1 // SPDX-License-Identifier: GPL-2.0
3 * Copyright © 2016 Intel Corporation
6 * Scott Bauer <scott.bauer@intel.com>
7 * Rafael Antognolli <rafael.antognolli@intel.com>
10 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
12 #include <linux/delay.h>
13 #include <linux/device.h>
14 #include <linux/kernel.h>
15 #include <linux/list.h>
16 #include <linux/genhd.h>
17 #include <linux/slab.h>
18 #include <linux/uaccess.h>
19 #include <uapi/linux/sed-opal.h>
20 #include <linux/sed-opal.h>
21 #include <linux/string.h>
22 #include <linux/kdev_t.h>
24 #include "opal_proto.h"
26 #define IO_BUFFER_LENGTH 2048
29 /* Number of bytes needed by cmd_finalize. */
30 #define CMD_FINALIZE_BYTES_NEEDED 7
33 int (*fn)(struct opal_dev *dev, void *data);
36 typedef int (cont_fn)(struct opal_dev *dev);
38 enum opal_atom_width {
47 * On the parsed response, we don't store again the toks that are already
48 * stored in the response buffer. Instead, for each token, we just store a
49 * pointer to the position in the buffer where the token starts, and the size
50 * of the token in bytes.
52 struct opal_resp_tok {
55 enum opal_response_token type;
56 enum opal_atom_width width;
64 * From the response header it's not possible to know how many tokens there are
65 * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
66 * if we start dealing with messages that have more than that, we can increase
67 * this number. This is done to avoid having to make two passes through the
68 * response, the first one counting how many tokens we have and the second one
69 * actually storing the positions.
73 struct opal_resp_tok toks[MAX_TOKS];
81 sec_send_recv *send_recv;
83 struct mutex dev_lock;
91 u8 cmd[IO_BUFFER_LENGTH];
92 u8 resp[IO_BUFFER_LENGTH];
94 struct parsed_resp parsed;
98 struct list_head unlk_lst;
102 static const u8 opaluid[][OPAL_UID_LENGTH] = {
105 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
107 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
109 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
110 [OPAL_LOCKINGSP_UID] =
111 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
112 [OPAL_ENTERPRISE_LOCKINGSP_UID] =
113 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
115 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
117 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
119 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
121 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
123 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
125 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
126 [OPAL_ENTERPRISE_BANDMASTER0_UID] =
127 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
128 [OPAL_ENTERPRISE_ERASEMASTER_UID] =
129 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
134 { 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01 },
135 [OPAL_LOCKINGRANGE_GLOBAL] =
136 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
137 [OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
138 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
139 [OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
140 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
142 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
144 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
145 [OPAL_AUTHORITY_TABLE] =
146 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
148 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
149 [OPAL_LOCKING_INFO_TABLE] =
150 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
151 [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
152 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
154 /* C_PIN_TABLE object ID's */
157 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
159 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
160 [OPAL_C_PIN_ADMIN1] =
161 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
163 /* half UID's (only first 4 bytes used) */
165 [OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
166 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
167 [OPAL_HALF_UID_BOOLEAN_ACE] =
168 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
170 /* special value for omitted optional parameter */
172 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
176 * TCG Storage SSC Methods.
177 * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
178 * Section: 6.3 Assigned UIDs
180 static const u8 opalmethod[][OPAL_METHOD_LENGTH] = {
182 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
183 [OPAL_STARTSESSION] =
184 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
186 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
188 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
190 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
192 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
194 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
195 [OPAL_EAUTHENTICATE] =
196 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
198 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
200 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
202 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
204 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
206 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
207 [OPAL_AUTHENTICATE] =
208 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
210 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
212 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
215 static int end_opal_session_error(struct opal_dev *dev);
216 static int opal_discovery0_step(struct opal_dev *dev);
218 struct opal_suspend_data {
219 struct opal_lock_unlock unlk;
221 struct list_head node;
226 * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
227 * Section: 5.1.5 Method Status Codes
229 static const char * const opal_errors[] = {
237 "No Sessions Available",
238 "Uniqueness Conflict",
239 "Insufficient Space",
246 "Transaction Failure",
248 "Authority Locked Out",
251 static const char *opal_error_to_human(int error)
256 if (error >= ARRAY_SIZE(opal_errors) || error < 0)
257 return "Unknown Error";
259 return opal_errors[error];
262 static void print_buffer(const u8 *ptr, u32 length)
265 print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
270 static bool check_tper(const void *data)
272 const struct d0_tper_features *tper = data;
273 u8 flags = tper->supported_features;
275 if (!(flags & TPER_SYNC_SUPPORTED)) {
276 pr_debug("TPer sync not supported. flags = %d\n",
277 tper->supported_features);
284 static bool check_mbrenabled(const void *data)
286 const struct d0_locking_features *lfeat = data;
287 u8 sup_feat = lfeat->supported_features;
289 return !!(sup_feat & MBR_ENABLED_MASK);
292 static bool check_sum(const void *data)
294 const struct d0_single_user_mode *sum = data;
295 u32 nlo = be32_to_cpu(sum->num_locking_objects);
298 pr_debug("Need at least one locking object.\n");
302 pr_debug("Number of locking objects: %d\n", nlo);
307 static u16 get_comid_v100(const void *data)
309 const struct d0_opal_v100 *v100 = data;
311 return be16_to_cpu(v100->baseComID);
314 static u16 get_comid_v200(const void *data)
316 const struct d0_opal_v200 *v200 = data;
318 return be16_to_cpu(v200->baseComID);
321 static int opal_send_cmd(struct opal_dev *dev)
323 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
324 dev->cmd, IO_BUFFER_LENGTH,
328 static int opal_recv_cmd(struct opal_dev *dev)
330 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
331 dev->resp, IO_BUFFER_LENGTH,
335 static int opal_recv_check(struct opal_dev *dev)
337 size_t buflen = IO_BUFFER_LENGTH;
338 void *buffer = dev->resp;
339 struct opal_header *hdr = buffer;
343 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
344 hdr->cp.outstandingData,
345 hdr->cp.minTransfer);
347 if (hdr->cp.outstandingData == 0 ||
348 hdr->cp.minTransfer != 0)
351 memset(buffer, 0, buflen);
352 ret = opal_recv_cmd(dev);
358 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
362 ret = opal_send_cmd(dev);
365 ret = opal_recv_cmd(dev);
368 ret = opal_recv_check(dev);
374 static void check_geometry(struct opal_dev *dev, const void *data)
376 const struct d0_geometry_features *geo = data;
378 dev->align = geo->alignment_granularity;
379 dev->lowest_lba = geo->lowest_aligned_lba;
382 static int execute_step(struct opal_dev *dev,
383 const struct opal_step *step, size_t stepIndex)
385 int error = step->fn(dev, step->data);
388 pr_debug("Step %zu (%pS) failed with error %d: %s\n",
389 stepIndex, step->fn, error,
390 opal_error_to_human(error));
396 static int execute_steps(struct opal_dev *dev,
397 const struct opal_step *steps, size_t n_steps)
402 /* first do a discovery0 */
403 error = opal_discovery0_step(dev);
407 for (state = 0; state < n_steps; state++) {
408 error = execute_step(dev, &steps[state], state);
417 * For each OPAL command the first step in steps starts some sort of
418 * session. If an error occurred in the initial discovery0 or if an
419 * error occurred in the first step (and thus stopping the loop with
420 * state == 0) then there was an error before or during the attempt to
421 * start a session. Therefore we shouldn't attempt to terminate a
422 * session, as one has not yet been created.
425 end_opal_session_error(dev);
430 static int opal_discovery0_end(struct opal_dev *dev)
432 bool found_com_id = false, supported = true, single_user = false;
433 const struct d0_header *hdr = (struct d0_header *)dev->resp;
434 const u8 *epos = dev->resp, *cpos = dev->resp;
436 u32 hlen = be32_to_cpu(hdr->length);
438 print_buffer(dev->resp, hlen);
439 dev->mbr_enabled = false;
441 if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
442 pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
443 sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
447 epos += hlen; /* end of buffer */
448 cpos += sizeof(*hdr); /* current position on buffer */
450 while (cpos < epos && supported) {
451 const struct d0_features *body =
452 (const struct d0_features *)cpos;
454 switch (be16_to_cpu(body->code)) {
456 supported = check_tper(body->features);
459 single_user = check_sum(body->features);
462 check_geometry(dev, body);
465 dev->mbr_enabled = check_mbrenabled(body->features);
469 /* some ignored properties */
470 pr_debug("Found OPAL feature description: %d\n",
471 be16_to_cpu(body->code));
474 comid = get_comid_v100(body->features);
478 comid = get_comid_v200(body->features);
481 case 0xbfff ... 0xffff:
482 /* vendor specific, just ignore */
485 pr_debug("OPAL Unknown feature: %d\n",
486 be16_to_cpu(body->code));
489 cpos += body->length + 4;
493 pr_debug("This device is not Opal enabled. Not Supported!\n");
498 pr_debug("Device doesn't support single user mode\n");
502 pr_debug("Could not find OPAL comid for device. Returning early\n");
511 static int opal_discovery0(struct opal_dev *dev, void *data)
515 memset(dev->resp, 0, IO_BUFFER_LENGTH);
516 dev->comid = OPAL_DISCOVERY_COMID;
517 ret = opal_recv_cmd(dev);
520 return opal_discovery0_end(dev);
523 static int opal_discovery0_step(struct opal_dev *dev)
525 const struct opal_step discovery0_step = {
528 return execute_step(dev, &discovery0_step, 0);
531 static size_t remaining_size(struct opal_dev *cmd)
533 return IO_BUFFER_LENGTH - cmd->pos;
536 static bool can_add(int *err, struct opal_dev *cmd, size_t len)
541 if (remaining_size(cmd) < len) {
542 pr_debug("Error adding %zu bytes: end of buffer.\n", len);
550 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
552 if (!can_add(err, cmd, 1))
554 cmd->cmd[cmd->pos++] = tok;
557 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
558 bool has_sign, int len)
563 atom = SHORT_ATOM_ID;
564 atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
565 atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
566 atom |= len & SHORT_ATOM_LEN_MASK;
568 add_token_u8(&err, cmd, atom);
571 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
572 bool has_sign, int len)
576 header0 = MEDIUM_ATOM_ID;
577 header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
578 header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
579 header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
580 cmd->cmd[cmd->pos++] = header0;
581 cmd->cmd[cmd->pos++] = len;
584 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
589 if (!(number & ~TINY_ATOM_DATA_MASK)) {
590 add_token_u8(err, cmd, number);
595 len = DIV_ROUND_UP(msb, 8);
597 if (!can_add(err, cmd, len + 1)) {
598 pr_debug("Error adding u64: end of buffer.\n");
601 add_short_atom_header(cmd, false, false, len);
603 add_token_u8(err, cmd, number >> (len * 8));
606 static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len)
608 size_t header_len = 1;
609 bool is_short_atom = true;
611 if (len & ~SHORT_ATOM_LEN_MASK) {
613 is_short_atom = false;
616 if (!can_add(err, cmd, header_len + len)) {
617 pr_debug("Error adding bytestring: end of buffer.\n");
622 add_short_atom_header(cmd, true, false, len);
624 add_medium_atom_header(cmd, true, false, len);
626 return &cmd->cmd[cmd->pos];
629 static void add_token_bytestring(int *err, struct opal_dev *cmd,
630 const u8 *bytestring, size_t len)
634 start = add_bytestring_header(err, cmd, len);
637 memcpy(start, bytestring, len);
641 static int build_locking_range(u8 *buffer, size_t length, u8 lr)
643 if (length > OPAL_UID_LENGTH) {
644 pr_debug("Can't build locking range. Length OOB\n");
648 memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
652 buffer[5] = LOCKING_RANGE_NON_GLOBAL;
658 static int build_locking_user(u8 *buffer, size_t length, u8 lr)
660 if (length > OPAL_UID_LENGTH) {
661 pr_debug("Can't build locking range user. Length OOB\n");
665 memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
672 static void set_comid(struct opal_dev *cmd, u16 comid)
674 struct opal_header *hdr = (struct opal_header *)cmd->cmd;
676 hdr->cp.extendedComID[0] = comid >> 8;
677 hdr->cp.extendedComID[1] = comid;
678 hdr->cp.extendedComID[2] = 0;
679 hdr->cp.extendedComID[3] = 0;
682 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
684 struct opal_header *hdr;
688 * Close the parameter list opened from cmd_start.
689 * The number of bytes added must be equal to
690 * CMD_FINALIZE_BYTES_NEEDED.
692 add_token_u8(&err, cmd, OPAL_ENDLIST);
694 add_token_u8(&err, cmd, OPAL_ENDOFDATA);
695 add_token_u8(&err, cmd, OPAL_STARTLIST);
696 add_token_u8(&err, cmd, 0);
697 add_token_u8(&err, cmd, 0);
698 add_token_u8(&err, cmd, 0);
699 add_token_u8(&err, cmd, OPAL_ENDLIST);
702 pr_debug("Error finalizing command.\n");
706 hdr = (struct opal_header *) cmd->cmd;
708 hdr->pkt.tsn = cpu_to_be32(tsn);
709 hdr->pkt.hsn = cpu_to_be32(hsn);
711 hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
712 while (cmd->pos % 4) {
713 if (cmd->pos >= IO_BUFFER_LENGTH) {
714 pr_debug("Error: Buffer overrun\n");
717 cmd->cmd[cmd->pos++] = 0;
719 hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
721 hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
726 static const struct opal_resp_tok *response_get_token(
727 const struct parsed_resp *resp,
730 const struct opal_resp_tok *tok;
733 pr_debug("Response is NULL\n");
734 return ERR_PTR(-EINVAL);
737 if (n >= resp->num) {
738 pr_debug("Token number doesn't exist: %d, resp: %d\n",
740 return ERR_PTR(-EINVAL);
743 tok = &resp->toks[n];
745 pr_debug("Token length must be non-zero\n");
746 return ERR_PTR(-EINVAL);
752 static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
757 tok->width = OPAL_WIDTH_TINY;
759 if (pos[0] & TINY_ATOM_SIGNED) {
760 tok->type = OPAL_DTA_TOKENID_SINT;
762 tok->type = OPAL_DTA_TOKENID_UINT;
763 tok->stored.u = pos[0] & 0x3f;
769 static ssize_t response_parse_short(struct opal_resp_tok *tok,
773 tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
774 tok->width = OPAL_WIDTH_SHORT;
776 if (pos[0] & SHORT_ATOM_BYTESTRING) {
777 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
778 } else if (pos[0] & SHORT_ATOM_SIGNED) {
779 tok->type = OPAL_DTA_TOKENID_SINT;
784 tok->type = OPAL_DTA_TOKENID_UINT;
786 pr_debug("uint64 with more than 8 bytes\n");
789 for (i = tok->len - 1; i > 0; i--) {
790 u_integer |= ((u64)pos[i] << (8 * b));
793 tok->stored.u = u_integer;
799 static ssize_t response_parse_medium(struct opal_resp_tok *tok,
803 tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
804 tok->width = OPAL_WIDTH_MEDIUM;
806 if (pos[0] & MEDIUM_ATOM_BYTESTRING)
807 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
808 else if (pos[0] & MEDIUM_ATOM_SIGNED)
809 tok->type = OPAL_DTA_TOKENID_SINT;
811 tok->type = OPAL_DTA_TOKENID_UINT;
816 static ssize_t response_parse_long(struct opal_resp_tok *tok,
820 tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
821 tok->width = OPAL_WIDTH_LONG;
823 if (pos[0] & LONG_ATOM_BYTESTRING)
824 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
825 else if (pos[0] & LONG_ATOM_SIGNED)
826 tok->type = OPAL_DTA_TOKENID_SINT;
828 tok->type = OPAL_DTA_TOKENID_UINT;
833 static ssize_t response_parse_token(struct opal_resp_tok *tok,
838 tok->type = OPAL_DTA_TOKENID_TOKEN;
839 tok->width = OPAL_WIDTH_TOKEN;
844 static int response_parse(const u8 *buf, size_t length,
845 struct parsed_resp *resp)
847 const struct opal_header *hdr;
848 struct opal_resp_tok *iter;
851 ssize_t token_length;
853 u32 clen, plen, slen;
861 hdr = (struct opal_header *)buf;
865 clen = be32_to_cpu(hdr->cp.length);
866 plen = be32_to_cpu(hdr->pkt.length);
867 slen = be32_to_cpu(hdr->subpkt.length);
868 pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
871 if (clen == 0 || plen == 0 || slen == 0 ||
872 slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
873 pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
875 print_buffer(pos, sizeof(*hdr));
879 if (pos > buf + length)
884 print_buffer(pos, total);
886 if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
887 token_length = response_parse_tiny(iter, pos);
888 else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
889 token_length = response_parse_short(iter, pos);
890 else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
891 token_length = response_parse_medium(iter, pos);
892 else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
893 token_length = response_parse_long(iter, pos);
895 token_length = response_parse_token(iter, pos);
897 if (token_length < 0)
901 total -= token_length;
906 if (num_entries == 0) {
907 pr_debug("Couldn't parse response.\n");
910 resp->num = num_entries;
915 static size_t response_get_string(const struct parsed_resp *resp, int n,
919 const struct opal_resp_tok *tok;
922 tok = response_get_token(resp, n);
926 if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) {
927 pr_debug("Token is not a byte string!\n");
931 switch (tok->width) {
932 case OPAL_WIDTH_TINY:
933 case OPAL_WIDTH_SHORT:
936 case OPAL_WIDTH_MEDIUM:
939 case OPAL_WIDTH_LONG:
943 pr_debug("Token has invalid width!\n");
947 *store = tok->pos + skip;
948 return tok->len - skip;
951 static u64 response_get_u64(const struct parsed_resp *resp, int n)
953 const struct opal_resp_tok *tok;
955 tok = response_get_token(resp, n);
959 if (tok->type != OPAL_DTA_TOKENID_UINT) {
960 pr_debug("Token is not unsigned int: %d\n", tok->type);
964 if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) {
965 pr_debug("Atom is not short or tiny: %d\n", tok->width);
969 return tok->stored.u;
972 static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
975 token->type != OPAL_DTA_TOKENID_TOKEN ||
976 token->pos[0] != match)
981 static u8 response_status(const struct parsed_resp *resp)
983 const struct opal_resp_tok *tok;
985 tok = response_get_token(resp, 0);
986 if (response_token_matches(tok, OPAL_ENDOFSESSION))
990 return DTAERROR_NO_METHOD_STATUS;
992 tok = response_get_token(resp, resp->num - 5);
993 if (!response_token_matches(tok, OPAL_STARTLIST))
994 return DTAERROR_NO_METHOD_STATUS;
996 tok = response_get_token(resp, resp->num - 1);
997 if (!response_token_matches(tok, OPAL_ENDLIST))
998 return DTAERROR_NO_METHOD_STATUS;
1000 return response_get_u64(resp, resp->num - 4);
1003 /* Parses and checks for errors */
1004 static int parse_and_check_status(struct opal_dev *dev)
1008 print_buffer(dev->cmd, dev->pos);
1010 error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
1012 pr_debug("Couldn't parse response.\n");
1016 return response_status(&dev->parsed);
1019 static void clear_opal_cmd(struct opal_dev *dev)
1021 dev->pos = sizeof(struct opal_header);
1022 memset(dev->cmd, 0, IO_BUFFER_LENGTH);
1025 static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method)
1029 clear_opal_cmd(dev);
1030 set_comid(dev, dev->comid);
1032 add_token_u8(&err, dev, OPAL_CALL);
1033 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1034 add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH);
1037 * Every method call is followed by its parameters enclosed within
1038 * OPAL_STARTLIST and OPAL_ENDLIST tokens. We automatically open the
1039 * parameter list here and close it later in cmd_finalize.
1041 add_token_u8(&err, dev, OPAL_STARTLIST);
1046 static int start_opal_session_cont(struct opal_dev *dev)
1051 error = parse_and_check_status(dev);
1055 hsn = response_get_u64(&dev->parsed, 4);
1056 tsn = response_get_u64(&dev->parsed, 5);
1058 if (hsn == 0 && tsn == 0) {
1059 pr_debug("Couldn't authenticate session\n");
1068 static void add_suspend_info(struct opal_dev *dev,
1069 struct opal_suspend_data *sus)
1071 struct opal_suspend_data *iter;
1073 list_for_each_entry(iter, &dev->unlk_lst, node) {
1074 if (iter->lr == sus->lr) {
1075 list_del(&iter->node);
1080 list_add_tail(&sus->node, &dev->unlk_lst);
1083 static int end_session_cont(struct opal_dev *dev)
1087 return parse_and_check_status(dev);
1090 static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1094 ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1096 pr_debug("Error finalizing command buffer: %d\n", ret);
1100 print_buffer(dev->cmd, dev->pos);
1102 return opal_send_recv(dev, cont);
1106 * request @column from table @table on device @dev. On success, the column
1107 * data will be available in dev->resp->tok[4]
1109 static int generic_get_column(struct opal_dev *dev, const u8 *table,
1114 err = cmd_start(dev, table, opalmethod[OPAL_GET]);
1116 add_token_u8(&err, dev, OPAL_STARTLIST);
1118 add_token_u8(&err, dev, OPAL_STARTNAME);
1119 add_token_u8(&err, dev, OPAL_STARTCOLUMN);
1120 add_token_u64(&err, dev, column);
1121 add_token_u8(&err, dev, OPAL_ENDNAME);
1123 add_token_u8(&err, dev, OPAL_STARTNAME);
1124 add_token_u8(&err, dev, OPAL_ENDCOLUMN);
1125 add_token_u64(&err, dev, column);
1126 add_token_u8(&err, dev, OPAL_ENDNAME);
1128 add_token_u8(&err, dev, OPAL_ENDLIST);
1133 return finalize_and_send(dev, parse_and_check_status);
1137 * see TCG SAS 5.3.2.3 for a description of the available columns
1139 * the result is provided in dev->resp->tok[4]
1141 static int generic_get_table_info(struct opal_dev *dev, enum opal_uid table,
1144 u8 uid[OPAL_UID_LENGTH];
1145 const unsigned int half = OPAL_UID_LENGTH/2;
1147 /* sed-opal UIDs can be split in two halves:
1148 * first: actual table index
1149 * second: relative index in the table
1150 * so we have to get the first half of the OPAL_TABLE_TABLE and use the
1151 * first part of the target table as relative index into that table
1153 memcpy(uid, opaluid[OPAL_TABLE_TABLE], half);
1154 memcpy(uid+half, opaluid[table], half);
1156 return generic_get_column(dev, uid, column);
1159 static int gen_key(struct opal_dev *dev, void *data)
1161 u8 uid[OPAL_UID_LENGTH];
1164 memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1165 kfree(dev->prev_data);
1166 dev->prev_data = NULL;
1168 err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]);
1171 pr_debug("Error building gen key command\n");
1175 return finalize_and_send(dev, parse_and_check_status);
1178 static int get_active_key_cont(struct opal_dev *dev)
1180 const char *activekey;
1184 error = parse_and_check_status(dev);
1187 keylen = response_get_string(&dev->parsed, 4, &activekey);
1189 pr_debug("%s: Couldn't extract the Activekey from the response\n",
1191 return OPAL_INVAL_PARAM;
1193 dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1195 if (!dev->prev_data)
1198 dev->prev_d_len = keylen;
1203 static int get_active_key(struct opal_dev *dev, void *data)
1205 u8 uid[OPAL_UID_LENGTH];
1209 err = build_locking_range(uid, sizeof(uid), *lr);
1213 err = generic_get_column(dev, uid, OPAL_ACTIVEKEY);
1217 return get_active_key_cont(dev);
1220 static int generic_lr_enable_disable(struct opal_dev *dev,
1221 u8 *uid, bool rle, bool wle,
1226 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1228 add_token_u8(&err, dev, OPAL_STARTNAME);
1229 add_token_u8(&err, dev, OPAL_VALUES);
1230 add_token_u8(&err, dev, OPAL_STARTLIST);
1232 add_token_u8(&err, dev, OPAL_STARTNAME);
1233 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1234 add_token_u8(&err, dev, rle);
1235 add_token_u8(&err, dev, OPAL_ENDNAME);
1237 add_token_u8(&err, dev, OPAL_STARTNAME);
1238 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1239 add_token_u8(&err, dev, wle);
1240 add_token_u8(&err, dev, OPAL_ENDNAME);
1242 add_token_u8(&err, dev, OPAL_STARTNAME);
1243 add_token_u8(&err, dev, OPAL_READLOCKED);
1244 add_token_u8(&err, dev, rl);
1245 add_token_u8(&err, dev, OPAL_ENDNAME);
1247 add_token_u8(&err, dev, OPAL_STARTNAME);
1248 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1249 add_token_u8(&err, dev, wl);
1250 add_token_u8(&err, dev, OPAL_ENDNAME);
1252 add_token_u8(&err, dev, OPAL_ENDLIST);
1253 add_token_u8(&err, dev, OPAL_ENDNAME);
1257 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1258 struct opal_user_lr_setup *setup)
1262 err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1265 pr_debug("Failed to create enable global lr command\n");
1269 static int setup_locking_range(struct opal_dev *dev, void *data)
1271 u8 uid[OPAL_UID_LENGTH];
1272 struct opal_user_lr_setup *setup = data;
1276 lr = setup->session.opal_key.lr;
1277 err = build_locking_range(uid, sizeof(uid), lr);
1282 err = enable_global_lr(dev, uid, setup);
1284 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1286 add_token_u8(&err, dev, OPAL_STARTNAME);
1287 add_token_u8(&err, dev, OPAL_VALUES);
1288 add_token_u8(&err, dev, OPAL_STARTLIST);
1290 add_token_u8(&err, dev, OPAL_STARTNAME);
1291 add_token_u8(&err, dev, OPAL_RANGESTART);
1292 add_token_u64(&err, dev, setup->range_start);
1293 add_token_u8(&err, dev, OPAL_ENDNAME);
1295 add_token_u8(&err, dev, OPAL_STARTNAME);
1296 add_token_u8(&err, dev, OPAL_RANGELENGTH);
1297 add_token_u64(&err, dev, setup->range_length);
1298 add_token_u8(&err, dev, OPAL_ENDNAME);
1300 add_token_u8(&err, dev, OPAL_STARTNAME);
1301 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1302 add_token_u64(&err, dev, !!setup->RLE);
1303 add_token_u8(&err, dev, OPAL_ENDNAME);
1305 add_token_u8(&err, dev, OPAL_STARTNAME);
1306 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1307 add_token_u64(&err, dev, !!setup->WLE);
1308 add_token_u8(&err, dev, OPAL_ENDNAME);
1310 add_token_u8(&err, dev, OPAL_ENDLIST);
1311 add_token_u8(&err, dev, OPAL_ENDNAME);
1314 pr_debug("Error building Setup Locking range command.\n");
1319 return finalize_and_send(dev, parse_and_check_status);
1322 static int start_generic_opal_session(struct opal_dev *dev,
1324 enum opal_uid sp_type,
1331 if (key == NULL && auth != OPAL_ANYBODY_UID)
1332 return OPAL_INVAL_PARAM;
1334 hsn = GENERIC_HOST_SESSION_NUM;
1335 err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1336 opalmethod[OPAL_STARTSESSION]);
1338 add_token_u64(&err, dev, hsn);
1339 add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1340 add_token_u8(&err, dev, 1);
1343 case OPAL_ANYBODY_UID:
1345 case OPAL_ADMIN1_UID:
1348 add_token_u8(&err, dev, OPAL_STARTNAME);
1349 add_token_u8(&err, dev, 0); /* HostChallenge */
1350 add_token_bytestring(&err, dev, key, key_len);
1351 add_token_u8(&err, dev, OPAL_ENDNAME);
1352 add_token_u8(&err, dev, OPAL_STARTNAME);
1353 add_token_u8(&err, dev, 3); /* HostSignAuth */
1354 add_token_bytestring(&err, dev, opaluid[auth],
1356 add_token_u8(&err, dev, OPAL_ENDNAME);
1359 pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1360 return OPAL_INVAL_PARAM;
1364 pr_debug("Error building start adminsp session command.\n");
1368 return finalize_and_send(dev, start_opal_session_cont);
1371 static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1373 return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1374 OPAL_ADMINSP_UID, NULL, 0);
1377 static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1380 const u8 *key = dev->prev_data;
1383 const struct opal_key *okey = data;
1385 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1390 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1392 key, dev->prev_d_len);
1394 dev->prev_data = NULL;
1399 static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1401 struct opal_key *key = data;
1403 return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1405 key->key, key->key_len);
1408 static int start_PSID_opal_session(struct opal_dev *dev, void *data)
1410 const struct opal_key *okey = data;
1412 return start_generic_opal_session(dev, OPAL_PSID_UID,
1418 static int start_auth_opal_session(struct opal_dev *dev, void *data)
1420 struct opal_session_info *session = data;
1421 u8 lk_ul_user[OPAL_UID_LENGTH];
1422 size_t keylen = session->opal_key.key_len;
1425 u8 *key = session->opal_key.key;
1426 u32 hsn = GENERIC_HOST_SESSION_NUM;
1429 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1430 session->opal_key.lr);
1431 else if (session->who != OPAL_ADMIN1 && !session->sum)
1432 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1435 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1440 err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1441 opalmethod[OPAL_STARTSESSION]);
1443 add_token_u64(&err, dev, hsn);
1444 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1446 add_token_u8(&err, dev, 1);
1447 add_token_u8(&err, dev, OPAL_STARTNAME);
1448 add_token_u8(&err, dev, 0);
1449 add_token_bytestring(&err, dev, key, keylen);
1450 add_token_u8(&err, dev, OPAL_ENDNAME);
1451 add_token_u8(&err, dev, OPAL_STARTNAME);
1452 add_token_u8(&err, dev, 3);
1453 add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1454 add_token_u8(&err, dev, OPAL_ENDNAME);
1457 pr_debug("Error building STARTSESSION command.\n");
1461 return finalize_and_send(dev, start_opal_session_cont);
1464 static int revert_tper(struct opal_dev *dev, void *data)
1468 err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID],
1469 opalmethod[OPAL_REVERT]);
1471 pr_debug("Error building REVERT TPER command.\n");
1475 return finalize_and_send(dev, parse_and_check_status);
1478 static int internal_activate_user(struct opal_dev *dev, void *data)
1480 struct opal_session_info *session = data;
1481 u8 uid[OPAL_UID_LENGTH];
1484 memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1485 uid[7] = session->who;
1487 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1488 add_token_u8(&err, dev, OPAL_STARTNAME);
1489 add_token_u8(&err, dev, OPAL_VALUES);
1490 add_token_u8(&err, dev, OPAL_STARTLIST);
1491 add_token_u8(&err, dev, OPAL_STARTNAME);
1492 add_token_u8(&err, dev, 5); /* Enabled */
1493 add_token_u8(&err, dev, OPAL_TRUE);
1494 add_token_u8(&err, dev, OPAL_ENDNAME);
1495 add_token_u8(&err, dev, OPAL_ENDLIST);
1496 add_token_u8(&err, dev, OPAL_ENDNAME);
1499 pr_debug("Error building Activate UserN command.\n");
1503 return finalize_and_send(dev, parse_and_check_status);
1506 static int erase_locking_range(struct opal_dev *dev, void *data)
1508 struct opal_session_info *session = data;
1509 u8 uid[OPAL_UID_LENGTH];
1512 if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1515 err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]);
1518 pr_debug("Error building Erase Locking Range Command.\n");
1521 return finalize_and_send(dev, parse_and_check_status);
1524 static int set_mbr_done(struct opal_dev *dev, void *data)
1526 u8 *mbr_done_tf = data;
1529 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1530 opalmethod[OPAL_SET]);
1532 add_token_u8(&err, dev, OPAL_STARTNAME);
1533 add_token_u8(&err, dev, OPAL_VALUES);
1534 add_token_u8(&err, dev, OPAL_STARTLIST);
1535 add_token_u8(&err, dev, OPAL_STARTNAME);
1536 add_token_u8(&err, dev, OPAL_MBRDONE);
1537 add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */
1538 add_token_u8(&err, dev, OPAL_ENDNAME);
1539 add_token_u8(&err, dev, OPAL_ENDLIST);
1540 add_token_u8(&err, dev, OPAL_ENDNAME);
1543 pr_debug("Error Building set MBR Done command\n");
1547 return finalize_and_send(dev, parse_and_check_status);
1550 static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1552 u8 *mbr_en_dis = data;
1555 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1556 opalmethod[OPAL_SET]);
1558 add_token_u8(&err, dev, OPAL_STARTNAME);
1559 add_token_u8(&err, dev, OPAL_VALUES);
1560 add_token_u8(&err, dev, OPAL_STARTLIST);
1561 add_token_u8(&err, dev, OPAL_STARTNAME);
1562 add_token_u8(&err, dev, OPAL_MBRENABLE);
1563 add_token_u8(&err, dev, *mbr_en_dis);
1564 add_token_u8(&err, dev, OPAL_ENDNAME);
1565 add_token_u8(&err, dev, OPAL_ENDLIST);
1566 add_token_u8(&err, dev, OPAL_ENDNAME);
1569 pr_debug("Error Building set MBR done command\n");
1573 return finalize_and_send(dev, parse_and_check_status);
1576 static int write_shadow_mbr(struct opal_dev *dev, void *data)
1578 struct opal_shadow_mbr *shadow = data;
1579 const u8 __user *src;
1585 /* do we fit in the available shadow mbr space? */
1586 err = generic_get_table_info(dev, OPAL_MBR, OPAL_TABLE_ROWS);
1588 pr_debug("MBR: could not get shadow size\n");
1592 len = response_get_u64(&dev->parsed, 4);
1593 if (shadow->size > len || shadow->offset > len - shadow->size) {
1594 pr_debug("MBR: does not fit in shadow (%llu vs. %llu)\n",
1595 shadow->offset + shadow->size, len);
1599 /* do the actual transmission(s) */
1600 src = (u8 __user *)(uintptr_t)shadow->data;
1601 while (off < shadow->size) {
1602 err = cmd_start(dev, opaluid[OPAL_MBR], opalmethod[OPAL_SET]);
1603 add_token_u8(&err, dev, OPAL_STARTNAME);
1604 add_token_u8(&err, dev, OPAL_WHERE);
1605 add_token_u64(&err, dev, shadow->offset + off);
1606 add_token_u8(&err, dev, OPAL_ENDNAME);
1608 add_token_u8(&err, dev, OPAL_STARTNAME);
1609 add_token_u8(&err, dev, OPAL_VALUES);
1612 * The bytestring header is either 1 or 2 bytes, so assume 2.
1613 * There also needs to be enough space to accommodate the
1614 * trailing OPAL_ENDNAME (1 byte) and tokens added by
1617 len = min(remaining_size(dev) - (2+1+CMD_FINALIZE_BYTES_NEEDED),
1618 (size_t)(shadow->size - off));
1619 pr_debug("MBR: write bytes %zu+%llu/%llu\n",
1620 off, len, shadow->size);
1622 dst = add_bytestring_header(&err, dev, len);
1625 if (copy_from_user(dst, src + off, len))
1629 add_token_u8(&err, dev, OPAL_ENDNAME);
1633 err = finalize_and_send(dev, parse_and_check_status);
1642 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1643 struct opal_dev *dev)
1647 err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]);
1649 add_token_u8(&err, dev, OPAL_STARTNAME);
1650 add_token_u8(&err, dev, OPAL_VALUES);
1651 add_token_u8(&err, dev, OPAL_STARTLIST);
1652 add_token_u8(&err, dev, OPAL_STARTNAME);
1653 add_token_u8(&err, dev, OPAL_PIN);
1654 add_token_bytestring(&err, dev, key, key_len);
1655 add_token_u8(&err, dev, OPAL_ENDNAME);
1656 add_token_u8(&err, dev, OPAL_ENDLIST);
1657 add_token_u8(&err, dev, OPAL_ENDNAME);
1662 static int set_new_pw(struct opal_dev *dev, void *data)
1664 u8 cpin_uid[OPAL_UID_LENGTH];
1665 struct opal_session_info *usr = data;
1667 memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1669 if (usr->who != OPAL_ADMIN1) {
1672 cpin_uid[7] = usr->opal_key.lr + 1;
1674 cpin_uid[7] = usr->who;
1677 if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
1679 pr_debug("Error building set password command.\n");
1683 return finalize_and_send(dev, parse_and_check_status);
1686 static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
1688 u8 cpin_uid[OPAL_UID_LENGTH];
1689 struct opal_key *key = data;
1691 memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
1693 if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
1694 pr_debug("Error building Set SID cpin\n");
1697 return finalize_and_send(dev, parse_and_check_status);
1700 static int add_user_to_lr(struct opal_dev *dev, void *data)
1702 u8 lr_buffer[OPAL_UID_LENGTH];
1703 u8 user_uid[OPAL_UID_LENGTH];
1704 struct opal_lock_unlock *lkul = data;
1707 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_RDLOCKED],
1710 if (lkul->l_state == OPAL_RW)
1711 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_WRLOCKED],
1714 lr_buffer[7] = lkul->session.opal_key.lr;
1716 memcpy(user_uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1718 user_uid[7] = lkul->session.who;
1720 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1722 add_token_u8(&err, dev, OPAL_STARTNAME);
1723 add_token_u8(&err, dev, OPAL_VALUES);
1725 add_token_u8(&err, dev, OPAL_STARTLIST);
1726 add_token_u8(&err, dev, OPAL_STARTNAME);
1727 add_token_u8(&err, dev, 3);
1729 add_token_u8(&err, dev, OPAL_STARTLIST);
1732 add_token_u8(&err, dev, OPAL_STARTNAME);
1733 add_token_bytestring(&err, dev,
1734 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1736 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1737 add_token_u8(&err, dev, OPAL_ENDNAME);
1740 add_token_u8(&err, dev, OPAL_STARTNAME);
1741 add_token_bytestring(&err, dev,
1742 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1744 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1745 add_token_u8(&err, dev, OPAL_ENDNAME);
1748 add_token_u8(&err, dev, OPAL_STARTNAME);
1749 add_token_bytestring(&err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
1751 add_token_u8(&err, dev, 1);
1752 add_token_u8(&err, dev, OPAL_ENDNAME);
1755 add_token_u8(&err, dev, OPAL_ENDLIST);
1756 add_token_u8(&err, dev, OPAL_ENDNAME);
1757 add_token_u8(&err, dev, OPAL_ENDLIST);
1758 add_token_u8(&err, dev, OPAL_ENDNAME);
1761 pr_debug("Error building add user to locking range command.\n");
1765 return finalize_and_send(dev, parse_and_check_status);
1768 static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
1770 u8 lr_buffer[OPAL_UID_LENGTH];
1771 struct opal_lock_unlock *lkul = data;
1772 u8 read_locked = 1, write_locked = 1;
1775 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1776 lkul->session.opal_key.lr) < 0)
1779 switch (lkul->l_state) {
1789 /* vars are initialized to locked */
1792 pr_debug("Tried to set an invalid locking state... returning to uland\n");
1793 return OPAL_INVAL_PARAM;
1796 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1798 add_token_u8(&err, dev, OPAL_STARTNAME);
1799 add_token_u8(&err, dev, OPAL_VALUES);
1800 add_token_u8(&err, dev, OPAL_STARTLIST);
1802 add_token_u8(&err, dev, OPAL_STARTNAME);
1803 add_token_u8(&err, dev, OPAL_READLOCKED);
1804 add_token_u8(&err, dev, read_locked);
1805 add_token_u8(&err, dev, OPAL_ENDNAME);
1807 add_token_u8(&err, dev, OPAL_STARTNAME);
1808 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1809 add_token_u8(&err, dev, write_locked);
1810 add_token_u8(&err, dev, OPAL_ENDNAME);
1812 add_token_u8(&err, dev, OPAL_ENDLIST);
1813 add_token_u8(&err, dev, OPAL_ENDNAME);
1816 pr_debug("Error building SET command.\n");
1819 return finalize_and_send(dev, parse_and_check_status);
1823 static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
1825 u8 lr_buffer[OPAL_UID_LENGTH];
1826 u8 read_locked = 1, write_locked = 1;
1827 struct opal_lock_unlock *lkul = data;
1830 clear_opal_cmd(dev);
1831 set_comid(dev, dev->comid);
1833 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1834 lkul->session.opal_key.lr) < 0)
1837 switch (lkul->l_state) {
1847 /* vars are initialized to locked */
1850 pr_debug("Tried to set an invalid locking state.\n");
1851 return OPAL_INVAL_PARAM;
1853 ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
1854 read_locked, write_locked);
1857 pr_debug("Error building SET command.\n");
1860 return finalize_and_send(dev, parse_and_check_status);
1863 static int activate_lsp(struct opal_dev *dev, void *data)
1865 struct opal_lr_act *opal_act = data;
1866 u8 user_lr[OPAL_UID_LENGTH];
1870 err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID],
1871 opalmethod[OPAL_ACTIVATE]);
1873 if (opal_act->sum) {
1874 err = build_locking_range(user_lr, sizeof(user_lr),
1879 add_token_u8(&err, dev, OPAL_STARTNAME);
1880 add_token_u8(&err, dev, uint_3);
1881 add_token_u8(&err, dev, 6);
1882 add_token_u8(&err, dev, 0);
1883 add_token_u8(&err, dev, 0);
1885 add_token_u8(&err, dev, OPAL_STARTLIST);
1886 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1887 for (i = 1; i < opal_act->num_lrs; i++) {
1888 user_lr[7] = opal_act->lr[i];
1889 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1891 add_token_u8(&err, dev, OPAL_ENDLIST);
1892 add_token_u8(&err, dev, OPAL_ENDNAME);
1896 pr_debug("Error building Activate LockingSP command.\n");
1900 return finalize_and_send(dev, parse_and_check_status);
1903 /* Determine if we're in the Manufactured Inactive or Active state */
1904 static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
1909 err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID],
1914 lc_status = response_get_u64(&dev->parsed, 4);
1915 /* 0x08 is Manufactured Inactive */
1916 /* 0x09 is Manufactured */
1917 if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
1918 pr_debug("Couldn't determine the status of the Lifecycle state\n");
1925 static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
1927 const char *msid_pin;
1931 err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN);
1935 strlen = response_get_string(&dev->parsed, 4, &msid_pin);
1937 pr_debug("Couldn't extract MSID_CPIN from response\n");
1938 return OPAL_INVAL_PARAM;
1941 dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
1942 if (!dev->prev_data)
1945 dev->prev_d_len = strlen;
1950 static int end_opal_session(struct opal_dev *dev, void *data)
1954 clear_opal_cmd(dev);
1955 set_comid(dev, dev->comid);
1956 add_token_u8(&err, dev, OPAL_ENDOFSESSION);
1960 return finalize_and_send(dev, end_session_cont);
1963 static int end_opal_session_error(struct opal_dev *dev)
1965 const struct opal_step error_end_session = {
1968 return execute_step(dev, &error_end_session, 0);
1971 static inline void setup_opal_dev(struct opal_dev *dev)
1975 dev->prev_data = NULL;
1978 static int check_opal_support(struct opal_dev *dev)
1982 mutex_lock(&dev->dev_lock);
1983 setup_opal_dev(dev);
1984 ret = opal_discovery0_step(dev);
1985 dev->supported = !ret;
1986 mutex_unlock(&dev->dev_lock);
1990 static void clean_opal_dev(struct opal_dev *dev)
1993 struct opal_suspend_data *suspend, *next;
1995 mutex_lock(&dev->dev_lock);
1996 list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
1997 list_del(&suspend->node);
2000 mutex_unlock(&dev->dev_lock);
2003 void free_opal_dev(struct opal_dev *dev)
2007 clean_opal_dev(dev);
2010 EXPORT_SYMBOL(free_opal_dev);
2012 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2014 struct opal_dev *dev;
2016 dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2020 INIT_LIST_HEAD(&dev->unlk_lst);
2021 mutex_init(&dev->dev_lock);
2023 dev->send_recv = send_recv;
2024 if (check_opal_support(dev) != 0) {
2025 pr_debug("Opal is not supported on this device\n");
2031 EXPORT_SYMBOL(init_opal_dev);
2033 static int opal_secure_erase_locking_range(struct opal_dev *dev,
2034 struct opal_session_info *opal_session)
2036 const struct opal_step erase_steps[] = {
2037 { start_auth_opal_session, opal_session },
2038 { get_active_key, &opal_session->opal_key.lr },
2040 { end_opal_session, }
2044 mutex_lock(&dev->dev_lock);
2045 setup_opal_dev(dev);
2046 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2047 mutex_unlock(&dev->dev_lock);
2051 static int opal_erase_locking_range(struct opal_dev *dev,
2052 struct opal_session_info *opal_session)
2054 const struct opal_step erase_steps[] = {
2055 { start_auth_opal_session, opal_session },
2056 { erase_locking_range, opal_session },
2057 { end_opal_session, }
2061 mutex_lock(&dev->dev_lock);
2062 setup_opal_dev(dev);
2063 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2064 mutex_unlock(&dev->dev_lock);
2068 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2069 struct opal_mbr_data *opal_mbr)
2071 u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ?
2072 OPAL_TRUE : OPAL_FALSE;
2074 const struct opal_step mbr_steps[] = {
2075 { start_admin1LSP_opal_session, &opal_mbr->key },
2076 { set_mbr_done, &enable_disable },
2077 { end_opal_session, },
2078 { start_admin1LSP_opal_session, &opal_mbr->key },
2079 { set_mbr_enable_disable, &enable_disable },
2080 { end_opal_session, }
2084 if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2085 opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2088 mutex_lock(&dev->dev_lock);
2089 setup_opal_dev(dev);
2090 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2091 mutex_unlock(&dev->dev_lock);
2095 static int opal_set_mbr_done(struct opal_dev *dev,
2096 struct opal_mbr_done *mbr_done)
2098 u8 mbr_done_tf = mbr_done->done_flag == OPAL_MBR_DONE ?
2099 OPAL_TRUE : OPAL_FALSE;
2101 const struct opal_step mbr_steps[] = {
2102 { start_admin1LSP_opal_session, &mbr_done->key },
2103 { set_mbr_done, &mbr_done_tf },
2104 { end_opal_session, }
2108 if (mbr_done->done_flag != OPAL_MBR_DONE &&
2109 mbr_done->done_flag != OPAL_MBR_NOT_DONE)
2112 mutex_lock(&dev->dev_lock);
2113 setup_opal_dev(dev);
2114 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2115 mutex_unlock(&dev->dev_lock);
2119 static int opal_write_shadow_mbr(struct opal_dev *dev,
2120 struct opal_shadow_mbr *info)
2122 const struct opal_step mbr_steps[] = {
2123 { start_admin1LSP_opal_session, &info->key },
2124 { write_shadow_mbr, info },
2125 { end_opal_session, }
2129 if (info->size == 0)
2132 mutex_lock(&dev->dev_lock);
2133 setup_opal_dev(dev);
2134 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2135 mutex_unlock(&dev->dev_lock);
2139 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2141 struct opal_suspend_data *suspend;
2143 suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2147 suspend->unlk = *lk_unlk;
2148 suspend->lr = lk_unlk->session.opal_key.lr;
2150 mutex_lock(&dev->dev_lock);
2151 setup_opal_dev(dev);
2152 add_suspend_info(dev, suspend);
2153 mutex_unlock(&dev->dev_lock);
2157 static int opal_add_user_to_lr(struct opal_dev *dev,
2158 struct opal_lock_unlock *lk_unlk)
2160 const struct opal_step steps[] = {
2161 { start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2162 { add_user_to_lr, lk_unlk },
2163 { end_opal_session, }
2167 if (lk_unlk->l_state != OPAL_RO &&
2168 lk_unlk->l_state != OPAL_RW) {
2169 pr_debug("Locking state was not RO or RW\n");
2172 if (lk_unlk->session.who < OPAL_USER1 ||
2173 lk_unlk->session.who > OPAL_USER9) {
2174 pr_debug("Authority was not within the range of users: %d\n",
2175 lk_unlk->session.who);
2178 if (lk_unlk->session.sum) {
2179 pr_debug("%s not supported in sum. Use setup locking range\n",
2184 mutex_lock(&dev->dev_lock);
2185 setup_opal_dev(dev);
2186 ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2187 mutex_unlock(&dev->dev_lock);
2191 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psid)
2193 /* controller will terminate session */
2194 const struct opal_step revert_steps[] = {
2195 { start_SIDASP_opal_session, opal },
2198 const struct opal_step psid_revert_steps[] = {
2199 { start_PSID_opal_session, opal },
2205 mutex_lock(&dev->dev_lock);
2206 setup_opal_dev(dev);
2208 ret = execute_steps(dev, psid_revert_steps,
2209 ARRAY_SIZE(psid_revert_steps));
2211 ret = execute_steps(dev, revert_steps,
2212 ARRAY_SIZE(revert_steps));
2213 mutex_unlock(&dev->dev_lock);
2216 * If we successfully reverted lets clean
2217 * any saved locking ranges.
2220 clean_opal_dev(dev);
2225 static int __opal_lock_unlock(struct opal_dev *dev,
2226 struct opal_lock_unlock *lk_unlk)
2228 const struct opal_step unlock_steps[] = {
2229 { start_auth_opal_session, &lk_unlk->session },
2230 { lock_unlock_locking_range, lk_unlk },
2231 { end_opal_session, }
2233 const struct opal_step unlock_sum_steps[] = {
2234 { start_auth_opal_session, &lk_unlk->session },
2235 { lock_unlock_locking_range_sum, lk_unlk },
2236 { end_opal_session, }
2239 if (lk_unlk->session.sum)
2240 return execute_steps(dev, unlock_sum_steps,
2241 ARRAY_SIZE(unlock_sum_steps));
2243 return execute_steps(dev, unlock_steps,
2244 ARRAY_SIZE(unlock_steps));
2247 static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2249 u8 mbr_done_tf = OPAL_TRUE;
2250 const struct opal_step mbrdone_step[] = {
2251 { start_admin1LSP_opal_session, key },
2252 { set_mbr_done, &mbr_done_tf },
2253 { end_opal_session, }
2256 return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step));
2259 static int opal_lock_unlock(struct opal_dev *dev,
2260 struct opal_lock_unlock *lk_unlk)
2264 if (lk_unlk->session.who > OPAL_USER9)
2267 mutex_lock(&dev->dev_lock);
2268 ret = __opal_lock_unlock(dev, lk_unlk);
2269 mutex_unlock(&dev->dev_lock);
2273 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2275 const struct opal_step owner_steps[] = {
2276 { start_anybodyASP_opal_session, },
2277 { get_msid_cpin_pin, },
2278 { end_opal_session, },
2279 { start_SIDASP_opal_session, opal },
2280 { set_sid_cpin_pin, opal },
2281 { end_opal_session, }
2288 mutex_lock(&dev->dev_lock);
2289 setup_opal_dev(dev);
2290 ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
2291 mutex_unlock(&dev->dev_lock);
2295 static int opal_activate_lsp(struct opal_dev *dev,
2296 struct opal_lr_act *opal_lr_act)
2298 const struct opal_step active_steps[] = {
2299 { start_SIDASP_opal_session, &opal_lr_act->key },
2300 { get_lsp_lifecycle, },
2301 { activate_lsp, opal_lr_act },
2302 { end_opal_session, }
2306 if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2309 mutex_lock(&dev->dev_lock);
2310 setup_opal_dev(dev);
2311 ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
2312 mutex_unlock(&dev->dev_lock);
2316 static int opal_setup_locking_range(struct opal_dev *dev,
2317 struct opal_user_lr_setup *opal_lrs)
2319 const struct opal_step lr_steps[] = {
2320 { start_auth_opal_session, &opal_lrs->session },
2321 { setup_locking_range, opal_lrs },
2322 { end_opal_session, }
2326 mutex_lock(&dev->dev_lock);
2327 setup_opal_dev(dev);
2328 ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2329 mutex_unlock(&dev->dev_lock);
2333 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
2335 const struct opal_step pw_steps[] = {
2336 { start_auth_opal_session, &opal_pw->session },
2337 { set_new_pw, &opal_pw->new_user_pw },
2338 { end_opal_session, }
2342 if (opal_pw->session.who > OPAL_USER9 ||
2343 opal_pw->new_user_pw.who > OPAL_USER9)
2346 mutex_lock(&dev->dev_lock);
2347 setup_opal_dev(dev);
2348 ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
2349 mutex_unlock(&dev->dev_lock);
2353 static int opal_activate_user(struct opal_dev *dev,
2354 struct opal_session_info *opal_session)
2356 const struct opal_step act_steps[] = {
2357 { start_admin1LSP_opal_session, &opal_session->opal_key },
2358 { internal_activate_user, opal_session },
2359 { end_opal_session, }
2363 /* We can't activate Admin1 it's active as manufactured */
2364 if (opal_session->who < OPAL_USER1 ||
2365 opal_session->who > OPAL_USER9) {
2366 pr_debug("Who was not a valid user: %d\n", opal_session->who);
2370 mutex_lock(&dev->dev_lock);
2371 setup_opal_dev(dev);
2372 ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
2373 mutex_unlock(&dev->dev_lock);
2377 bool opal_unlock_from_suspend(struct opal_dev *dev)
2379 struct opal_suspend_data *suspend;
2380 bool was_failure = false;
2385 if (!dev->supported)
2388 mutex_lock(&dev->dev_lock);
2389 setup_opal_dev(dev);
2391 list_for_each_entry(suspend, &dev->unlk_lst, node) {
2395 ret = __opal_lock_unlock(dev, &suspend->unlk);
2397 pr_debug("Failed to unlock LR %hhu with sum %d\n",
2398 suspend->unlk.session.opal_key.lr,
2399 suspend->unlk.session.sum);
2402 if (dev->mbr_enabled) {
2403 ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
2405 pr_debug("Failed to set MBR Done in S3 resume\n");
2408 mutex_unlock(&dev->dev_lock);
2411 EXPORT_SYMBOL(opal_unlock_from_suspend);
2413 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
2418 if (!capable(CAP_SYS_ADMIN))
2422 if (!dev->supported)
2425 p = memdup_user(arg, _IOC_SIZE(cmd));
2431 ret = opal_save(dev, p);
2433 case IOC_OPAL_LOCK_UNLOCK:
2434 ret = opal_lock_unlock(dev, p);
2436 case IOC_OPAL_TAKE_OWNERSHIP:
2437 ret = opal_take_ownership(dev, p);
2439 case IOC_OPAL_ACTIVATE_LSP:
2440 ret = opal_activate_lsp(dev, p);
2442 case IOC_OPAL_SET_PW:
2443 ret = opal_set_new_pw(dev, p);
2445 case IOC_OPAL_ACTIVATE_USR:
2446 ret = opal_activate_user(dev, p);
2448 case IOC_OPAL_REVERT_TPR:
2449 ret = opal_reverttper(dev, p, false);
2451 case IOC_OPAL_LR_SETUP:
2452 ret = opal_setup_locking_range(dev, p);
2454 case IOC_OPAL_ADD_USR_TO_LR:
2455 ret = opal_add_user_to_lr(dev, p);
2457 case IOC_OPAL_ENABLE_DISABLE_MBR:
2458 ret = opal_enable_disable_shadow_mbr(dev, p);
2460 case IOC_OPAL_MBR_DONE:
2461 ret = opal_set_mbr_done(dev, p);
2463 case IOC_OPAL_WRITE_SHADOW_MBR:
2464 ret = opal_write_shadow_mbr(dev, p);
2466 case IOC_OPAL_ERASE_LR:
2467 ret = opal_erase_locking_range(dev, p);
2469 case IOC_OPAL_SECURE_ERASE_LR:
2470 ret = opal_secure_erase_locking_range(dev, p);
2472 case IOC_OPAL_PSID_REVERT_TPR:
2473 ret = opal_reverttper(dev, p, true);
2482 EXPORT_SYMBOL_GPL(sed_ioctl);
git.samba.org / sfrench / cifs-2.6.git / blob