NULL, } 2231 }; 2232 2233 dev->steps = mbrdone_step; 2234 return next(dev); 2235 } 2236 2237 static int opal_lock_unlock(struct opal_dev *dev, 2238 struct opal_lock_unlock *lk_unlk) 2239 { 2240 int ret; 2241 2242 if (lk_unlk->session.who < OPAL_ADMIN1 || 2243 lk_unlk->session.who > OPAL_USER9) 2244 return -EINVAL; 2245 2246 mutex_lock(&dev->dev_lock); 2247 ret = __opal_lock_unlock(dev, lk_unlk); 2248 mutex_unlock(&dev->dev_lock); 2249 return ret; 2250 } 2251 2252 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal) 2253 { 2254 const struct opal_step owner_steps[] = { 2255 { opal_discovery0, }, 2256 { start_anybodyASP_opal_session, }, 2257 { get_msid_cpin_pin, }, 2258 { end_opal_session, }, 2259 { start_SIDASP_opal_session, opal }, 2260 { set_sid_cpin_pin, opal }, 2261 { end_opal_session, }, 2262 { NULL, } 2263 }; 2264 int ret; 2265 2266 if (!dev) 2267 return -ENODEV; 2268 2269 mutex_lock(&dev->dev_lock); 2270 setup_opal_dev(dev, owner_steps); 2271 ret = next(dev); 2272 mutex_unlock(&dev->dev_lock); 2273 return ret; 2274 } 2275 2276 static int opal_activate_lsp(struct opal_dev *dev, struct opal_lr_act *opal_lr_act) 2277 { 2278 const struct opal_step active_steps[] = { 2279 { opal_discovery0, }, 2280 { start_SIDASP_opal_session, &opal_lr_act->key }, 2281 { get_lsp_lifecycle, }, 2282 { activate_lsp, opal_lr_act }, 2283 { end_opal_session, }, 2284 { NULL, } 2285 }; 2286 int ret; 2287 2288 if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS) 2289 return -EINVAL; 2290 2291 mutex_lock(&dev->dev_lock); 2292 setup_opal_dev(dev, active_steps); 2293 ret = next(dev); 2294 mutex_unlock(&dev->dev_lock); 2295 return ret; 2296 } 2297 2298 static int opal_setup_locking_range(struct opal_dev *dev, 2299 struct opal_user_lr_setup *opal_lrs) 2300 { 2301 const struct opal_step lr_steps[] = { 2302 { opal_discovery0, }, 2303 { start_auth_opal_session, &opal_lrs->session }, 2304 { setup_locking_range, opal_lrs }, 2305 { end_opal_session, }, 2306 { NULL, } 2307 }; 2308 int ret; 2309 2310 mutex_lock(&dev->dev_lock); 2311 setup_opal_dev(dev, lr_steps); 2312 ret = next(dev); 2313 mutex_unlock(&dev->dev_lock); 2314 return ret; 2315 } 2316 2317 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw) 2318 { 2319 const struct opal_step pw_steps[] = { 2320 { opal_discovery0, }, 2321 { start_auth_opal_session, &opal_pw->session }, 2322 { set_new_pw, &opal_pw->new_user_pw }, 2323 { end_opal_session, }, 2324 { NULL } 2325 }; 2326 int ret; 2327 2328 if (opal_pw->session.who < OPAL_ADMIN1 || 2329 opal_pw->session.who > OPAL_USER9 || 2330 opal_pw->new_user_pw.who < OPAL_ADMIN1 || 2331 opal_pw->new_user_pw.who > OPAL_USER9) 2332 return -EINVAL; 2333 2334 mutex_lock(&dev->dev_lock); 2335 setup_opal_dev(dev, pw_steps); 2336 ret = next(dev); 2337 mutex_unlock(&dev->dev_lock); 2338 return ret; 2339 } 2340 2341 static int opal_activate_user(struct opal_dev *dev, 2342 struct opal_session_info *opal_session) 2343 { 2344 const struct opal_step act_steps[] = { 2345 { opal_discovery0, }, 2346 { start_admin1LSP_opal_session, &opal_session->opal_key }, 2347 { internal_activate_user, opal_session }, 2348 { end_opal_session, }, 2349 { NULL, } 2350 }; 2351 int ret; 2352 2353 /* We can't activate Admin1 it's active as manufactured */ 2354 if (opal_session->who < OPAL_USER1 || 2355 opal_session->who > OPAL_USER9) { 2356 pr_debug("Who was not a valid user: %d\n", opal_session->who); 2357 return -EINVAL; 2358 } 2359 2360 mutex_lock(&dev->dev_lock); 2361 setup_opal_dev(dev, act_steps); 2362 ret = next(dev); 2363 mutex_unlock(&dev->dev_lock); 2364 return ret; 2365 } 2366 2367 bool opal_unlock_from_suspend(struct opal_dev *dev) 2368 { 2369 struct opal_suspend_data *suspend; 2370 bool was_failure = false; 2371 int ret = 0; 2372 2373 if (!dev) 2374 return false; 2375 if (!dev->supported) 2376 return false; 2377 2378 mutex_lock(&dev->dev_lock); 2379 setup_opal_dev(dev, NULL); 2380 2381 list_for_each_entry(suspend, &dev->unlk_lst, node) { 2382 dev->tsn = 0; 2383 dev->hsn = 0; 2384 2385 ret = __opal_lock_unlock(dev, &suspend->unlk); 2386 if (ret) { 2387 pr_debug("Failed to unlock LR %hhu with sum %d\n", 2388 suspend->unlk.session.opal_key.lr, 2389 suspend->unlk.session.sum); 2390 was_failure = true; 2391 } 2392 if (dev->mbr_enabled) { 2393 ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key); 2394 if (ret) 2395 pr_debug("Failed to set MBR Done in S3 resume\n"); 2396 } 2397 } 2398 mutex_unlock(&dev->dev_lock); 2399 return was_failure; 2400 } 2401 EXPORT_SYMBOL(opal_unlock_from_suspend); 2402 2403 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg) 2404 { 2405 void *p; 2406 int ret = -ENOTTY; 2407 2408 if (!capable(CAP_SYS_ADMIN)) 2409 return -EACCES; 2410 if (!dev) 2411 return -ENOTSUPP; 2412 if (!dev->supported) 2413 return -ENOTSUPP; 2414 2415 p = memdup_user(arg, _IOC_SIZE(cmd)); 2416 if (IS_ERR(p)) 2417 return PTR_ERR(p); 2418 2419 switch (cmd) { 2420 case IOC_OPAL_SAVE: 2421 ret = opal_save(dev, p); 2422 break; 2423 case IOC_OPAL_LOCK_UNLOCK: 2424 ret = opal_lock_unlock(dev, p); 2425 break; 2426 case IOC_OPAL_TAKE_OWNERSHIP: 2427 ret = opal_take_ownership(dev, p); 2428 break; 2429 case IOC_OPAL_ACTIVATE_LSP: 2430 ret = opal_activate_lsp(dev, p); 2431 break; 2432 case IOC_OPAL_SET_PW: 2433 ret = opal_set_new_pw(dev, p); 2434 break; 2435 case IOC_OPAL_ACTIVATE_USR: 2436 ret = opal_activate_user(dev, p); 2437 break; 2438 case IOC_OPAL_REVERT_TPR: 2439 ret = opal_reverttper(dev, p); 2440 break; 2441 case IOC_OPAL_LR_SETUP: 2442 ret = opal_setup_locking_range(dev, p); 2443 break; 2444 case IOC_OPAL_ADD_USR_TO_LR: 2445 ret = opal_add_user_to_lr(dev, p); 2446 break; 2447 case IOC_OPAL_ENABLE_DISABLE_MBR: 2448 ret = opal_enable_disable_shadow_mbr(dev, p); 2449 break; 2450 case IOC_OPAL_ERASE_LR: 2451 ret = opal_erase_locking_range(dev, p); 2452 break; 2453 case IOC_OPAL_SECURE_ERASE_LR: 2454 ret = opal_secure_erase_locking_range(dev, p); 2455 break; 2456 default: 2457 break; 2458 } 2459 2460 kfree(p); 2461 return ret; 2462 } 2463 EXPORT_SYMBOL_GPL(sed_ioctl); 2464