• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright © 2016 Intel Corporation
4  *
5  * Authors:
6  *    Scott  Bauer      <scott.bauer@intel.com>
7  *    Rafael Antognolli <rafael.antognolli@intel.com>
8  */
9 
10 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
11 
12 #include <linux/delay.h>
13 #include <linux/device.h>
14 #include <linux/kernel.h>
15 #include <linux/list.h>
16 #include <linux/genhd.h>
17 #include <linux/slab.h>
18 #include <linux/uaccess.h>
19 #include <uapi/linux/sed-opal.h>
20 #include <linux/sed-opal.h>
21 #include <linux/string.h>
22 #include <linux/kdev_t.h>
23 
24 #include "opal_proto.h"
25 
26 #define IO_BUFFER_LENGTH 2048
27 #define MAX_TOKS 64
28 
29 /* Number of bytes needed by cmd_finalize. */
30 #define CMD_FINALIZE_BYTES_NEEDED 7
31 
32 struct opal_step {
33 	int (*fn)(struct opal_dev *dev, void *data);
34 	void *data;
35 };
36 typedef int (cont_fn)(struct opal_dev *dev);
37 
38 enum opal_atom_width {
39 	OPAL_WIDTH_TINY,
40 	OPAL_WIDTH_SHORT,
41 	OPAL_WIDTH_MEDIUM,
42 	OPAL_WIDTH_LONG,
43 	OPAL_WIDTH_TOKEN
44 };
45 
46 /*
47  * On the parsed response, we don't store again the toks that are already
48  * stored in the response buffer. Instead, for each token, we just store a
49  * pointer to the position in the buffer where the token starts, and the size
50  * of the token in bytes.
51  */
52 struct opal_resp_tok {
53 	const u8 *pos;
54 	size_t len;
55 	enum opal_response_token type;
56 	enum opal_atom_width width;
57 	union {
58 		u64 u;
59 		s64 s;
60 	} stored;
61 };
62 
63 /*
64  * From the response header it's not possible to know how many tokens there are
65  * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
66  * if we start dealing with messages that have more than that, we can increase
67  * this number. This is done to avoid having to make two passes through the
68  * response, the first one counting how many tokens we have and the second one
69  * actually storing the positions.
70  */
71 struct parsed_resp {
72 	int num;
73 	struct opal_resp_tok toks[MAX_TOKS];
74 };
75 
76 struct opal_dev {
77 	bool supported;
78 	bool mbr_enabled;
79 
80 	void *data;
81 	sec_send_recv *send_recv;
82 
83 	struct mutex dev_lock;
84 	u16 comid;
85 	u32 hsn;
86 	u32 tsn;
87 	u64 align;
88 	u64 lowest_lba;
89 
90 	size_t pos;
91 	u8 *cmd;
92 	u8 *resp;
93 
94 	struct parsed_resp parsed;
95 	size_t prev_d_len;
96 	void *prev_data;
97 
98 	struct list_head unlk_lst;
99 };
100 
101 
102 static const u8 opaluid[][OPAL_UID_LENGTH] = {
103 	/* users */
104 	[OPAL_SMUID_UID] =
105 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
106 	[OPAL_THISSP_UID] =
107 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
108 	[OPAL_ADMINSP_UID] =
109 		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
110 	[OPAL_LOCKINGSP_UID] =
111 		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
112 	[OPAL_ENTERPRISE_LOCKINGSP_UID] =
113 		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
114 	[OPAL_ANYBODY_UID] =
115 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
116 	[OPAL_SID_UID] =
117 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
118 	[OPAL_ADMIN1_UID] =
119 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
120 	[OPAL_USER1_UID] =
121 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
122 	[OPAL_USER2_UID] =
123 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
124 	[OPAL_PSID_UID] =
125 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
126 	[OPAL_ENTERPRISE_BANDMASTER0_UID] =
127 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
128 	[OPAL_ENTERPRISE_ERASEMASTER_UID] =
129 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
130 
131 	/* tables */
132 	[OPAL_TABLE_TABLE] =
133 		{ 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01 },
134 	[OPAL_LOCKINGRANGE_GLOBAL] =
135 		{ 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
136 	[OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
137 		{ 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
138 	[OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
139 		{ 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
140 	[OPAL_MBRCONTROL] =
141 		{ 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
142 	[OPAL_MBR] =
143 		{ 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
144 	[OPAL_AUTHORITY_TABLE] =
145 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
146 	[OPAL_C_PIN_TABLE] =
147 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
148 	[OPAL_LOCKING_INFO_TABLE] =
149 		{ 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
150 	[OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
151 		{ 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
152 	[OPAL_DATASTORE] =
153 		{ 0x00, 0x00, 0x10, 0x01, 0x00, 0x00, 0x00, 0x00 },
154 
155 	/* C_PIN_TABLE object ID's */
156 	[OPAL_C_PIN_MSID] =
157 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
158 	[OPAL_C_PIN_SID] =
159 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
160 	[OPAL_C_PIN_ADMIN1] =
161 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
162 
163 	/* half UID's (only first 4 bytes used) */
164 	[OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
165 		{ 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
166 	[OPAL_HALF_UID_BOOLEAN_ACE] =
167 		{ 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
168 
169 	/* special value for omitted optional parameter */
170 	[OPAL_UID_HEXFF] =
171 		{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
172 };
173 
174 /*
175  * TCG Storage SSC Methods.
176  * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
177  * Section: 6.3 Assigned UIDs
178  */
179 static const u8 opalmethod[][OPAL_METHOD_LENGTH] = {
180 	[OPAL_PROPERTIES] =
181 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
182 	[OPAL_STARTSESSION] =
183 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
184 	[OPAL_REVERT] =
185 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
186 	[OPAL_ACTIVATE] =
187 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
188 	[OPAL_EGET] =
189 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
190 	[OPAL_ESET] =
191 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
192 	[OPAL_NEXT] =
193 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
194 	[OPAL_EAUTHENTICATE] =
195 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
196 	[OPAL_GETACL] =
197 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
198 	[OPAL_GENKEY] =
199 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
200 	[OPAL_REVERTSP] =
201 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
202 	[OPAL_GET] =
203 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
204 	[OPAL_SET] =
205 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
206 	[OPAL_AUTHENTICATE] =
207 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
208 	[OPAL_RANDOM] =
209 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
210 	[OPAL_ERASE] =
211 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
212 };
213 
214 static int end_opal_session_error(struct opal_dev *dev);
215 static int opal_discovery0_step(struct opal_dev *dev);
216 
217 struct opal_suspend_data {
218 	struct opal_lock_unlock unlk;
219 	u8 lr;
220 	struct list_head node;
221 };
222 
223 /*
224  * Derived from:
225  * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
226  * Section: 5.1.5 Method Status Codes
227  */
228 static const char * const opal_errors[] = {
229 	"Success",
230 	"Not Authorized",
231 	"Unknown Error",
232 	"SP Busy",
233 	"SP Failed",
234 	"SP Disabled",
235 	"SP Frozen",
236 	"No Sessions Available",
237 	"Uniqueness Conflict",
238 	"Insufficient Space",
239 	"Insufficient Rows",
240 	"Invalid Function",
241 	"Invalid Parameter",
242 	"Invalid Reference",
243 	"Unknown Error",
244 	"TPER Malfunction",
245 	"Transaction Failure",
246 	"Response Overflow",
247 	"Authority Locked Out",
248 };
249 
opal_error_to_human(int error)250 static const char *opal_error_to_human(int error)
251 {
252 	if (error == 0x3f)
253 		return "Failed";
254 
255 	if (error >= ARRAY_SIZE(opal_errors) || error < 0)
256 		return "Unknown Error";
257 
258 	return opal_errors[error];
259 }
260 
print_buffer(const u8 * ptr,u32 length)261 static void print_buffer(const u8 *ptr, u32 length)
262 {
263 #ifdef DEBUG
264 	print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
265 	pr_debug("\n");
266 #endif
267 }
268 
check_tper(const void * data)269 static bool check_tper(const void *data)
270 {
271 	const struct d0_tper_features *tper = data;
272 	u8 flags = tper->supported_features;
273 
274 	if (!(flags & TPER_SYNC_SUPPORTED)) {
275 		pr_debug("TPer sync not supported. flags = %d\n",
276 			 tper->supported_features);
277 		return false;
278 	}
279 
280 	return true;
281 }
282 
check_mbrenabled(const void * data)283 static bool check_mbrenabled(const void *data)
284 {
285 	const struct d0_locking_features *lfeat = data;
286 	u8 sup_feat = lfeat->supported_features;
287 
288 	return !!(sup_feat & MBR_ENABLED_MASK);
289 }
290 
check_sum(const void * data)291 static bool check_sum(const void *data)
292 {
293 	const struct d0_single_user_mode *sum = data;
294 	u32 nlo = be32_to_cpu(sum->num_locking_objects);
295 
296 	if (nlo == 0) {
297 		pr_debug("Need at least one locking object.\n");
298 		return false;
299 	}
300 
301 	pr_debug("Number of locking objects: %d\n", nlo);
302 
303 	return true;
304 }
305 
get_comid_v100(const void * data)306 static u16 get_comid_v100(const void *data)
307 {
308 	const struct d0_opal_v100 *v100 = data;
309 
310 	return be16_to_cpu(v100->baseComID);
311 }
312 
get_comid_v200(const void * data)313 static u16 get_comid_v200(const void *data)
314 {
315 	const struct d0_opal_v200 *v200 = data;
316 
317 	return be16_to_cpu(v200->baseComID);
318 }
319 
opal_send_cmd(struct opal_dev * dev)320 static int opal_send_cmd(struct opal_dev *dev)
321 {
322 	return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
323 			      dev->cmd, IO_BUFFER_LENGTH,
324 			      true);
325 }
326 
opal_recv_cmd(struct opal_dev * dev)327 static int opal_recv_cmd(struct opal_dev *dev)
328 {
329 	return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
330 			      dev->resp, IO_BUFFER_LENGTH,
331 			      false);
332 }
333 
opal_recv_check(struct opal_dev * dev)334 static int opal_recv_check(struct opal_dev *dev)
335 {
336 	size_t buflen = IO_BUFFER_LENGTH;
337 	void *buffer = dev->resp;
338 	struct opal_header *hdr = buffer;
339 	int ret;
340 
341 	do {
342 		pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
343 			 hdr->cp.outstandingData,
344 			 hdr->cp.minTransfer);
345 
346 		if (hdr->cp.outstandingData == 0 ||
347 		    hdr->cp.minTransfer != 0)
348 			return 0;
349 
350 		memset(buffer, 0, buflen);
351 		ret = opal_recv_cmd(dev);
352 	} while (!ret);
353 
354 	return ret;
355 }
356 
opal_send_recv(struct opal_dev * dev,cont_fn * cont)357 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
358 {
359 	int ret;
360 
361 	ret = opal_send_cmd(dev);
362 	if (ret)
363 		return ret;
364 	ret = opal_recv_cmd(dev);
365 	if (ret)
366 		return ret;
367 	ret = opal_recv_check(dev);
368 	if (ret)
369 		return ret;
370 	return cont(dev);
371 }
372 
check_geometry(struct opal_dev * dev,const void * data)373 static void check_geometry(struct opal_dev *dev, const void *data)
374 {
375 	const struct d0_geometry_features *geo = data;
376 
377 	dev->align = be64_to_cpu(geo->alignment_granularity);
378 	dev->lowest_lba = be64_to_cpu(geo->lowest_aligned_lba);
379 }
380 
execute_step(struct opal_dev * dev,const struct opal_step * step,size_t stepIndex)381 static int execute_step(struct opal_dev *dev,
382 			const struct opal_step *step, size_t stepIndex)
383 {
384 	int error = step->fn(dev, step->data);
385 
386 	if (error) {
387 		pr_debug("Step %zu (%pS) failed with error %d: %s\n",
388 			 stepIndex, step->fn, error,
389 			 opal_error_to_human(error));
390 	}
391 
392 	return error;
393 }
394 
execute_steps(struct opal_dev * dev,const struct opal_step * steps,size_t n_steps)395 static int execute_steps(struct opal_dev *dev,
396 			 const struct opal_step *steps, size_t n_steps)
397 {
398 	size_t state = 0;
399 	int error;
400 
401 	/* first do a discovery0 */
402 	error = opal_discovery0_step(dev);
403 	if (error)
404 		return error;
405 
406 	for (state = 0; state < n_steps; state++) {
407 		error = execute_step(dev, &steps[state], state);
408 		if (error)
409 			goto out_error;
410 	}
411 
412 	return 0;
413 
414 out_error:
415 	/*
416 	 * For each OPAL command the first step in steps starts some sort of
417 	 * session. If an error occurred in the initial discovery0 or if an
418 	 * error occurred in the first step (and thus stopping the loop with
419 	 * state == 0) then there was an error before or during the attempt to
420 	 * start a session. Therefore we shouldn't attempt to terminate a
421 	 * session, as one has not yet been created.
422 	 */
423 	if (state > 0)
424 		end_opal_session_error(dev);
425 
426 	return error;
427 }
428 
opal_discovery0_end(struct opal_dev * dev)429 static int opal_discovery0_end(struct opal_dev *dev)
430 {
431 	bool found_com_id = false, supported = true, single_user = false;
432 	const struct d0_header *hdr = (struct d0_header *)dev->resp;
433 	const u8 *epos = dev->resp, *cpos = dev->resp;
434 	u16 comid = 0;
435 	u32 hlen = be32_to_cpu(hdr->length);
436 
437 	print_buffer(dev->resp, hlen);
438 	dev->mbr_enabled = false;
439 
440 	if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
441 		pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
442 			 sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
443 		return -EFAULT;
444 	}
445 
446 	epos += hlen; /* end of buffer */
447 	cpos += sizeof(*hdr); /* current position on buffer */
448 
449 	while (cpos < epos && supported) {
450 		const struct d0_features *body =
451 			(const struct d0_features *)cpos;
452 
453 		switch (be16_to_cpu(body->code)) {
454 		case FC_TPER:
455 			supported = check_tper(body->features);
456 			break;
457 		case FC_SINGLEUSER:
458 			single_user = check_sum(body->features);
459 			break;
460 		case FC_GEOMETRY:
461 			check_geometry(dev, body);
462 			break;
463 		case FC_LOCKING:
464 			dev->mbr_enabled = check_mbrenabled(body->features);
465 			break;
466 		case FC_ENTERPRISE:
467 		case FC_DATASTORE:
468 			/* some ignored properties */
469 			pr_debug("Found OPAL feature description: %d\n",
470 				 be16_to_cpu(body->code));
471 			break;
472 		case FC_OPALV100:
473 			comid = get_comid_v100(body->features);
474 			found_com_id = true;
475 			break;
476 		case FC_OPALV200:
477 			comid = get_comid_v200(body->features);
478 			found_com_id = true;
479 			break;
480 		case 0xbfff ... 0xffff:
481 			/* vendor specific, just ignore */
482 			break;
483 		default:
484 			pr_debug("OPAL Unknown feature: %d\n",
485 				 be16_to_cpu(body->code));
486 
487 		}
488 		cpos += body->length + 4;
489 	}
490 
491 	if (!supported) {
492 		pr_debug("This device is not Opal enabled. Not Supported!\n");
493 		return -EOPNOTSUPP;
494 	}
495 
496 	if (!single_user)
497 		pr_debug("Device doesn't support single user mode\n");
498 
499 
500 	if (!found_com_id) {
501 		pr_debug("Could not find OPAL comid for device. Returning early\n");
502 		return -EOPNOTSUPP;
503 	}
504 
505 	dev->comid = comid;
506 
507 	return 0;
508 }
509 
opal_discovery0(struct opal_dev * dev,void * data)510 static int opal_discovery0(struct opal_dev *dev, void *data)
511 {
512 	int ret;
513 
514 	memset(dev->resp, 0, IO_BUFFER_LENGTH);
515 	dev->comid = OPAL_DISCOVERY_COMID;
516 	ret = opal_recv_cmd(dev);
517 	if (ret)
518 		return ret;
519 
520 	return opal_discovery0_end(dev);
521 }
522 
opal_discovery0_step(struct opal_dev * dev)523 static int opal_discovery0_step(struct opal_dev *dev)
524 {
525 	const struct opal_step discovery0_step = {
526 		opal_discovery0,
527 	};
528 
529 	return execute_step(dev, &discovery0_step, 0);
530 }
531 
remaining_size(struct opal_dev * cmd)532 static size_t remaining_size(struct opal_dev *cmd)
533 {
534 	return IO_BUFFER_LENGTH - cmd->pos;
535 }
536 
can_add(int * err,struct opal_dev * cmd,size_t len)537 static bool can_add(int *err, struct opal_dev *cmd, size_t len)
538 {
539 	if (*err)
540 		return false;
541 
542 	if (remaining_size(cmd) < len) {
543 		pr_debug("Error adding %zu bytes: end of buffer.\n", len);
544 		*err = -ERANGE;
545 		return false;
546 	}
547 
548 	return true;
549 }
550 
add_token_u8(int * err,struct opal_dev * cmd,u8 tok)551 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
552 {
553 	if (!can_add(err, cmd, 1))
554 		return;
555 
556 	cmd->cmd[cmd->pos++] = tok;
557 }
558 
add_short_atom_header(struct opal_dev * cmd,bool bytestring,bool has_sign,int len)559 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
560 				  bool has_sign, int len)
561 {
562 	u8 atom;
563 	int err = 0;
564 
565 	atom = SHORT_ATOM_ID;
566 	atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
567 	atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
568 	atom |= len & SHORT_ATOM_LEN_MASK;
569 
570 	add_token_u8(&err, cmd, atom);
571 }
572 
add_medium_atom_header(struct opal_dev * cmd,bool bytestring,bool has_sign,int len)573 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
574 				   bool has_sign, int len)
575 {
576 	u8 header0;
577 
578 	header0 = MEDIUM_ATOM_ID;
579 	header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
580 	header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
581 	header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
582 
583 	cmd->cmd[cmd->pos++] = header0;
584 	cmd->cmd[cmd->pos++] = len;
585 }
586 
add_token_u64(int * err,struct opal_dev * cmd,u64 number)587 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
588 {
589 	size_t len;
590 	int msb;
591 
592 	if (!(number & ~TINY_ATOM_DATA_MASK)) {
593 		add_token_u8(err, cmd, number);
594 		return;
595 	}
596 
597 	msb = fls64(number);
598 	len = DIV_ROUND_UP(msb, 8);
599 
600 	if (!can_add(err, cmd, len + 1)) {
601 		pr_debug("Error adding u64: end of buffer.\n");
602 		return;
603 	}
604 	add_short_atom_header(cmd, false, false, len);
605 	while (len--)
606 		add_token_u8(err, cmd, number >> (len * 8));
607 }
608 
add_bytestring_header(int * err,struct opal_dev * cmd,size_t len)609 static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len)
610 {
611 	size_t header_len = 1;
612 	bool is_short_atom = true;
613 
614 	if (len & ~SHORT_ATOM_LEN_MASK) {
615 		header_len = 2;
616 		is_short_atom = false;
617 	}
618 
619 	if (!can_add(err, cmd, header_len + len)) {
620 		pr_debug("Error adding bytestring: end of buffer.\n");
621 		return NULL;
622 	}
623 
624 	if (is_short_atom)
625 		add_short_atom_header(cmd, true, false, len);
626 	else
627 		add_medium_atom_header(cmd, true, false, len);
628 
629 	return &cmd->cmd[cmd->pos];
630 }
631 
add_token_bytestring(int * err,struct opal_dev * cmd,const u8 * bytestring,size_t len)632 static void add_token_bytestring(int *err, struct opal_dev *cmd,
633 				 const u8 *bytestring, size_t len)
634 {
635 	u8 *start;
636 
637 	start = add_bytestring_header(err, cmd, len);
638 	if (!start)
639 		return;
640 	memcpy(start, bytestring, len);
641 	cmd->pos += len;
642 }
643 
build_locking_range(u8 * buffer,size_t length,u8 lr)644 static int build_locking_range(u8 *buffer, size_t length, u8 lr)
645 {
646 	if (length > OPAL_UID_LENGTH) {
647 		pr_debug("Can't build locking range. Length OOB\n");
648 		return -ERANGE;
649 	}
650 
651 	memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
652 
653 	if (lr == 0)
654 		return 0;
655 
656 	buffer[5] = LOCKING_RANGE_NON_GLOBAL;
657 	buffer[7] = lr;
658 
659 	return 0;
660 }
661 
build_locking_user(u8 * buffer,size_t length,u8 lr)662 static int build_locking_user(u8 *buffer, size_t length, u8 lr)
663 {
664 	if (length > OPAL_UID_LENGTH) {
665 		pr_debug("Can't build locking range user. Length OOB\n");
666 		return -ERANGE;
667 	}
668 
669 	memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
670 
671 	buffer[7] = lr + 1;
672 
673 	return 0;
674 }
675 
set_comid(struct opal_dev * cmd,u16 comid)676 static void set_comid(struct opal_dev *cmd, u16 comid)
677 {
678 	struct opal_header *hdr = (struct opal_header *)cmd->cmd;
679 
680 	hdr->cp.extendedComID[0] = comid >> 8;
681 	hdr->cp.extendedComID[1] = comid;
682 	hdr->cp.extendedComID[2] = 0;
683 	hdr->cp.extendedComID[3] = 0;
684 }
685 
cmd_finalize(struct opal_dev * cmd,u32 hsn,u32 tsn)686 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
687 {
688 	struct opal_header *hdr;
689 	int err = 0;
690 
691 	/*
692 	 * Close the parameter list opened from cmd_start.
693 	 * The number of bytes added must be equal to
694 	 * CMD_FINALIZE_BYTES_NEEDED.
695 	 */
696 	add_token_u8(&err, cmd, OPAL_ENDLIST);
697 
698 	add_token_u8(&err, cmd, OPAL_ENDOFDATA);
699 	add_token_u8(&err, cmd, OPAL_STARTLIST);
700 	add_token_u8(&err, cmd, 0);
701 	add_token_u8(&err, cmd, 0);
702 	add_token_u8(&err, cmd, 0);
703 	add_token_u8(&err, cmd, OPAL_ENDLIST);
704 
705 	if (err) {
706 		pr_debug("Error finalizing command.\n");
707 		return -EFAULT;
708 	}
709 
710 	hdr = (struct opal_header *) cmd->cmd;
711 
712 	hdr->pkt.tsn = cpu_to_be32(tsn);
713 	hdr->pkt.hsn = cpu_to_be32(hsn);
714 
715 	hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
716 	while (cmd->pos % 4) {
717 		if (cmd->pos >= IO_BUFFER_LENGTH) {
718 			pr_debug("Error: Buffer overrun\n");
719 			return -ERANGE;
720 		}
721 		cmd->cmd[cmd->pos++] = 0;
722 	}
723 	hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
724 				      sizeof(hdr->pkt));
725 	hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
726 
727 	return 0;
728 }
729 
response_get_token(const struct parsed_resp * resp,int n)730 static const struct opal_resp_tok *response_get_token(
731 				const struct parsed_resp *resp,
732 				int n)
733 {
734 	const struct opal_resp_tok *tok;
735 
736 	if (!resp) {
737 		pr_debug("Response is NULL\n");
738 		return ERR_PTR(-EINVAL);
739 	}
740 
741 	if (n >= resp->num) {
742 		pr_debug("Token number doesn't exist: %d, resp: %d\n",
743 			 n, resp->num);
744 		return ERR_PTR(-EINVAL);
745 	}
746 
747 	tok = &resp->toks[n];
748 	if (tok->len == 0) {
749 		pr_debug("Token length must be non-zero\n");
750 		return ERR_PTR(-EINVAL);
751 	}
752 
753 	return tok;
754 }
755 
response_parse_tiny(struct opal_resp_tok * tok,const u8 * pos)756 static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
757 				   const u8 *pos)
758 {
759 	tok->pos = pos;
760 	tok->len = 1;
761 	tok->width = OPAL_WIDTH_TINY;
762 
763 	if (pos[0] & TINY_ATOM_SIGNED) {
764 		tok->type = OPAL_DTA_TOKENID_SINT;
765 	} else {
766 		tok->type = OPAL_DTA_TOKENID_UINT;
767 		tok->stored.u = pos[0] & 0x3f;
768 	}
769 
770 	return tok->len;
771 }
772 
response_parse_short(struct opal_resp_tok * tok,const u8 * pos)773 static ssize_t response_parse_short(struct opal_resp_tok *tok,
774 				    const u8 *pos)
775 {
776 	tok->pos = pos;
777 	tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
778 	tok->width = OPAL_WIDTH_SHORT;
779 
780 	if (pos[0] & SHORT_ATOM_BYTESTRING) {
781 		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
782 	} else if (pos[0] & SHORT_ATOM_SIGNED) {
783 		tok->type = OPAL_DTA_TOKENID_SINT;
784 	} else {
785 		u64 u_integer = 0;
786 		ssize_t i, b = 0;
787 
788 		tok->type = OPAL_DTA_TOKENID_UINT;
789 		if (tok->len > 9) {
790 			pr_debug("uint64 with more than 8 bytes\n");
791 			return -EINVAL;
792 		}
793 		for (i = tok->len - 1; i > 0; i--) {
794 			u_integer |= ((u64)pos[i] << (8 * b));
795 			b++;
796 		}
797 		tok->stored.u = u_integer;
798 	}
799 
800 	return tok->len;
801 }
802 
response_parse_medium(struct opal_resp_tok * tok,const u8 * pos)803 static ssize_t response_parse_medium(struct opal_resp_tok *tok,
804 				     const u8 *pos)
805 {
806 	tok->pos = pos;
807 	tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
808 	tok->width = OPAL_WIDTH_MEDIUM;
809 
810 	if (pos[0] & MEDIUM_ATOM_BYTESTRING)
811 		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
812 	else if (pos[0] & MEDIUM_ATOM_SIGNED)
813 		tok->type = OPAL_DTA_TOKENID_SINT;
814 	else
815 		tok->type = OPAL_DTA_TOKENID_UINT;
816 
817 	return tok->len;
818 }
819 
response_parse_long(struct opal_resp_tok * tok,const u8 * pos)820 static ssize_t response_parse_long(struct opal_resp_tok *tok,
821 				   const u8 *pos)
822 {
823 	tok->pos = pos;
824 	tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
825 	tok->width = OPAL_WIDTH_LONG;
826 
827 	if (pos[0] & LONG_ATOM_BYTESTRING)
828 		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
829 	else if (pos[0] & LONG_ATOM_SIGNED)
830 		tok->type = OPAL_DTA_TOKENID_SINT;
831 	else
832 		tok->type = OPAL_DTA_TOKENID_UINT;
833 
834 	return tok->len;
835 }
836 
response_parse_token(struct opal_resp_tok * tok,const u8 * pos)837 static ssize_t response_parse_token(struct opal_resp_tok *tok,
838 				    const u8 *pos)
839 {
840 	tok->pos = pos;
841 	tok->len = 1;
842 	tok->type = OPAL_DTA_TOKENID_TOKEN;
843 	tok->width = OPAL_WIDTH_TOKEN;
844 
845 	return tok->len;
846 }
847 
response_parse(const u8 * buf,size_t length,struct parsed_resp * resp)848 static int response_parse(const u8 *buf, size_t length,
849 			  struct parsed_resp *resp)
850 {
851 	const struct opal_header *hdr;
852 	struct opal_resp_tok *iter;
853 	int num_entries = 0;
854 	int total;
855 	ssize_t token_length;
856 	const u8 *pos;
857 	u32 clen, plen, slen;
858 
859 	if (!buf)
860 		return -EFAULT;
861 
862 	if (!resp)
863 		return -EFAULT;
864 
865 	hdr = (struct opal_header *)buf;
866 	pos = buf;
867 	pos += sizeof(*hdr);
868 
869 	clen = be32_to_cpu(hdr->cp.length);
870 	plen = be32_to_cpu(hdr->pkt.length);
871 	slen = be32_to_cpu(hdr->subpkt.length);
872 	pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
873 		 clen, plen, slen);
874 
875 	if (clen == 0 || plen == 0 || slen == 0 ||
876 	    slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
877 		pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
878 			 clen, plen, slen);
879 		print_buffer(pos, sizeof(*hdr));
880 		return -EINVAL;
881 	}
882 
883 	if (pos > buf + length)
884 		return -EFAULT;
885 
886 	iter = resp->toks;
887 	total = slen;
888 	print_buffer(pos, total);
889 	while (total > 0) {
890 		if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
891 			token_length = response_parse_tiny(iter, pos);
892 		else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
893 			token_length = response_parse_short(iter, pos);
894 		else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
895 			token_length = response_parse_medium(iter, pos);
896 		else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
897 			token_length = response_parse_long(iter, pos);
898 		else /* TOKEN */
899 			token_length = response_parse_token(iter, pos);
900 
901 		if (token_length < 0)
902 			return token_length;
903 
904 		pos += token_length;
905 		total -= token_length;
906 		iter++;
907 		num_entries++;
908 	}
909 
910 	resp->num = num_entries;
911 
912 	return 0;
913 }
914 
response_get_string(const struct parsed_resp * resp,int n,const char ** store)915 static size_t response_get_string(const struct parsed_resp *resp, int n,
916 				  const char **store)
917 {
918 	u8 skip;
919 	const struct opal_resp_tok *tok;
920 
921 	*store = NULL;
922 	tok = response_get_token(resp, n);
923 	if (IS_ERR(tok))
924 		return 0;
925 
926 	if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) {
927 		pr_debug("Token is not a byte string!\n");
928 		return 0;
929 	}
930 
931 	switch (tok->width) {
932 	case OPAL_WIDTH_TINY:
933 	case OPAL_WIDTH_SHORT:
934 		skip = 1;
935 		break;
936 	case OPAL_WIDTH_MEDIUM:
937 		skip = 2;
938 		break;
939 	case OPAL_WIDTH_LONG:
940 		skip = 4;
941 		break;
942 	default:
943 		pr_debug("Token has invalid width!\n");
944 		return 0;
945 	}
946 
947 	*store = tok->pos + skip;
948 
949 	return tok->len - skip;
950 }
951 
response_get_u64(const struct parsed_resp * resp,int n)952 static u64 response_get_u64(const struct parsed_resp *resp, int n)
953 {
954 	const struct opal_resp_tok *tok;
955 
956 	tok = response_get_token(resp, n);
957 	if (IS_ERR(tok))
958 		return 0;
959 
960 	if (tok->type != OPAL_DTA_TOKENID_UINT) {
961 		pr_debug("Token is not unsigned int: %d\n", tok->type);
962 		return 0;
963 	}
964 
965 	if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) {
966 		pr_debug("Atom is not short or tiny: %d\n", tok->width);
967 		return 0;
968 	}
969 
970 	return tok->stored.u;
971 }
972 
response_token_matches(const struct opal_resp_tok * token,u8 match)973 static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
974 {
975 	if (IS_ERR(token) ||
976 	    token->type != OPAL_DTA_TOKENID_TOKEN ||
977 	    token->pos[0] != match)
978 		return false;
979 	return true;
980 }
981 
response_status(const struct parsed_resp * resp)982 static u8 response_status(const struct parsed_resp *resp)
983 {
984 	const struct opal_resp_tok *tok;
985 
986 	tok = response_get_token(resp, 0);
987 	if (response_token_matches(tok, OPAL_ENDOFSESSION))
988 		return 0;
989 
990 	if (resp->num < 5)
991 		return DTAERROR_NO_METHOD_STATUS;
992 
993 	tok = response_get_token(resp, resp->num - 5);
994 	if (!response_token_matches(tok, OPAL_STARTLIST))
995 		return DTAERROR_NO_METHOD_STATUS;
996 
997 	tok = response_get_token(resp, resp->num - 1);
998 	if (!response_token_matches(tok, OPAL_ENDLIST))
999 		return DTAERROR_NO_METHOD_STATUS;
1000 
1001 	return response_get_u64(resp, resp->num - 4);
1002 }
1003 
1004 /* Parses and checks for errors */
parse_and_check_status(struct opal_dev * dev)1005 static int parse_and_check_status(struct opal_dev *dev)
1006 {
1007 	int error;
1008 
1009 	print_buffer(dev->cmd, dev->pos);
1010 
1011 	error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
1012 	if (error) {
1013 		pr_debug("Couldn't parse response.\n");
1014 		return error;
1015 	}
1016 
1017 	return response_status(&dev->parsed);
1018 }
1019 
clear_opal_cmd(struct opal_dev * dev)1020 static void clear_opal_cmd(struct opal_dev *dev)
1021 {
1022 	dev->pos = sizeof(struct opal_header);
1023 	memset(dev->cmd, 0, IO_BUFFER_LENGTH);
1024 }
1025 
cmd_start(struct opal_dev * dev,const u8 * uid,const u8 * method)1026 static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method)
1027 {
1028 	int err = 0;
1029 
1030 	clear_opal_cmd(dev);
1031 	set_comid(dev, dev->comid);
1032 
1033 	add_token_u8(&err, dev, OPAL_CALL);
1034 	add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1035 	add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH);
1036 
1037 	/*
1038 	 * Every method call is followed by its parameters enclosed within
1039 	 * OPAL_STARTLIST and OPAL_ENDLIST tokens. We automatically open the
1040 	 * parameter list here and close it later in cmd_finalize.
1041 	 */
1042 	add_token_u8(&err, dev, OPAL_STARTLIST);
1043 
1044 	return err;
1045 }
1046 
start_opal_session_cont(struct opal_dev * dev)1047 static int start_opal_session_cont(struct opal_dev *dev)
1048 {
1049 	u32 hsn, tsn;
1050 	int error = 0;
1051 
1052 	error = parse_and_check_status(dev);
1053 	if (error)
1054 		return error;
1055 
1056 	hsn = response_get_u64(&dev->parsed, 4);
1057 	tsn = response_get_u64(&dev->parsed, 5);
1058 
1059 	if (hsn != GENERIC_HOST_SESSION_NUM || tsn < FIRST_TPER_SESSION_NUM) {
1060 		pr_debug("Couldn't authenticate session\n");
1061 		return -EPERM;
1062 	}
1063 
1064 	dev->hsn = hsn;
1065 	dev->tsn = tsn;
1066 
1067 	return 0;
1068 }
1069 
add_suspend_info(struct opal_dev * dev,struct opal_suspend_data * sus)1070 static void add_suspend_info(struct opal_dev *dev,
1071 			     struct opal_suspend_data *sus)
1072 {
1073 	struct opal_suspend_data *iter;
1074 
1075 	list_for_each_entry(iter, &dev->unlk_lst, node) {
1076 		if (iter->lr == sus->lr) {
1077 			list_del(&iter->node);
1078 			kfree(iter);
1079 			break;
1080 		}
1081 	}
1082 	list_add_tail(&sus->node, &dev->unlk_lst);
1083 }
1084 
end_session_cont(struct opal_dev * dev)1085 static int end_session_cont(struct opal_dev *dev)
1086 {
1087 	dev->hsn = 0;
1088 	dev->tsn = 0;
1089 
1090 	return parse_and_check_status(dev);
1091 }
1092 
finalize_and_send(struct opal_dev * dev,cont_fn cont)1093 static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1094 {
1095 	int ret;
1096 
1097 	ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1098 	if (ret) {
1099 		pr_debug("Error finalizing command buffer: %d\n", ret);
1100 		return ret;
1101 	}
1102 
1103 	print_buffer(dev->cmd, dev->pos);
1104 
1105 	return opal_send_recv(dev, cont);
1106 }
1107 
1108 /*
1109  * request @column from table @table on device @dev. On success, the column
1110  * data will be available in dev->resp->tok[4]
1111  */
generic_get_column(struct opal_dev * dev,const u8 * table,u64 column)1112 static int generic_get_column(struct opal_dev *dev, const u8 *table,
1113 			      u64 column)
1114 {
1115 	int err;
1116 
1117 	err = cmd_start(dev, table, opalmethod[OPAL_GET]);
1118 
1119 	add_token_u8(&err, dev, OPAL_STARTLIST);
1120 
1121 	add_token_u8(&err, dev, OPAL_STARTNAME);
1122 	add_token_u8(&err, dev, OPAL_STARTCOLUMN);
1123 	add_token_u64(&err, dev, column);
1124 	add_token_u8(&err, dev, OPAL_ENDNAME);
1125 
1126 	add_token_u8(&err, dev, OPAL_STARTNAME);
1127 	add_token_u8(&err, dev, OPAL_ENDCOLUMN);
1128 	add_token_u64(&err, dev, column);
1129 	add_token_u8(&err, dev, OPAL_ENDNAME);
1130 
1131 	add_token_u8(&err, dev, OPAL_ENDLIST);
1132 
1133 	if (err)
1134 		return err;
1135 
1136 	return finalize_and_send(dev, parse_and_check_status);
1137 }
1138 
1139 /*
1140  * see TCG SAS 5.3.2.3 for a description of the available columns
1141  *
1142  * the result is provided in dev->resp->tok[4]
1143  */
generic_get_table_info(struct opal_dev * dev,const u8 * table_uid,u64 column)1144 static int generic_get_table_info(struct opal_dev *dev, const u8 *table_uid,
1145 				  u64 column)
1146 {
1147 	u8 uid[OPAL_UID_LENGTH];
1148 	const unsigned int half = OPAL_UID_LENGTH_HALF;
1149 
1150 	/* sed-opal UIDs can be split in two halves:
1151 	 *  first:  actual table index
1152 	 *  second: relative index in the table
1153 	 * so we have to get the first half of the OPAL_TABLE_TABLE and use the
1154 	 * first part of the target table as relative index into that table
1155 	 */
1156 	memcpy(uid, opaluid[OPAL_TABLE_TABLE], half);
1157 	memcpy(uid + half, table_uid, half);
1158 
1159 	return generic_get_column(dev, uid, column);
1160 }
1161 
gen_key(struct opal_dev * dev,void * data)1162 static int gen_key(struct opal_dev *dev, void *data)
1163 {
1164 	u8 uid[OPAL_UID_LENGTH];
1165 	int err;
1166 
1167 	memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1168 	kfree(dev->prev_data);
1169 	dev->prev_data = NULL;
1170 
1171 	err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]);
1172 
1173 	if (err) {
1174 		pr_debug("Error building gen key command\n");
1175 		return err;
1176 
1177 	}
1178 
1179 	return finalize_and_send(dev, parse_and_check_status);
1180 }
1181 
get_active_key_cont(struct opal_dev * dev)1182 static int get_active_key_cont(struct opal_dev *dev)
1183 {
1184 	const char *activekey;
1185 	size_t keylen;
1186 	int error = 0;
1187 
1188 	error = parse_and_check_status(dev);
1189 	if (error)
1190 		return error;
1191 
1192 	keylen = response_get_string(&dev->parsed, 4, &activekey);
1193 	if (!activekey) {
1194 		pr_debug("%s: Couldn't extract the Activekey from the response\n",
1195 			 __func__);
1196 		return OPAL_INVAL_PARAM;
1197 	}
1198 
1199 	dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1200 
1201 	if (!dev->prev_data)
1202 		return -ENOMEM;
1203 
1204 	dev->prev_d_len = keylen;
1205 
1206 	return 0;
1207 }
1208 
get_active_key(struct opal_dev * dev,void * data)1209 static int get_active_key(struct opal_dev *dev, void *data)
1210 {
1211 	u8 uid[OPAL_UID_LENGTH];
1212 	int err;
1213 	u8 *lr = data;
1214 
1215 	err = build_locking_range(uid, sizeof(uid), *lr);
1216 	if (err)
1217 		return err;
1218 
1219 	err = generic_get_column(dev, uid, OPAL_ACTIVEKEY);
1220 	if (err)
1221 		return err;
1222 
1223 	return get_active_key_cont(dev);
1224 }
1225 
generic_table_write_data(struct opal_dev * dev,const u64 data,u64 offset,u64 size,const u8 * uid)1226 static int generic_table_write_data(struct opal_dev *dev, const u64 data,
1227 				    u64 offset, u64 size, const u8 *uid)
1228 {
1229 	const u8 __user *src = (u8 __user *)(uintptr_t)data;
1230 	u8 *dst;
1231 	u64 len;
1232 	size_t off = 0;
1233 	int err;
1234 
1235 	/* do we fit in the available space? */
1236 	err = generic_get_table_info(dev, uid, OPAL_TABLE_ROWS);
1237 	if (err) {
1238 		pr_debug("Couldn't get the table size\n");
1239 		return err;
1240 	}
1241 
1242 	len = response_get_u64(&dev->parsed, 4);
1243 	if (size > len || offset > len - size) {
1244 		pr_debug("Does not fit in the table (%llu vs. %llu)\n",
1245 			  offset + size, len);
1246 		return -ENOSPC;
1247 	}
1248 
1249 	/* do the actual transmission(s) */
1250 	while (off < size) {
1251 		err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1252 		add_token_u8(&err, dev, OPAL_STARTNAME);
1253 		add_token_u8(&err, dev, OPAL_WHERE);
1254 		add_token_u64(&err, dev, offset + off);
1255 		add_token_u8(&err, dev, OPAL_ENDNAME);
1256 
1257 		add_token_u8(&err, dev, OPAL_STARTNAME);
1258 		add_token_u8(&err, dev, OPAL_VALUES);
1259 
1260 		/*
1261 		 * The bytestring header is either 1 or 2 bytes, so assume 2.
1262 		 * There also needs to be enough space to accommodate the
1263 		 * trailing OPAL_ENDNAME (1 byte) and tokens added by
1264 		 * cmd_finalize.
1265 		 */
1266 		len = min(remaining_size(dev) - (2+1+CMD_FINALIZE_BYTES_NEEDED),
1267 			  (size_t)(size - off));
1268 		pr_debug("Write bytes %zu+%llu/%llu\n", off, len, size);
1269 
1270 		dst = add_bytestring_header(&err, dev, len);
1271 		if (!dst)
1272 			break;
1273 
1274 		if (copy_from_user(dst, src + off, len)) {
1275 			err = -EFAULT;
1276 			break;
1277 		}
1278 
1279 		dev->pos += len;
1280 
1281 		add_token_u8(&err, dev, OPAL_ENDNAME);
1282 		if (err)
1283 			break;
1284 
1285 		err = finalize_and_send(dev, parse_and_check_status);
1286 		if (err)
1287 			break;
1288 
1289 		off += len;
1290 	}
1291 
1292 	return err;
1293 }
1294 
generic_lr_enable_disable(struct opal_dev * dev,u8 * uid,bool rle,bool wle,bool rl,bool wl)1295 static int generic_lr_enable_disable(struct opal_dev *dev,
1296 				     u8 *uid, bool rle, bool wle,
1297 				     bool rl, bool wl)
1298 {
1299 	int err;
1300 
1301 	err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1302 
1303 	add_token_u8(&err, dev, OPAL_STARTNAME);
1304 	add_token_u8(&err, dev, OPAL_VALUES);
1305 	add_token_u8(&err, dev, OPAL_STARTLIST);
1306 
1307 	add_token_u8(&err, dev, OPAL_STARTNAME);
1308 	add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1309 	add_token_u8(&err, dev, rle);
1310 	add_token_u8(&err, dev, OPAL_ENDNAME);
1311 
1312 	add_token_u8(&err, dev, OPAL_STARTNAME);
1313 	add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1314 	add_token_u8(&err, dev, wle);
1315 	add_token_u8(&err, dev, OPAL_ENDNAME);
1316 
1317 	add_token_u8(&err, dev, OPAL_STARTNAME);
1318 	add_token_u8(&err, dev, OPAL_READLOCKED);
1319 	add_token_u8(&err, dev, rl);
1320 	add_token_u8(&err, dev, OPAL_ENDNAME);
1321 
1322 	add_token_u8(&err, dev, OPAL_STARTNAME);
1323 	add_token_u8(&err, dev, OPAL_WRITELOCKED);
1324 	add_token_u8(&err, dev, wl);
1325 	add_token_u8(&err, dev, OPAL_ENDNAME);
1326 
1327 	add_token_u8(&err, dev, OPAL_ENDLIST);
1328 	add_token_u8(&err, dev, OPAL_ENDNAME);
1329 
1330 	return err;
1331 }
1332 
enable_global_lr(struct opal_dev * dev,u8 * uid,struct opal_user_lr_setup * setup)1333 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1334 				   struct opal_user_lr_setup *setup)
1335 {
1336 	int err;
1337 
1338 	err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1339 					0, 0);
1340 	if (err)
1341 		pr_debug("Failed to create enable global lr command\n");
1342 
1343 	return err;
1344 }
1345 
setup_locking_range(struct opal_dev * dev,void * data)1346 static int setup_locking_range(struct opal_dev *dev, void *data)
1347 {
1348 	u8 uid[OPAL_UID_LENGTH];
1349 	struct opal_user_lr_setup *setup = data;
1350 	u8 lr;
1351 	int err;
1352 
1353 	lr = setup->session.opal_key.lr;
1354 	err = build_locking_range(uid, sizeof(uid), lr);
1355 	if (err)
1356 		return err;
1357 
1358 	if (lr == 0)
1359 		err = enable_global_lr(dev, uid, setup);
1360 	else {
1361 		err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1362 
1363 		add_token_u8(&err, dev, OPAL_STARTNAME);
1364 		add_token_u8(&err, dev, OPAL_VALUES);
1365 		add_token_u8(&err, dev, OPAL_STARTLIST);
1366 
1367 		add_token_u8(&err, dev, OPAL_STARTNAME);
1368 		add_token_u8(&err, dev, OPAL_RANGESTART);
1369 		add_token_u64(&err, dev, setup->range_start);
1370 		add_token_u8(&err, dev, OPAL_ENDNAME);
1371 
1372 		add_token_u8(&err, dev, OPAL_STARTNAME);
1373 		add_token_u8(&err, dev, OPAL_RANGELENGTH);
1374 		add_token_u64(&err, dev, setup->range_length);
1375 		add_token_u8(&err, dev, OPAL_ENDNAME);
1376 
1377 		add_token_u8(&err, dev, OPAL_STARTNAME);
1378 		add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1379 		add_token_u64(&err, dev, !!setup->RLE);
1380 		add_token_u8(&err, dev, OPAL_ENDNAME);
1381 
1382 		add_token_u8(&err, dev, OPAL_STARTNAME);
1383 		add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1384 		add_token_u64(&err, dev, !!setup->WLE);
1385 		add_token_u8(&err, dev, OPAL_ENDNAME);
1386 
1387 		add_token_u8(&err, dev, OPAL_ENDLIST);
1388 		add_token_u8(&err, dev, OPAL_ENDNAME);
1389 	}
1390 	if (err) {
1391 		pr_debug("Error building Setup Locking range command.\n");
1392 		return err;
1393 	}
1394 
1395 	return finalize_and_send(dev, parse_and_check_status);
1396 }
1397 
start_generic_opal_session(struct opal_dev * dev,enum opal_uid auth,enum opal_uid sp_type,const char * key,u8 key_len)1398 static int start_generic_opal_session(struct opal_dev *dev,
1399 				      enum opal_uid auth,
1400 				      enum opal_uid sp_type,
1401 				      const char *key,
1402 				      u8 key_len)
1403 {
1404 	u32 hsn;
1405 	int err;
1406 
1407 	if (key == NULL && auth != OPAL_ANYBODY_UID)
1408 		return OPAL_INVAL_PARAM;
1409 
1410 	hsn = GENERIC_HOST_SESSION_NUM;
1411 	err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1412 			opalmethod[OPAL_STARTSESSION]);
1413 
1414 	add_token_u64(&err, dev, hsn);
1415 	add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1416 	add_token_u8(&err, dev, 1);
1417 
1418 	switch (auth) {
1419 	case OPAL_ANYBODY_UID:
1420 		break;
1421 	case OPAL_ADMIN1_UID:
1422 	case OPAL_SID_UID:
1423 	case OPAL_PSID_UID:
1424 		add_token_u8(&err, dev, OPAL_STARTNAME);
1425 		add_token_u8(&err, dev, 0); /* HostChallenge */
1426 		add_token_bytestring(&err, dev, key, key_len);
1427 		add_token_u8(&err, dev, OPAL_ENDNAME);
1428 		add_token_u8(&err, dev, OPAL_STARTNAME);
1429 		add_token_u8(&err, dev, 3); /* HostSignAuth */
1430 		add_token_bytestring(&err, dev, opaluid[auth],
1431 				     OPAL_UID_LENGTH);
1432 		add_token_u8(&err, dev, OPAL_ENDNAME);
1433 		break;
1434 	default:
1435 		pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1436 		return OPAL_INVAL_PARAM;
1437 	}
1438 
1439 	if (err) {
1440 		pr_debug("Error building start adminsp session command.\n");
1441 		return err;
1442 	}
1443 
1444 	return finalize_and_send(dev, start_opal_session_cont);
1445 }
1446 
start_anybodyASP_opal_session(struct opal_dev * dev,void * data)1447 static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1448 {
1449 	return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1450 					  OPAL_ADMINSP_UID, NULL, 0);
1451 }
1452 
start_SIDASP_opal_session(struct opal_dev * dev,void * data)1453 static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1454 {
1455 	int ret;
1456 	const u8 *key = dev->prev_data;
1457 
1458 	if (!key) {
1459 		const struct opal_key *okey = data;
1460 
1461 		ret = start_generic_opal_session(dev, OPAL_SID_UID,
1462 						 OPAL_ADMINSP_UID,
1463 						 okey->key,
1464 						 okey->key_len);
1465 	} else {
1466 		ret = start_generic_opal_session(dev, OPAL_SID_UID,
1467 						 OPAL_ADMINSP_UID,
1468 						 key, dev->prev_d_len);
1469 		kfree(key);
1470 		dev->prev_data = NULL;
1471 	}
1472 
1473 	return ret;
1474 }
1475 
start_admin1LSP_opal_session(struct opal_dev * dev,void * data)1476 static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1477 {
1478 	struct opal_key *key = data;
1479 
1480 	return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1481 					  OPAL_LOCKINGSP_UID,
1482 					  key->key, key->key_len);
1483 }
1484 
start_PSID_opal_session(struct opal_dev * dev,void * data)1485 static int start_PSID_opal_session(struct opal_dev *dev, void *data)
1486 {
1487 	const struct opal_key *okey = data;
1488 
1489 	return start_generic_opal_session(dev, OPAL_PSID_UID,
1490 					  OPAL_ADMINSP_UID,
1491 					  okey->key,
1492 					  okey->key_len);
1493 }
1494 
start_auth_opal_session(struct opal_dev * dev,void * data)1495 static int start_auth_opal_session(struct opal_dev *dev, void *data)
1496 {
1497 	struct opal_session_info *session = data;
1498 	u8 lk_ul_user[OPAL_UID_LENGTH];
1499 	size_t keylen = session->opal_key.key_len;
1500 	int err = 0;
1501 
1502 	u8 *key = session->opal_key.key;
1503 	u32 hsn = GENERIC_HOST_SESSION_NUM;
1504 
1505 	if (session->sum)
1506 		err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1507 					 session->opal_key.lr);
1508 	else if (session->who != OPAL_ADMIN1 && !session->sum)
1509 		err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1510 					 session->who - 1);
1511 	else
1512 		memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1513 
1514 	if (err)
1515 		return err;
1516 
1517 	err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1518 			opalmethod[OPAL_STARTSESSION]);
1519 
1520 	add_token_u64(&err, dev, hsn);
1521 	add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1522 			     OPAL_UID_LENGTH);
1523 	add_token_u8(&err, dev, 1);
1524 	add_token_u8(&err, dev, OPAL_STARTNAME);
1525 	add_token_u8(&err, dev, 0);
1526 	add_token_bytestring(&err, dev, key, keylen);
1527 	add_token_u8(&err, dev, OPAL_ENDNAME);
1528 	add_token_u8(&err, dev, OPAL_STARTNAME);
1529 	add_token_u8(&err, dev, 3);
1530 	add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1531 	add_token_u8(&err, dev, OPAL_ENDNAME);
1532 
1533 	if (err) {
1534 		pr_debug("Error building STARTSESSION command.\n");
1535 		return err;
1536 	}
1537 
1538 	return finalize_and_send(dev, start_opal_session_cont);
1539 }
1540 
revert_tper(struct opal_dev * dev,void * data)1541 static int revert_tper(struct opal_dev *dev, void *data)
1542 {
1543 	int err;
1544 
1545 	err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID],
1546 			opalmethod[OPAL_REVERT]);
1547 	if (err) {
1548 		pr_debug("Error building REVERT TPER command.\n");
1549 		return err;
1550 	}
1551 
1552 	return finalize_and_send(dev, parse_and_check_status);
1553 }
1554 
internal_activate_user(struct opal_dev * dev,void * data)1555 static int internal_activate_user(struct opal_dev *dev, void *data)
1556 {
1557 	struct opal_session_info *session = data;
1558 	u8 uid[OPAL_UID_LENGTH];
1559 	int err;
1560 
1561 	memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1562 	uid[7] = session->who;
1563 
1564 	err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1565 	add_token_u8(&err, dev, OPAL_STARTNAME);
1566 	add_token_u8(&err, dev, OPAL_VALUES);
1567 	add_token_u8(&err, dev, OPAL_STARTLIST);
1568 	add_token_u8(&err, dev, OPAL_STARTNAME);
1569 	add_token_u8(&err, dev, 5); /* Enabled */
1570 	add_token_u8(&err, dev, OPAL_TRUE);
1571 	add_token_u8(&err, dev, OPAL_ENDNAME);
1572 	add_token_u8(&err, dev, OPAL_ENDLIST);
1573 	add_token_u8(&err, dev, OPAL_ENDNAME);
1574 
1575 	if (err) {
1576 		pr_debug("Error building Activate UserN command.\n");
1577 		return err;
1578 	}
1579 
1580 	return finalize_and_send(dev, parse_and_check_status);
1581 }
1582 
erase_locking_range(struct opal_dev * dev,void * data)1583 static int erase_locking_range(struct opal_dev *dev, void *data)
1584 {
1585 	struct opal_session_info *session = data;
1586 	u8 uid[OPAL_UID_LENGTH];
1587 	int err;
1588 
1589 	if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1590 		return -ERANGE;
1591 
1592 	err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]);
1593 
1594 	if (err) {
1595 		pr_debug("Error building Erase Locking Range Command.\n");
1596 		return err;
1597 	}
1598 
1599 	return finalize_and_send(dev, parse_and_check_status);
1600 }
1601 
set_mbr_done(struct opal_dev * dev,void * data)1602 static int set_mbr_done(struct opal_dev *dev, void *data)
1603 {
1604 	u8 *mbr_done_tf = data;
1605 	int err;
1606 
1607 	err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1608 			opalmethod[OPAL_SET]);
1609 
1610 	add_token_u8(&err, dev, OPAL_STARTNAME);
1611 	add_token_u8(&err, dev, OPAL_VALUES);
1612 	add_token_u8(&err, dev, OPAL_STARTLIST);
1613 	add_token_u8(&err, dev, OPAL_STARTNAME);
1614 	add_token_u8(&err, dev, OPAL_MBRDONE);
1615 	add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */
1616 	add_token_u8(&err, dev, OPAL_ENDNAME);
1617 	add_token_u8(&err, dev, OPAL_ENDLIST);
1618 	add_token_u8(&err, dev, OPAL_ENDNAME);
1619 
1620 	if (err) {
1621 		pr_debug("Error Building set MBR Done command\n");
1622 		return err;
1623 	}
1624 
1625 	return finalize_and_send(dev, parse_and_check_status);
1626 }
1627 
set_mbr_enable_disable(struct opal_dev * dev,void * data)1628 static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1629 {
1630 	u8 *mbr_en_dis = data;
1631 	int err;
1632 
1633 	err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1634 			opalmethod[OPAL_SET]);
1635 
1636 	add_token_u8(&err, dev, OPAL_STARTNAME);
1637 	add_token_u8(&err, dev, OPAL_VALUES);
1638 	add_token_u8(&err, dev, OPAL_STARTLIST);
1639 	add_token_u8(&err, dev, OPAL_STARTNAME);
1640 	add_token_u8(&err, dev, OPAL_MBRENABLE);
1641 	add_token_u8(&err, dev, *mbr_en_dis);
1642 	add_token_u8(&err, dev, OPAL_ENDNAME);
1643 	add_token_u8(&err, dev, OPAL_ENDLIST);
1644 	add_token_u8(&err, dev, OPAL_ENDNAME);
1645 
1646 	if (err) {
1647 		pr_debug("Error Building set MBR done command\n");
1648 		return err;
1649 	}
1650 
1651 	return finalize_and_send(dev, parse_and_check_status);
1652 }
1653 
write_shadow_mbr(struct opal_dev * dev,void * data)1654 static int write_shadow_mbr(struct opal_dev *dev, void *data)
1655 {
1656 	struct opal_shadow_mbr *shadow = data;
1657 
1658 	return generic_table_write_data(dev, shadow->data, shadow->offset,
1659 					shadow->size, opaluid[OPAL_MBR]);
1660 }
1661 
generic_pw_cmd(u8 * key,size_t key_len,u8 * cpin_uid,struct opal_dev * dev)1662 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1663 			  struct opal_dev *dev)
1664 {
1665 	int err;
1666 
1667 	err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]);
1668 
1669 	add_token_u8(&err, dev, OPAL_STARTNAME);
1670 	add_token_u8(&err, dev, OPAL_VALUES);
1671 	add_token_u8(&err, dev, OPAL_STARTLIST);
1672 	add_token_u8(&err, dev, OPAL_STARTNAME);
1673 	add_token_u8(&err, dev, OPAL_PIN);
1674 	add_token_bytestring(&err, dev, key, key_len);
1675 	add_token_u8(&err, dev, OPAL_ENDNAME);
1676 	add_token_u8(&err, dev, OPAL_ENDLIST);
1677 	add_token_u8(&err, dev, OPAL_ENDNAME);
1678 
1679 	return err;
1680 }
1681 
set_new_pw(struct opal_dev * dev,void * data)1682 static int set_new_pw(struct opal_dev *dev, void *data)
1683 {
1684 	u8 cpin_uid[OPAL_UID_LENGTH];
1685 	struct opal_session_info *usr = data;
1686 
1687 	memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1688 
1689 	if (usr->who != OPAL_ADMIN1) {
1690 		cpin_uid[5] = 0x03;
1691 		if (usr->sum)
1692 			cpin_uid[7] = usr->opal_key.lr + 1;
1693 		else
1694 			cpin_uid[7] = usr->who;
1695 	}
1696 
1697 	if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
1698 			   cpin_uid, dev)) {
1699 		pr_debug("Error building set password command.\n");
1700 		return -ERANGE;
1701 	}
1702 
1703 	return finalize_and_send(dev, parse_and_check_status);
1704 }
1705 
set_sid_cpin_pin(struct opal_dev * dev,void * data)1706 static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
1707 {
1708 	u8 cpin_uid[OPAL_UID_LENGTH];
1709 	struct opal_key *key = data;
1710 
1711 	memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
1712 
1713 	if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
1714 		pr_debug("Error building Set SID cpin\n");
1715 		return -ERANGE;
1716 	}
1717 	return finalize_and_send(dev, parse_and_check_status);
1718 }
1719 
add_user_to_lr(struct opal_dev * dev,void * data)1720 static int add_user_to_lr(struct opal_dev *dev, void *data)
1721 {
1722 	u8 lr_buffer[OPAL_UID_LENGTH];
1723 	u8 user_uid[OPAL_UID_LENGTH];
1724 	struct opal_lock_unlock *lkul = data;
1725 	int err;
1726 
1727 	memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_RDLOCKED],
1728 	       OPAL_UID_LENGTH);
1729 
1730 	if (lkul->l_state == OPAL_RW)
1731 		memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_WRLOCKED],
1732 		       OPAL_UID_LENGTH);
1733 
1734 	lr_buffer[7] = lkul->session.opal_key.lr;
1735 
1736 	memcpy(user_uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1737 
1738 	user_uid[7] = lkul->session.who;
1739 
1740 	err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1741 
1742 	add_token_u8(&err, dev, OPAL_STARTNAME);
1743 	add_token_u8(&err, dev, OPAL_VALUES);
1744 
1745 	add_token_u8(&err, dev, OPAL_STARTLIST);
1746 	add_token_u8(&err, dev, OPAL_STARTNAME);
1747 	add_token_u8(&err, dev, 3);
1748 
1749 	add_token_u8(&err, dev, OPAL_STARTLIST);
1750 
1751 
1752 	add_token_u8(&err, dev, OPAL_STARTNAME);
1753 	add_token_bytestring(&err, dev,
1754 			     opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1755 			     OPAL_UID_LENGTH/2);
1756 	add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1757 	add_token_u8(&err, dev, OPAL_ENDNAME);
1758 
1759 
1760 	add_token_u8(&err, dev, OPAL_STARTNAME);
1761 	add_token_bytestring(&err, dev,
1762 			     opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1763 			     OPAL_UID_LENGTH/2);
1764 	add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1765 	add_token_u8(&err, dev, OPAL_ENDNAME);
1766 
1767 
1768 	add_token_u8(&err, dev, OPAL_STARTNAME);
1769 	add_token_bytestring(&err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
1770 			     OPAL_UID_LENGTH/2);
1771 	add_token_u8(&err, dev, 1);
1772 	add_token_u8(&err, dev, OPAL_ENDNAME);
1773 
1774 
1775 	add_token_u8(&err, dev, OPAL_ENDLIST);
1776 	add_token_u8(&err, dev, OPAL_ENDNAME);
1777 	add_token_u8(&err, dev, OPAL_ENDLIST);
1778 	add_token_u8(&err, dev, OPAL_ENDNAME);
1779 
1780 	if (err) {
1781 		pr_debug("Error building add user to locking range command.\n");
1782 		return err;
1783 	}
1784 
1785 	return finalize_and_send(dev, parse_and_check_status);
1786 }
1787 
lock_unlock_locking_range(struct opal_dev * dev,void * data)1788 static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
1789 {
1790 	u8 lr_buffer[OPAL_UID_LENGTH];
1791 	struct opal_lock_unlock *lkul = data;
1792 	u8 read_locked = 1, write_locked = 1;
1793 	int err = 0;
1794 
1795 	if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1796 				lkul->session.opal_key.lr) < 0)
1797 		return -ERANGE;
1798 
1799 	switch (lkul->l_state) {
1800 	case OPAL_RO:
1801 		read_locked = 0;
1802 		write_locked = 1;
1803 		break;
1804 	case OPAL_RW:
1805 		read_locked = 0;
1806 		write_locked = 0;
1807 		break;
1808 	case OPAL_LK:
1809 		/* vars are initialized to locked */
1810 		break;
1811 	default:
1812 		pr_debug("Tried to set an invalid locking state... returning to uland\n");
1813 		return OPAL_INVAL_PARAM;
1814 	}
1815 
1816 	err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1817 
1818 	add_token_u8(&err, dev, OPAL_STARTNAME);
1819 	add_token_u8(&err, dev, OPAL_VALUES);
1820 	add_token_u8(&err, dev, OPAL_STARTLIST);
1821 
1822 	add_token_u8(&err, dev, OPAL_STARTNAME);
1823 	add_token_u8(&err, dev, OPAL_READLOCKED);
1824 	add_token_u8(&err, dev, read_locked);
1825 	add_token_u8(&err, dev, OPAL_ENDNAME);
1826 
1827 	add_token_u8(&err, dev, OPAL_STARTNAME);
1828 	add_token_u8(&err, dev, OPAL_WRITELOCKED);
1829 	add_token_u8(&err, dev, write_locked);
1830 	add_token_u8(&err, dev, OPAL_ENDNAME);
1831 
1832 	add_token_u8(&err, dev, OPAL_ENDLIST);
1833 	add_token_u8(&err, dev, OPAL_ENDNAME);
1834 
1835 	if (err) {
1836 		pr_debug("Error building SET command.\n");
1837 		return err;
1838 	}
1839 
1840 	return finalize_and_send(dev, parse_and_check_status);
1841 }
1842 
1843 
lock_unlock_locking_range_sum(struct opal_dev * dev,void * data)1844 static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
1845 {
1846 	u8 lr_buffer[OPAL_UID_LENGTH];
1847 	u8 read_locked = 1, write_locked = 1;
1848 	struct opal_lock_unlock *lkul = data;
1849 	int ret;
1850 
1851 	clear_opal_cmd(dev);
1852 	set_comid(dev, dev->comid);
1853 
1854 	if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1855 				lkul->session.opal_key.lr) < 0)
1856 		return -ERANGE;
1857 
1858 	switch (lkul->l_state) {
1859 	case OPAL_RO:
1860 		read_locked = 0;
1861 		write_locked = 1;
1862 		break;
1863 	case OPAL_RW:
1864 		read_locked = 0;
1865 		write_locked = 0;
1866 		break;
1867 	case OPAL_LK:
1868 		/* vars are initialized to locked */
1869 		break;
1870 	default:
1871 		pr_debug("Tried to set an invalid locking state.\n");
1872 		return OPAL_INVAL_PARAM;
1873 	}
1874 	ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
1875 					read_locked, write_locked);
1876 
1877 	if (ret < 0) {
1878 		pr_debug("Error building SET command.\n");
1879 		return ret;
1880 	}
1881 
1882 	return finalize_and_send(dev, parse_and_check_status);
1883 }
1884 
activate_lsp(struct opal_dev * dev,void * data)1885 static int activate_lsp(struct opal_dev *dev, void *data)
1886 {
1887 	struct opal_lr_act *opal_act = data;
1888 	u8 user_lr[OPAL_UID_LENGTH];
1889 	int err, i;
1890 
1891 	err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID],
1892 			opalmethod[OPAL_ACTIVATE]);
1893 
1894 	if (opal_act->sum) {
1895 		err = build_locking_range(user_lr, sizeof(user_lr),
1896 					  opal_act->lr[0]);
1897 		if (err)
1898 			return err;
1899 
1900 		add_token_u8(&err, dev, OPAL_STARTNAME);
1901 		add_token_u64(&err, dev, OPAL_SUM_SET_LIST);
1902 
1903 		add_token_u8(&err, dev, OPAL_STARTLIST);
1904 		add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1905 		for (i = 1; i < opal_act->num_lrs; i++) {
1906 			user_lr[7] = opal_act->lr[i];
1907 			add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1908 		}
1909 		add_token_u8(&err, dev, OPAL_ENDLIST);
1910 		add_token_u8(&err, dev, OPAL_ENDNAME);
1911 	}
1912 
1913 	if (err) {
1914 		pr_debug("Error building Activate LockingSP command.\n");
1915 		return err;
1916 	}
1917 
1918 	return finalize_and_send(dev, parse_and_check_status);
1919 }
1920 
1921 /* Determine if we're in the Manufactured Inactive or Active state */
get_lsp_lifecycle(struct opal_dev * dev,void * data)1922 static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
1923 {
1924 	u8 lc_status;
1925 	int err;
1926 
1927 	err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID],
1928 				 OPAL_LIFECYCLE);
1929 	if (err)
1930 		return err;
1931 
1932 	lc_status = response_get_u64(&dev->parsed, 4);
1933 	/* 0x08 is Manufactured Inactive */
1934 	/* 0x09 is Manufactured */
1935 	if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
1936 		pr_debug("Couldn't determine the status of the Lifecycle state\n");
1937 		return -ENODEV;
1938 	}
1939 
1940 	return 0;
1941 }
1942 
get_msid_cpin_pin(struct opal_dev * dev,void * data)1943 static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
1944 {
1945 	const char *msid_pin;
1946 	size_t strlen;
1947 	int err;
1948 
1949 	err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN);
1950 	if (err)
1951 		return err;
1952 
1953 	strlen = response_get_string(&dev->parsed, 4, &msid_pin);
1954 	if (!msid_pin) {
1955 		pr_debug("Couldn't extract MSID_CPIN from response\n");
1956 		return OPAL_INVAL_PARAM;
1957 	}
1958 
1959 	dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
1960 	if (!dev->prev_data)
1961 		return -ENOMEM;
1962 
1963 	dev->prev_d_len = strlen;
1964 
1965 	return 0;
1966 }
1967 
write_table_data(struct opal_dev * dev,void * data)1968 static int write_table_data(struct opal_dev *dev, void *data)
1969 {
1970 	struct opal_read_write_table *write_tbl = data;
1971 
1972 	return generic_table_write_data(dev, write_tbl->data, write_tbl->offset,
1973 					write_tbl->size, write_tbl->table_uid);
1974 }
1975 
read_table_data_cont(struct opal_dev * dev)1976 static int read_table_data_cont(struct opal_dev *dev)
1977 {
1978 	int err;
1979 	const char *data_read;
1980 
1981 	err = parse_and_check_status(dev);
1982 	if (err)
1983 		return err;
1984 
1985 	dev->prev_d_len = response_get_string(&dev->parsed, 1, &data_read);
1986 	dev->prev_data = (void *)data_read;
1987 	if (!dev->prev_data) {
1988 		pr_debug("%s: Couldn't read data from the table.\n", __func__);
1989 		return OPAL_INVAL_PARAM;
1990 	}
1991 
1992 	return 0;
1993 }
1994 
1995 /*
1996  * IO_BUFFER_LENGTH = 2048
1997  * sizeof(header) = 56
1998  * No. of Token Bytes in the Response = 11
1999  * MAX size of data that can be carried in response buffer
2000  * at a time is : 2048 - (56 + 11) = 1981 = 0x7BD.
2001  */
2002 #define OPAL_MAX_READ_TABLE (0x7BD)
2003 
read_table_data(struct opal_dev * dev,void * data)2004 static int read_table_data(struct opal_dev *dev, void *data)
2005 {
2006 	struct opal_read_write_table *read_tbl = data;
2007 	int err;
2008 	size_t off = 0, max_read_size = OPAL_MAX_READ_TABLE;
2009 	u64 table_len, len;
2010 	u64 offset = read_tbl->offset, read_size = read_tbl->size - 1;
2011 	u8 __user *dst;
2012 
2013 	err = generic_get_table_info(dev, read_tbl->table_uid, OPAL_TABLE_ROWS);
2014 	if (err) {
2015 		pr_debug("Couldn't get the table size\n");
2016 		return err;
2017 	}
2018 
2019 	table_len = response_get_u64(&dev->parsed, 4);
2020 
2021 	/* Check if the user is trying to read from the table limits */
2022 	if (read_size > table_len || offset > table_len - read_size) {
2023 		pr_debug("Read size exceeds the Table size limits (%llu vs. %llu)\n",
2024 			  offset + read_size, table_len);
2025 		return -EINVAL;
2026 	}
2027 
2028 	while (off < read_size) {
2029 		err = cmd_start(dev, read_tbl->table_uid, opalmethod[OPAL_GET]);
2030 
2031 		add_token_u8(&err, dev, OPAL_STARTLIST);
2032 		add_token_u8(&err, dev, OPAL_STARTNAME);
2033 		add_token_u8(&err, dev, OPAL_STARTROW);
2034 		add_token_u64(&err, dev, offset + off); /* start row value */
2035 		add_token_u8(&err, dev, OPAL_ENDNAME);
2036 
2037 		add_token_u8(&err, dev, OPAL_STARTNAME);
2038 		add_token_u8(&err, dev, OPAL_ENDROW);
2039 
2040 		len = min(max_read_size, (size_t)(read_size - off));
2041 		add_token_u64(&err, dev, offset + off + len); /* end row value
2042 							       */
2043 		add_token_u8(&err, dev, OPAL_ENDNAME);
2044 		add_token_u8(&err, dev, OPAL_ENDLIST);
2045 
2046 		if (err) {
2047 			pr_debug("Error building read table data command.\n");
2048 			break;
2049 		}
2050 
2051 		err = finalize_and_send(dev, read_table_data_cont);
2052 		if (err)
2053 			break;
2054 
2055 		/* len+1: This includes the NULL terminator at the end*/
2056 		if (dev->prev_d_len > len + 1) {
2057 			err = -EOVERFLOW;
2058 			break;
2059 		}
2060 
2061 		dst = (u8 __user *)(uintptr_t)read_tbl->data;
2062 		if (copy_to_user(dst + off, dev->prev_data, dev->prev_d_len)) {
2063 			pr_debug("Error copying data to userspace\n");
2064 			err = -EFAULT;
2065 			break;
2066 		}
2067 		dev->prev_data = NULL;
2068 
2069 		off += len;
2070 	}
2071 
2072 	return err;
2073 }
2074 
end_opal_session(struct opal_dev * dev,void * data)2075 static int end_opal_session(struct opal_dev *dev, void *data)
2076 {
2077 	int err = 0;
2078 
2079 	clear_opal_cmd(dev);
2080 	set_comid(dev, dev->comid);
2081 	add_token_u8(&err, dev, OPAL_ENDOFSESSION);
2082 
2083 	if (err < 0)
2084 		return err;
2085 
2086 	return finalize_and_send(dev, end_session_cont);
2087 }
2088 
end_opal_session_error(struct opal_dev * dev)2089 static int end_opal_session_error(struct opal_dev *dev)
2090 {
2091 	const struct opal_step error_end_session = {
2092 		end_opal_session,
2093 	};
2094 
2095 	return execute_step(dev, &error_end_session, 0);
2096 }
2097 
setup_opal_dev(struct opal_dev * dev)2098 static inline void setup_opal_dev(struct opal_dev *dev)
2099 {
2100 	dev->tsn = 0;
2101 	dev->hsn = 0;
2102 	dev->prev_data = NULL;
2103 }
2104 
check_opal_support(struct opal_dev * dev)2105 static int check_opal_support(struct opal_dev *dev)
2106 {
2107 	int ret;
2108 
2109 	mutex_lock(&dev->dev_lock);
2110 	setup_opal_dev(dev);
2111 	ret = opal_discovery0_step(dev);
2112 	dev->supported = !ret;
2113 	mutex_unlock(&dev->dev_lock);
2114 
2115 	return ret;
2116 }
2117 
clean_opal_dev(struct opal_dev * dev)2118 static void clean_opal_dev(struct opal_dev *dev)
2119 {
2120 
2121 	struct opal_suspend_data *suspend, *next;
2122 
2123 	mutex_lock(&dev->dev_lock);
2124 	list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
2125 		list_del(&suspend->node);
2126 		kfree(suspend);
2127 	}
2128 	mutex_unlock(&dev->dev_lock);
2129 }
2130 
free_opal_dev(struct opal_dev * dev)2131 void free_opal_dev(struct opal_dev *dev)
2132 {
2133 	if (!dev)
2134 		return;
2135 
2136 	clean_opal_dev(dev);
2137 	kfree(dev->resp);
2138 	kfree(dev->cmd);
2139 	kfree(dev);
2140 }
2141 EXPORT_SYMBOL(free_opal_dev);
2142 
init_opal_dev(void * data,sec_send_recv * send_recv)2143 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2144 {
2145 	struct opal_dev *dev;
2146 
2147 	dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2148 	if (!dev)
2149 		return NULL;
2150 
2151 	/*
2152 	 * Presumably DMA-able buffers must be cache-aligned. Kmalloc makes
2153 	 * sure the allocated buffer is DMA-safe in that regard.
2154 	 */
2155 	dev->cmd = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2156 	if (!dev->cmd)
2157 		goto err_free_dev;
2158 
2159 	dev->resp = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2160 	if (!dev->resp)
2161 		goto err_free_cmd;
2162 
2163 	INIT_LIST_HEAD(&dev->unlk_lst);
2164 	mutex_init(&dev->dev_lock);
2165 	dev->data = data;
2166 	dev->send_recv = send_recv;
2167 	if (check_opal_support(dev) != 0) {
2168 		pr_debug("Opal is not supported on this device\n");
2169 		goto err_free_resp;
2170 	}
2171 
2172 	return dev;
2173 
2174 err_free_resp:
2175 	kfree(dev->resp);
2176 
2177 err_free_cmd:
2178 	kfree(dev->cmd);
2179 
2180 err_free_dev:
2181 	kfree(dev);
2182 
2183 	return NULL;
2184 }
2185 EXPORT_SYMBOL(init_opal_dev);
2186 
opal_secure_erase_locking_range(struct opal_dev * dev,struct opal_session_info * opal_session)2187 static int opal_secure_erase_locking_range(struct opal_dev *dev,
2188 					   struct opal_session_info *opal_session)
2189 {
2190 	const struct opal_step erase_steps[] = {
2191 		{ start_auth_opal_session, opal_session },
2192 		{ get_active_key, &opal_session->opal_key.lr },
2193 		{ gen_key, },
2194 		{ end_opal_session, }
2195 	};
2196 	int ret;
2197 
2198 	mutex_lock(&dev->dev_lock);
2199 	setup_opal_dev(dev);
2200 	ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2201 	mutex_unlock(&dev->dev_lock);
2202 
2203 	return ret;
2204 }
2205 
opal_erase_locking_range(struct opal_dev * dev,struct opal_session_info * opal_session)2206 static int opal_erase_locking_range(struct opal_dev *dev,
2207 				    struct opal_session_info *opal_session)
2208 {
2209 	const struct opal_step erase_steps[] = {
2210 		{ start_auth_opal_session, opal_session },
2211 		{ erase_locking_range, opal_session },
2212 		{ end_opal_session, }
2213 	};
2214 	int ret;
2215 
2216 	mutex_lock(&dev->dev_lock);
2217 	setup_opal_dev(dev);
2218 	ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2219 	mutex_unlock(&dev->dev_lock);
2220 
2221 	return ret;
2222 }
2223 
opal_enable_disable_shadow_mbr(struct opal_dev * dev,struct opal_mbr_data * opal_mbr)2224 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2225 					  struct opal_mbr_data *opal_mbr)
2226 {
2227 	u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ?
2228 		OPAL_TRUE : OPAL_FALSE;
2229 
2230 	const struct opal_step mbr_steps[] = {
2231 		{ start_admin1LSP_opal_session, &opal_mbr->key },
2232 		{ set_mbr_done, &enable_disable },
2233 		{ end_opal_session, },
2234 		{ start_admin1LSP_opal_session, &opal_mbr->key },
2235 		{ set_mbr_enable_disable, &enable_disable },
2236 		{ end_opal_session, }
2237 	};
2238 	int ret;
2239 
2240 	if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2241 	    opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2242 		return -EINVAL;
2243 
2244 	mutex_lock(&dev->dev_lock);
2245 	setup_opal_dev(dev);
2246 	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2247 	mutex_unlock(&dev->dev_lock);
2248 
2249 	return ret;
2250 }
2251 
opal_set_mbr_done(struct opal_dev * dev,struct opal_mbr_done * mbr_done)2252 static int opal_set_mbr_done(struct opal_dev *dev,
2253 			     struct opal_mbr_done *mbr_done)
2254 {
2255 	u8 mbr_done_tf = mbr_done->done_flag == OPAL_MBR_DONE ?
2256 		OPAL_TRUE : OPAL_FALSE;
2257 
2258 	const struct opal_step mbr_steps[] = {
2259 		{ start_admin1LSP_opal_session, &mbr_done->key },
2260 		{ set_mbr_done, &mbr_done_tf },
2261 		{ end_opal_session, }
2262 	};
2263 	int ret;
2264 
2265 	if (mbr_done->done_flag != OPAL_MBR_DONE &&
2266 	    mbr_done->done_flag != OPAL_MBR_NOT_DONE)
2267 		return -EINVAL;
2268 
2269 	mutex_lock(&dev->dev_lock);
2270 	setup_opal_dev(dev);
2271 	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2272 	mutex_unlock(&dev->dev_lock);
2273 
2274 	return ret;
2275 }
2276 
opal_write_shadow_mbr(struct opal_dev * dev,struct opal_shadow_mbr * info)2277 static int opal_write_shadow_mbr(struct opal_dev *dev,
2278 				 struct opal_shadow_mbr *info)
2279 {
2280 	const struct opal_step mbr_steps[] = {
2281 		{ start_admin1LSP_opal_session, &info->key },
2282 		{ write_shadow_mbr, info },
2283 		{ end_opal_session, }
2284 	};
2285 	int ret;
2286 
2287 	if (info->size == 0)
2288 		return 0;
2289 
2290 	mutex_lock(&dev->dev_lock);
2291 	setup_opal_dev(dev);
2292 	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2293 	mutex_unlock(&dev->dev_lock);
2294 
2295 	return ret;
2296 }
2297 
opal_save(struct opal_dev * dev,struct opal_lock_unlock * lk_unlk)2298 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2299 {
2300 	struct opal_suspend_data *suspend;
2301 
2302 	suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2303 	if (!suspend)
2304 		return -ENOMEM;
2305 
2306 	suspend->unlk = *lk_unlk;
2307 	suspend->lr = lk_unlk->session.opal_key.lr;
2308 
2309 	mutex_lock(&dev->dev_lock);
2310 	setup_opal_dev(dev);
2311 	add_suspend_info(dev, suspend);
2312 	mutex_unlock(&dev->dev_lock);
2313 
2314 	return 0;
2315 }
2316 
opal_add_user_to_lr(struct opal_dev * dev,struct opal_lock_unlock * lk_unlk)2317 static int opal_add_user_to_lr(struct opal_dev *dev,
2318 			       struct opal_lock_unlock *lk_unlk)
2319 {
2320 	const struct opal_step steps[] = {
2321 		{ start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2322 		{ add_user_to_lr, lk_unlk },
2323 		{ end_opal_session, }
2324 	};
2325 	int ret;
2326 
2327 	if (lk_unlk->l_state != OPAL_RO &&
2328 	    lk_unlk->l_state != OPAL_RW) {
2329 		pr_debug("Locking state was not RO or RW\n");
2330 		return -EINVAL;
2331 	}
2332 
2333 	if (lk_unlk->session.who < OPAL_USER1 ||
2334 	    lk_unlk->session.who > OPAL_USER9) {
2335 		pr_debug("Authority was not within the range of users: %d\n",
2336 			 lk_unlk->session.who);
2337 		return -EINVAL;
2338 	}
2339 
2340 	if (lk_unlk->session.sum) {
2341 		pr_debug("%s not supported in sum. Use setup locking range\n",
2342 			 __func__);
2343 		return -EINVAL;
2344 	}
2345 
2346 	mutex_lock(&dev->dev_lock);
2347 	setup_opal_dev(dev);
2348 	ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2349 	mutex_unlock(&dev->dev_lock);
2350 
2351 	return ret;
2352 }
2353 
opal_reverttper(struct opal_dev * dev,struct opal_key * opal,bool psid)2354 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psid)
2355 {
2356 	/* controller will terminate session */
2357 	const struct opal_step revert_steps[] = {
2358 		{ start_SIDASP_opal_session, opal },
2359 		{ revert_tper, }
2360 	};
2361 	const struct opal_step psid_revert_steps[] = {
2362 		{ start_PSID_opal_session, opal },
2363 		{ revert_tper, }
2364 	};
2365 
2366 	int ret;
2367 
2368 	mutex_lock(&dev->dev_lock);
2369 	setup_opal_dev(dev);
2370 	if (psid)
2371 		ret = execute_steps(dev, psid_revert_steps,
2372 				    ARRAY_SIZE(psid_revert_steps));
2373 	else
2374 		ret = execute_steps(dev, revert_steps,
2375 				    ARRAY_SIZE(revert_steps));
2376 	mutex_unlock(&dev->dev_lock);
2377 
2378 	/*
2379 	 * If we successfully reverted lets clean
2380 	 * any saved locking ranges.
2381 	 */
2382 	if (!ret)
2383 		clean_opal_dev(dev);
2384 
2385 	return ret;
2386 }
2387 
__opal_lock_unlock(struct opal_dev * dev,struct opal_lock_unlock * lk_unlk)2388 static int __opal_lock_unlock(struct opal_dev *dev,
2389 			      struct opal_lock_unlock *lk_unlk)
2390 {
2391 	const struct opal_step unlock_steps[] = {
2392 		{ start_auth_opal_session, &lk_unlk->session },
2393 		{ lock_unlock_locking_range, lk_unlk },
2394 		{ end_opal_session, }
2395 	};
2396 	const struct opal_step unlock_sum_steps[] = {
2397 		{ start_auth_opal_session, &lk_unlk->session },
2398 		{ lock_unlock_locking_range_sum, lk_unlk },
2399 		{ end_opal_session, }
2400 	};
2401 
2402 	if (lk_unlk->session.sum)
2403 		return execute_steps(dev, unlock_sum_steps,
2404 				     ARRAY_SIZE(unlock_sum_steps));
2405 	else
2406 		return execute_steps(dev, unlock_steps,
2407 				     ARRAY_SIZE(unlock_steps));
2408 }
2409 
__opal_set_mbr_done(struct opal_dev * dev,struct opal_key * key)2410 static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2411 {
2412 	u8 mbr_done_tf = OPAL_TRUE;
2413 	const struct opal_step mbrdone_step[] = {
2414 		{ start_admin1LSP_opal_session, key },
2415 		{ set_mbr_done, &mbr_done_tf },
2416 		{ end_opal_session, }
2417 	};
2418 
2419 	return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step));
2420 }
2421 
opal_lock_unlock(struct opal_dev * dev,struct opal_lock_unlock * lk_unlk)2422 static int opal_lock_unlock(struct opal_dev *dev,
2423 			    struct opal_lock_unlock *lk_unlk)
2424 {
2425 	int ret;
2426 
2427 	if (lk_unlk->session.who > OPAL_USER9)
2428 		return -EINVAL;
2429 
2430 	mutex_lock(&dev->dev_lock);
2431 	ret = __opal_lock_unlock(dev, lk_unlk);
2432 	mutex_unlock(&dev->dev_lock);
2433 
2434 	return ret;
2435 }
2436 
opal_take_ownership(struct opal_dev * dev,struct opal_key * opal)2437 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2438 {
2439 	const struct opal_step owner_steps[] = {
2440 		{ start_anybodyASP_opal_session, },
2441 		{ get_msid_cpin_pin, },
2442 		{ end_opal_session, },
2443 		{ start_SIDASP_opal_session, opal },
2444 		{ set_sid_cpin_pin, opal },
2445 		{ end_opal_session, }
2446 	};
2447 	int ret;
2448 
2449 	if (!dev)
2450 		return -ENODEV;
2451 
2452 	mutex_lock(&dev->dev_lock);
2453 	setup_opal_dev(dev);
2454 	ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
2455 	mutex_unlock(&dev->dev_lock);
2456 
2457 	return ret;
2458 }
2459 
opal_activate_lsp(struct opal_dev * dev,struct opal_lr_act * opal_lr_act)2460 static int opal_activate_lsp(struct opal_dev *dev,
2461 			     struct opal_lr_act *opal_lr_act)
2462 {
2463 	const struct opal_step active_steps[] = {
2464 		{ start_SIDASP_opal_session, &opal_lr_act->key },
2465 		{ get_lsp_lifecycle, },
2466 		{ activate_lsp, opal_lr_act },
2467 		{ end_opal_session, }
2468 	};
2469 	int ret;
2470 
2471 	if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2472 		return -EINVAL;
2473 
2474 	mutex_lock(&dev->dev_lock);
2475 	setup_opal_dev(dev);
2476 	ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
2477 	mutex_unlock(&dev->dev_lock);
2478 
2479 	return ret;
2480 }
2481 
opal_setup_locking_range(struct opal_dev * dev,struct opal_user_lr_setup * opal_lrs)2482 static int opal_setup_locking_range(struct opal_dev *dev,
2483 				    struct opal_user_lr_setup *opal_lrs)
2484 {
2485 	const struct opal_step lr_steps[] = {
2486 		{ start_auth_opal_session, &opal_lrs->session },
2487 		{ setup_locking_range, opal_lrs },
2488 		{ end_opal_session, }
2489 	};
2490 	int ret;
2491 
2492 	mutex_lock(&dev->dev_lock);
2493 	setup_opal_dev(dev);
2494 	ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2495 	mutex_unlock(&dev->dev_lock);
2496 
2497 	return ret;
2498 }
2499 
opal_set_new_pw(struct opal_dev * dev,struct opal_new_pw * opal_pw)2500 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
2501 {
2502 	const struct opal_step pw_steps[] = {
2503 		{ start_auth_opal_session, &opal_pw->session },
2504 		{ set_new_pw, &opal_pw->new_user_pw },
2505 		{ end_opal_session, }
2506 	};
2507 	int ret;
2508 
2509 	if (opal_pw->session.who > OPAL_USER9  ||
2510 	    opal_pw->new_user_pw.who > OPAL_USER9)
2511 		return -EINVAL;
2512 
2513 	mutex_lock(&dev->dev_lock);
2514 	setup_opal_dev(dev);
2515 	ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
2516 	mutex_unlock(&dev->dev_lock);
2517 
2518 	return ret;
2519 }
2520 
opal_activate_user(struct opal_dev * dev,struct opal_session_info * opal_session)2521 static int opal_activate_user(struct opal_dev *dev,
2522 			      struct opal_session_info *opal_session)
2523 {
2524 	const struct opal_step act_steps[] = {
2525 		{ start_admin1LSP_opal_session, &opal_session->opal_key },
2526 		{ internal_activate_user, opal_session },
2527 		{ end_opal_session, }
2528 	};
2529 	int ret;
2530 
2531 	/* We can't activate Admin1 it's active as manufactured */
2532 	if (opal_session->who < OPAL_USER1 ||
2533 	    opal_session->who > OPAL_USER9) {
2534 		pr_debug("Who was not a valid user: %d\n", opal_session->who);
2535 		return -EINVAL;
2536 	}
2537 
2538 	mutex_lock(&dev->dev_lock);
2539 	setup_opal_dev(dev);
2540 	ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
2541 	mutex_unlock(&dev->dev_lock);
2542 
2543 	return ret;
2544 }
2545 
opal_unlock_from_suspend(struct opal_dev * dev)2546 bool opal_unlock_from_suspend(struct opal_dev *dev)
2547 {
2548 	struct opal_suspend_data *suspend;
2549 	bool was_failure = false;
2550 	int ret = 0;
2551 
2552 	if (!dev)
2553 		return false;
2554 
2555 	if (!dev->supported)
2556 		return false;
2557 
2558 	mutex_lock(&dev->dev_lock);
2559 	setup_opal_dev(dev);
2560 
2561 	list_for_each_entry(suspend, &dev->unlk_lst, node) {
2562 		dev->tsn = 0;
2563 		dev->hsn = 0;
2564 
2565 		ret = __opal_lock_unlock(dev, &suspend->unlk);
2566 		if (ret) {
2567 			pr_debug("Failed to unlock LR %hhu with sum %d\n",
2568 				 suspend->unlk.session.opal_key.lr,
2569 				 suspend->unlk.session.sum);
2570 			was_failure = true;
2571 		}
2572 
2573 		if (dev->mbr_enabled) {
2574 			ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
2575 			if (ret)
2576 				pr_debug("Failed to set MBR Done in S3 resume\n");
2577 		}
2578 	}
2579 	mutex_unlock(&dev->dev_lock);
2580 
2581 	return was_failure;
2582 }
2583 EXPORT_SYMBOL(opal_unlock_from_suspend);
2584 
opal_read_table(struct opal_dev * dev,struct opal_read_write_table * rw_tbl)2585 static int opal_read_table(struct opal_dev *dev,
2586 			   struct opal_read_write_table *rw_tbl)
2587 {
2588 	const struct opal_step read_table_steps[] = {
2589 		{ start_admin1LSP_opal_session, &rw_tbl->key },
2590 		{ read_table_data, rw_tbl },
2591 		{ end_opal_session, }
2592 	};
2593 	int ret = 0;
2594 
2595 	if (!rw_tbl->size)
2596 		return ret;
2597 
2598 	return execute_steps(dev, read_table_steps,
2599 			     ARRAY_SIZE(read_table_steps));
2600 }
2601 
opal_write_table(struct opal_dev * dev,struct opal_read_write_table * rw_tbl)2602 static int opal_write_table(struct opal_dev *dev,
2603 			    struct opal_read_write_table *rw_tbl)
2604 {
2605 	const struct opal_step write_table_steps[] = {
2606 		{ start_admin1LSP_opal_session, &rw_tbl->key },
2607 		{ write_table_data, rw_tbl },
2608 		{ end_opal_session, }
2609 	};
2610 	int ret = 0;
2611 
2612 	if (!rw_tbl->size)
2613 		return ret;
2614 
2615 	return execute_steps(dev, write_table_steps,
2616 			     ARRAY_SIZE(write_table_steps));
2617 }
2618 
opal_generic_read_write_table(struct opal_dev * dev,struct opal_read_write_table * rw_tbl)2619 static int opal_generic_read_write_table(struct opal_dev *dev,
2620 					 struct opal_read_write_table *rw_tbl)
2621 {
2622 	int ret, bit_set;
2623 
2624 	mutex_lock(&dev->dev_lock);
2625 	setup_opal_dev(dev);
2626 
2627 	bit_set = fls64(rw_tbl->flags) - 1;
2628 	switch (bit_set) {
2629 	case OPAL_READ_TABLE:
2630 		ret = opal_read_table(dev, rw_tbl);
2631 		break;
2632 	case OPAL_WRITE_TABLE:
2633 		ret = opal_write_table(dev, rw_tbl);
2634 		break;
2635 	default:
2636 		pr_debug("Invalid bit set in the flag (%016llx).\n",
2637 			 rw_tbl->flags);
2638 		ret = -EINVAL;
2639 		break;
2640 	}
2641 
2642 	mutex_unlock(&dev->dev_lock);
2643 
2644 	return ret;
2645 }
2646 
sed_ioctl(struct opal_dev * dev,unsigned int cmd,void __user * arg)2647 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
2648 {
2649 	void *p;
2650 	int ret = -ENOTTY;
2651 
2652 	if (!capable(CAP_SYS_ADMIN))
2653 		return -EACCES;
2654 	if (!dev)
2655 		return -ENOTSUPP;
2656 	if (!dev->supported)
2657 		return -ENOTSUPP;
2658 
2659 	p = memdup_user(arg, _IOC_SIZE(cmd));
2660 	if (IS_ERR(p))
2661 		return PTR_ERR(p);
2662 
2663 	switch (cmd) {
2664 	case IOC_OPAL_SAVE:
2665 		ret = opal_save(dev, p);
2666 		break;
2667 	case IOC_OPAL_LOCK_UNLOCK:
2668 		ret = opal_lock_unlock(dev, p);
2669 		break;
2670 	case IOC_OPAL_TAKE_OWNERSHIP:
2671 		ret = opal_take_ownership(dev, p);
2672 		break;
2673 	case IOC_OPAL_ACTIVATE_LSP:
2674 		ret = opal_activate_lsp(dev, p);
2675 		break;
2676 	case IOC_OPAL_SET_PW:
2677 		ret = opal_set_new_pw(dev, p);
2678 		break;
2679 	case IOC_OPAL_ACTIVATE_USR:
2680 		ret = opal_activate_user(dev, p);
2681 		break;
2682 	case IOC_OPAL_REVERT_TPR:
2683 		ret = opal_reverttper(dev, p, false);
2684 		break;
2685 	case IOC_OPAL_LR_SETUP:
2686 		ret = opal_setup_locking_range(dev, p);
2687 		break;
2688 	case IOC_OPAL_ADD_USR_TO_LR:
2689 		ret = opal_add_user_to_lr(dev, p);
2690 		break;
2691 	case IOC_OPAL_ENABLE_DISABLE_MBR:
2692 		ret = opal_enable_disable_shadow_mbr(dev, p);
2693 		break;
2694 	case IOC_OPAL_MBR_DONE:
2695 		ret = opal_set_mbr_done(dev, p);
2696 		break;
2697 	case IOC_OPAL_WRITE_SHADOW_MBR:
2698 		ret = opal_write_shadow_mbr(dev, p);
2699 		break;
2700 	case IOC_OPAL_ERASE_LR:
2701 		ret = opal_erase_locking_range(dev, p);
2702 		break;
2703 	case IOC_OPAL_SECURE_ERASE_LR:
2704 		ret = opal_secure_erase_locking_range(dev, p);
2705 		break;
2706 	case IOC_OPAL_PSID_REVERT_TPR:
2707 		ret = opal_reverttper(dev, p, true);
2708 		break;
2709 	case IOC_OPAL_GENERIC_TABLE_RW:
2710 		ret = opal_generic_read_write_table(dev, p);
2711 		break;
2712 	default:
2713 		break;
2714 	}
2715 
2716 	kfree(p);
2717 	return ret;
2718 }
2719 EXPORT_SYMBOL_GPL(sed_ioctl);
2720