treewide: remove SPDX "WITH Linux-syscall-note" from kernel-space headers
[sfrench/cifs-2.6.git] / block / sed-opal.c
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright © 2016 Intel Corporation
4  *
5  * Authors:
6  *    Scott  Bauer      <scott.bauer@intel.com>
7  *    Rafael Antognolli <rafael.antognolli@intel.com>
8  */
9
10 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
11
12 #include <linux/delay.h>
13 #include <linux/device.h>
14 #include <linux/kernel.h>
15 #include <linux/list.h>
16 #include <linux/genhd.h>
17 #include <linux/slab.h>
18 #include <linux/uaccess.h>
19 #include <uapi/linux/sed-opal.h>
20 #include <linux/sed-opal.h>
21 #include <linux/string.h>
22 #include <linux/kdev_t.h>
23
24 #include "opal_proto.h"
25
26 #define IO_BUFFER_LENGTH 2048
27 #define MAX_TOKS 64
28
29 struct opal_step {
30         int (*fn)(struct opal_dev *dev, void *data);
31         void *data;
32 };
33 typedef int (cont_fn)(struct opal_dev *dev);
34
35 enum opal_atom_width {
36         OPAL_WIDTH_TINY,
37         OPAL_WIDTH_SHORT,
38         OPAL_WIDTH_MEDIUM,
39         OPAL_WIDTH_LONG,
40         OPAL_WIDTH_TOKEN
41 };
42
43 /*
44  * On the parsed response, we don't store again the toks that are already
45  * stored in the response buffer. Instead, for each token, we just store a
46  * pointer to the position in the buffer where the token starts, and the size
47  * of the token in bytes.
48  */
49 struct opal_resp_tok {
50         const u8 *pos;
51         size_t len;
52         enum opal_response_token type;
53         enum opal_atom_width width;
54         union {
55                 u64 u;
56                 s64 s;
57         } stored;
58 };
59
60 /*
61  * From the response header it's not possible to know how many tokens there are
62  * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
63  * if we start dealing with messages that have more than that, we can increase
64  * this number. This is done to avoid having to make two passes through the
65  * response, the first one counting how many tokens we have and the second one
66  * actually storing the positions.
67  */
68 struct parsed_resp {
69         int num;
70         struct opal_resp_tok toks[MAX_TOKS];
71 };
72
73 struct opal_dev {
74         bool supported;
75         bool mbr_enabled;
76
77         void *data;
78         sec_send_recv *send_recv;
79
80         struct mutex dev_lock;
81         u16 comid;
82         u32 hsn;
83         u32 tsn;
84         u64 align;
85         u64 lowest_lba;
86
87         size_t pos;
88         u8 cmd[IO_BUFFER_LENGTH];
89         u8 resp[IO_BUFFER_LENGTH];
90
91         struct parsed_resp parsed;
92         size_t prev_d_len;
93         void *prev_data;
94
95         struct list_head unlk_lst;
96 };
97
98
99 static const u8 opaluid[][OPAL_UID_LENGTH] = {
100         /* users */
101         [OPAL_SMUID_UID] =
102                 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
103         [OPAL_THISSP_UID] =
104                 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
105         [OPAL_ADMINSP_UID] =
106                 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
107         [OPAL_LOCKINGSP_UID] =
108                 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
109         [OPAL_ENTERPRISE_LOCKINGSP_UID] =
110                 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
111         [OPAL_ANYBODY_UID] =
112                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
113         [OPAL_SID_UID] =
114                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
115         [OPAL_ADMIN1_UID] =
116                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
117         [OPAL_USER1_UID] =
118                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
119         [OPAL_USER2_UID] =
120                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
121         [OPAL_PSID_UID] =
122                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
123         [OPAL_ENTERPRISE_BANDMASTER0_UID] =
124                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
125         [OPAL_ENTERPRISE_ERASEMASTER_UID] =
126                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
127
128         /* tables */
129
130         [OPAL_LOCKINGRANGE_GLOBAL] =
131                 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
132         [OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
133                 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
134         [OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
135                 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
136         [OPAL_MBRCONTROL] =
137                 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
138         [OPAL_MBR] =
139                 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
140         [OPAL_AUTHORITY_TABLE] =
141                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
142         [OPAL_C_PIN_TABLE] =
143                 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
144         [OPAL_LOCKING_INFO_TABLE] =
145                 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
146         [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
147                 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
148
149         /* C_PIN_TABLE object ID's */
150
151         [OPAL_C_PIN_MSID] =
152                 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
153         [OPAL_C_PIN_SID] =
154                 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
155         [OPAL_C_PIN_ADMIN1] =
156                 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
157
158         /* half UID's (only first 4 bytes used) */
159
160         [OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
161                 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
162         [OPAL_HALF_UID_BOOLEAN_ACE] =
163                 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
164
165         /* special value for omitted optional parameter */
166         [OPAL_UID_HEXFF] =
167                 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
168 };
169
170 /*
171  * TCG Storage SSC Methods.
172  * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
173  * Section: 6.3 Assigned UIDs
174  */
175 static const u8 opalmethod[][OPAL_METHOD_LENGTH] = {
176         [OPAL_PROPERTIES] =
177                 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
178         [OPAL_STARTSESSION] =
179                 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
180         [OPAL_REVERT] =
181                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
182         [OPAL_ACTIVATE] =
183                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
184         [OPAL_EGET] =
185                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
186         [OPAL_ESET] =
187                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
188         [OPAL_NEXT] =
189                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
190         [OPAL_EAUTHENTICATE] =
191                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
192         [OPAL_GETACL] =
193                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
194         [OPAL_GENKEY] =
195                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
196         [OPAL_REVERTSP] =
197                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
198         [OPAL_GET] =
199                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
200         [OPAL_SET] =
201                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
202         [OPAL_AUTHENTICATE] =
203                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
204         [OPAL_RANDOM] =
205                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
206         [OPAL_ERASE] =
207                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
208 };
209
210 static int end_opal_session_error(struct opal_dev *dev);
211 static int opal_discovery0_step(struct opal_dev *dev);
212
213 struct opal_suspend_data {
214         struct opal_lock_unlock unlk;
215         u8 lr;
216         struct list_head node;
217 };
218
219 /*
220  * Derived from:
221  * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
222  * Section: 5.1.5 Method Status Codes
223  */
224 static const char * const opal_errors[] = {
225         "Success",
226         "Not Authorized",
227         "Unknown Error",
228         "SP Busy",
229         "SP Failed",
230         "SP Disabled",
231         "SP Frozen",
232         "No Sessions Available",
233         "Uniqueness Conflict",
234         "Insufficient Space",
235         "Insufficient Rows",
236         "Invalid Function",
237         "Invalid Parameter",
238         "Invalid Reference",
239         "Unknown Error",
240         "TPER Malfunction",
241         "Transaction Failure",
242         "Response Overflow",
243         "Authority Locked Out",
244 };
245
246 static const char *opal_error_to_human(int error)
247 {
248         if (error == 0x3f)
249                 return "Failed";
250
251         if (error >= ARRAY_SIZE(opal_errors) || error < 0)
252                 return "Unknown Error";
253
254         return opal_errors[error];
255 }
256
257 static void print_buffer(const u8 *ptr, u32 length)
258 {
259 #ifdef DEBUG
260         print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
261         pr_debug("\n");
262 #endif
263 }
264
265 static bool check_tper(const void *data)
266 {
267         const struct d0_tper_features *tper = data;
268         u8 flags = tper->supported_features;
269
270         if (!(flags & TPER_SYNC_SUPPORTED)) {
271                 pr_debug("TPer sync not supported. flags = %d\n",
272                          tper->supported_features);
273                 return false;
274         }
275
276         return true;
277 }
278
279 static bool check_mbrenabled(const void *data)
280 {
281         const struct d0_locking_features *lfeat = data;
282         u8 sup_feat = lfeat->supported_features;
283
284         return !!(sup_feat & MBR_ENABLED_MASK);
285 }
286
287 static bool check_sum(const void *data)
288 {
289         const struct d0_single_user_mode *sum = data;
290         u32 nlo = be32_to_cpu(sum->num_locking_objects);
291
292         if (nlo == 0) {
293                 pr_debug("Need at least one locking object.\n");
294                 return false;
295         }
296
297         pr_debug("Number of locking objects: %d\n", nlo);
298
299         return true;
300 }
301
302 static u16 get_comid_v100(const void *data)
303 {
304         const struct d0_opal_v100 *v100 = data;
305
306         return be16_to_cpu(v100->baseComID);
307 }
308
309 static u16 get_comid_v200(const void *data)
310 {
311         const struct d0_opal_v200 *v200 = data;
312
313         return be16_to_cpu(v200->baseComID);
314 }
315
316 static int opal_send_cmd(struct opal_dev *dev)
317 {
318         return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
319                               dev->cmd, IO_BUFFER_LENGTH,
320                               true);
321 }
322
323 static int opal_recv_cmd(struct opal_dev *dev)
324 {
325         return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
326                               dev->resp, IO_BUFFER_LENGTH,
327                               false);
328 }
329
330 static int opal_recv_check(struct opal_dev *dev)
331 {
332         size_t buflen = IO_BUFFER_LENGTH;
333         void *buffer = dev->resp;
334         struct opal_header *hdr = buffer;
335         int ret;
336
337         do {
338                 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
339                          hdr->cp.outstandingData,
340                          hdr->cp.minTransfer);
341
342                 if (hdr->cp.outstandingData == 0 ||
343                     hdr->cp.minTransfer != 0)
344                         return 0;
345
346                 memset(buffer, 0, buflen);
347                 ret = opal_recv_cmd(dev);
348         } while (!ret);
349
350         return ret;
351 }
352
353 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
354 {
355         int ret;
356
357         ret = opal_send_cmd(dev);
358         if (ret)
359                 return ret;
360         ret = opal_recv_cmd(dev);
361         if (ret)
362                 return ret;
363         ret = opal_recv_check(dev);
364         if (ret)
365                 return ret;
366         return cont(dev);
367 }
368
369 static void check_geometry(struct opal_dev *dev, const void *data)
370 {
371         const struct d0_geometry_features *geo = data;
372
373         dev->align = geo->alignment_granularity;
374         dev->lowest_lba = geo->lowest_aligned_lba;
375 }
376
377 static int execute_step(struct opal_dev *dev,
378                         const struct opal_step *step, size_t stepIndex)
379 {
380         int error = step->fn(dev, step->data);
381
382         if (error) {
383                 pr_debug("Step %zu (%pS) failed with error %d: %s\n",
384                          stepIndex, step->fn, error,
385                          opal_error_to_human(error));
386         }
387
388         return error;
389 }
390
391 static int execute_steps(struct opal_dev *dev,
392                          const struct opal_step *steps, size_t n_steps)
393 {
394         size_t state = 0;
395         int error;
396
397         /* first do a discovery0 */
398         error = opal_discovery0_step(dev);
399         if (error)
400                 return error;
401
402         for (state = 0; state < n_steps; state++) {
403                 error = execute_step(dev, &steps[state], state);
404                 if (error)
405                         goto out_error;
406         }
407
408         return 0;
409
410 out_error:
411         /*
412          * For each OPAL command the first step in steps starts some sort of
413          * session. If an error occurred in the initial discovery0 or if an
414          * error occurred in the first step (and thus stopping the loop with
415          * state == 0) then there was an error before or during the attempt to
416          * start a session. Therefore we shouldn't attempt to terminate a
417          * session, as one has not yet been created.
418          */
419         if (state > 0)
420                 end_opal_session_error(dev);
421
422         return error;
423 }
424
425 static int opal_discovery0_end(struct opal_dev *dev)
426 {
427         bool found_com_id = false, supported = true, single_user = false;
428         const struct d0_header *hdr = (struct d0_header *)dev->resp;
429         const u8 *epos = dev->resp, *cpos = dev->resp;
430         u16 comid = 0;
431         u32 hlen = be32_to_cpu(hdr->length);
432
433         print_buffer(dev->resp, hlen);
434         dev->mbr_enabled = false;
435
436         if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
437                 pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
438                          sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
439                 return -EFAULT;
440         }
441
442         epos += hlen; /* end of buffer */
443         cpos += sizeof(*hdr); /* current position on buffer */
444
445         while (cpos < epos && supported) {
446                 const struct d0_features *body =
447                         (const struct d0_features *)cpos;
448
449                 switch (be16_to_cpu(body->code)) {
450                 case FC_TPER:
451                         supported = check_tper(body->features);
452                         break;
453                 case FC_SINGLEUSER:
454                         single_user = check_sum(body->features);
455                         break;
456                 case FC_GEOMETRY:
457                         check_geometry(dev, body);
458                         break;
459                 case FC_LOCKING:
460                         dev->mbr_enabled = check_mbrenabled(body->features);
461                         break;
462                 case FC_ENTERPRISE:
463                 case FC_DATASTORE:
464                         /* some ignored properties */
465                         pr_debug("Found OPAL feature description: %d\n",
466                                  be16_to_cpu(body->code));
467                         break;
468                 case FC_OPALV100:
469                         comid = get_comid_v100(body->features);
470                         found_com_id = true;
471                         break;
472                 case FC_OPALV200:
473                         comid = get_comid_v200(body->features);
474                         found_com_id = true;
475                         break;
476                 case 0xbfff ... 0xffff:
477                         /* vendor specific, just ignore */
478                         break;
479                 default:
480                         pr_debug("OPAL Unknown feature: %d\n",
481                                  be16_to_cpu(body->code));
482
483                 }
484                 cpos += body->length + 4;
485         }
486
487         if (!supported) {
488                 pr_debug("This device is not Opal enabled. Not Supported!\n");
489                 return -EOPNOTSUPP;
490         }
491
492         if (!single_user)
493                 pr_debug("Device doesn't support single user mode\n");
494
495
496         if (!found_com_id) {
497                 pr_debug("Could not find OPAL comid for device. Returning early\n");
498                 return -EOPNOTSUPP;
499         }
500
501         dev->comid = comid;
502
503         return 0;
504 }
505
506 static int opal_discovery0(struct opal_dev *dev, void *data)
507 {
508         int ret;
509
510         memset(dev->resp, 0, IO_BUFFER_LENGTH);
511         dev->comid = OPAL_DISCOVERY_COMID;
512         ret = opal_recv_cmd(dev);
513         if (ret)
514                 return ret;
515         return opal_discovery0_end(dev);
516 }
517
518 static int opal_discovery0_step(struct opal_dev *dev)
519 {
520         const struct opal_step discovery0_step = {
521                 opal_discovery0,
522         };
523         return execute_step(dev, &discovery0_step, 0);
524 }
525
526 static bool can_add(int *err, struct opal_dev *cmd, size_t len)
527 {
528         if (*err)
529                 return false;
530
531         if (len > IO_BUFFER_LENGTH || cmd->pos > IO_BUFFER_LENGTH - len) {
532                 pr_debug("Error adding %zu bytes: end of buffer.\n", len);
533                 *err = -ERANGE;
534                 return false;
535         }
536
537         return true;
538 }
539
540 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
541 {
542         if (!can_add(err, cmd, 1))
543                 return;
544         cmd->cmd[cmd->pos++] = tok;
545 }
546
547 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
548                                   bool has_sign, int len)
549 {
550         u8 atom;
551         int err = 0;
552
553         atom = SHORT_ATOM_ID;
554         atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
555         atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
556         atom |= len & SHORT_ATOM_LEN_MASK;
557
558         add_token_u8(&err, cmd, atom);
559 }
560
561 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
562                                    bool has_sign, int len)
563 {
564         u8 header0;
565
566         header0 = MEDIUM_ATOM_ID;
567         header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
568         header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
569         header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
570         cmd->cmd[cmd->pos++] = header0;
571         cmd->cmd[cmd->pos++] = len;
572 }
573
574 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
575 {
576         size_t len;
577         int msb;
578
579         if (!(number & ~TINY_ATOM_DATA_MASK)) {
580                 add_token_u8(err, cmd, number);
581                 return;
582         }
583
584         msb = fls64(number);
585         len = DIV_ROUND_UP(msb, 8);
586
587         if (!can_add(err, cmd, len + 1)) {
588                 pr_debug("Error adding u64: end of buffer.\n");
589                 return;
590         }
591         add_short_atom_header(cmd, false, false, len);
592         while (len--)
593                 add_token_u8(err, cmd, number >> (len * 8));
594 }
595
596 static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len)
597 {
598         size_t header_len = 1;
599         bool is_short_atom = true;
600
601         if (len & ~SHORT_ATOM_LEN_MASK) {
602                 header_len = 2;
603                 is_short_atom = false;
604         }
605
606         if (!can_add(err, cmd, header_len + len)) {
607                 pr_debug("Error adding bytestring: end of buffer.\n");
608                 return NULL;
609         }
610
611         if (is_short_atom)
612                 add_short_atom_header(cmd, true, false, len);
613         else
614                 add_medium_atom_header(cmd, true, false, len);
615
616         return &cmd->cmd[cmd->pos];
617 }
618
619 static void add_token_bytestring(int *err, struct opal_dev *cmd,
620                                  const u8 *bytestring, size_t len)
621 {
622         u8 *start;
623
624         start = add_bytestring_header(err, cmd, len);
625         if (!start)
626                 return;
627         memcpy(start, bytestring, len);
628         cmd->pos += len;
629 }
630
631 static int build_locking_range(u8 *buffer, size_t length, u8 lr)
632 {
633         if (length > OPAL_UID_LENGTH) {
634                 pr_debug("Can't build locking range. Length OOB\n");
635                 return -ERANGE;
636         }
637
638         memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
639
640         if (lr == 0)
641                 return 0;
642         buffer[5] = LOCKING_RANGE_NON_GLOBAL;
643         buffer[7] = lr;
644
645         return 0;
646 }
647
648 static int build_locking_user(u8 *buffer, size_t length, u8 lr)
649 {
650         if (length > OPAL_UID_LENGTH) {
651                 pr_debug("Can't build locking range user. Length OOB\n");
652                 return -ERANGE;
653         }
654
655         memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
656
657         buffer[7] = lr + 1;
658
659         return 0;
660 }
661
662 static void set_comid(struct opal_dev *cmd, u16 comid)
663 {
664         struct opal_header *hdr = (struct opal_header *)cmd->cmd;
665
666         hdr->cp.extendedComID[0] = comid >> 8;
667         hdr->cp.extendedComID[1] = comid;
668         hdr->cp.extendedComID[2] = 0;
669         hdr->cp.extendedComID[3] = 0;
670 }
671
672 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
673 {
674         struct opal_header *hdr;
675         int err = 0;
676
677         /* close the parameter list opened from cmd_start */
678         add_token_u8(&err, cmd, OPAL_ENDLIST);
679
680         add_token_u8(&err, cmd, OPAL_ENDOFDATA);
681         add_token_u8(&err, cmd, OPAL_STARTLIST);
682         add_token_u8(&err, cmd, 0);
683         add_token_u8(&err, cmd, 0);
684         add_token_u8(&err, cmd, 0);
685         add_token_u8(&err, cmd, OPAL_ENDLIST);
686
687         if (err) {
688                 pr_debug("Error finalizing command.\n");
689                 return -EFAULT;
690         }
691
692         hdr = (struct opal_header *) cmd->cmd;
693
694         hdr->pkt.tsn = cpu_to_be32(tsn);
695         hdr->pkt.hsn = cpu_to_be32(hsn);
696
697         hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
698         while (cmd->pos % 4) {
699                 if (cmd->pos >= IO_BUFFER_LENGTH) {
700                         pr_debug("Error: Buffer overrun\n");
701                         return -ERANGE;
702                 }
703                 cmd->cmd[cmd->pos++] = 0;
704         }
705         hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
706                                       sizeof(hdr->pkt));
707         hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
708
709         return 0;
710 }
711
712 static const struct opal_resp_tok *response_get_token(
713                                 const struct parsed_resp *resp,
714                                 int n)
715 {
716         const struct opal_resp_tok *tok;
717
718         if (!resp) {
719                 pr_debug("Response is NULL\n");
720                 return ERR_PTR(-EINVAL);
721         }
722
723         if (n >= resp->num) {
724                 pr_debug("Token number doesn't exist: %d, resp: %d\n",
725                          n, resp->num);
726                 return ERR_PTR(-EINVAL);
727         }
728
729         tok = &resp->toks[n];
730         if (tok->len == 0) {
731                 pr_debug("Token length must be non-zero\n");
732                 return ERR_PTR(-EINVAL);
733         }
734
735         return tok;
736 }
737
738 static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
739                                    const u8 *pos)
740 {
741         tok->pos = pos;
742         tok->len = 1;
743         tok->width = OPAL_WIDTH_TINY;
744
745         if (pos[0] & TINY_ATOM_SIGNED) {
746                 tok->type = OPAL_DTA_TOKENID_SINT;
747         } else {
748                 tok->type = OPAL_DTA_TOKENID_UINT;
749                 tok->stored.u = pos[0] & 0x3f;
750         }
751
752         return tok->len;
753 }
754
755 static ssize_t response_parse_short(struct opal_resp_tok *tok,
756                                     const u8 *pos)
757 {
758         tok->pos = pos;
759         tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
760         tok->width = OPAL_WIDTH_SHORT;
761
762         if (pos[0] & SHORT_ATOM_BYTESTRING) {
763                 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
764         } else if (pos[0] & SHORT_ATOM_SIGNED) {
765                 tok->type = OPAL_DTA_TOKENID_SINT;
766         } else {
767                 u64 u_integer = 0;
768                 ssize_t i, b = 0;
769
770                 tok->type = OPAL_DTA_TOKENID_UINT;
771                 if (tok->len > 9) {
772                         pr_debug("uint64 with more than 8 bytes\n");
773                         return -EINVAL;
774                 }
775                 for (i = tok->len - 1; i > 0; i--) {
776                         u_integer |= ((u64)pos[i] << (8 * b));
777                         b++;
778                 }
779                 tok->stored.u = u_integer;
780         }
781
782         return tok->len;
783 }
784
785 static ssize_t response_parse_medium(struct opal_resp_tok *tok,
786                                      const u8 *pos)
787 {
788         tok->pos = pos;
789         tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
790         tok->width = OPAL_WIDTH_MEDIUM;
791
792         if (pos[0] & MEDIUM_ATOM_BYTESTRING)
793                 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
794         else if (pos[0] & MEDIUM_ATOM_SIGNED)
795                 tok->type = OPAL_DTA_TOKENID_SINT;
796         else
797                 tok->type = OPAL_DTA_TOKENID_UINT;
798
799         return tok->len;
800 }
801
802 static ssize_t response_parse_long(struct opal_resp_tok *tok,
803                                    const u8 *pos)
804 {
805         tok->pos = pos;
806         tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
807         tok->width = OPAL_WIDTH_LONG;
808
809         if (pos[0] & LONG_ATOM_BYTESTRING)
810                 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
811         else if (pos[0] & LONG_ATOM_SIGNED)
812                 tok->type = OPAL_DTA_TOKENID_SINT;
813         else
814                 tok->type = OPAL_DTA_TOKENID_UINT;
815
816         return tok->len;
817 }
818
819 static ssize_t response_parse_token(struct opal_resp_tok *tok,
820                                     const u8 *pos)
821 {
822         tok->pos = pos;
823         tok->len = 1;
824         tok->type = OPAL_DTA_TOKENID_TOKEN;
825         tok->width = OPAL_WIDTH_TOKEN;
826
827         return tok->len;
828 }
829
830 static int response_parse(const u8 *buf, size_t length,
831                           struct parsed_resp *resp)
832 {
833         const struct opal_header *hdr;
834         struct opal_resp_tok *iter;
835         int num_entries = 0;
836         int total;
837         ssize_t token_length;
838         const u8 *pos;
839         u32 clen, plen, slen;
840
841         if (!buf)
842                 return -EFAULT;
843
844         if (!resp)
845                 return -EFAULT;
846
847         hdr = (struct opal_header *)buf;
848         pos = buf;
849         pos += sizeof(*hdr);
850
851         clen = be32_to_cpu(hdr->cp.length);
852         plen = be32_to_cpu(hdr->pkt.length);
853         slen = be32_to_cpu(hdr->subpkt.length);
854         pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
855                  clen, plen, slen);
856
857         if (clen == 0 || plen == 0 || slen == 0 ||
858             slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
859                 pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
860                          clen, plen, slen);
861                 print_buffer(pos, sizeof(*hdr));
862                 return -EINVAL;
863         }
864
865         if (pos > buf + length)
866                 return -EFAULT;
867
868         iter = resp->toks;
869         total = slen;
870         print_buffer(pos, total);
871         while (total > 0) {
872                 if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
873                         token_length = response_parse_tiny(iter, pos);
874                 else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
875                         token_length = response_parse_short(iter, pos);
876                 else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
877                         token_length = response_parse_medium(iter, pos);
878                 else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
879                         token_length = response_parse_long(iter, pos);
880                 else /* TOKEN */
881                         token_length = response_parse_token(iter, pos);
882
883                 if (token_length < 0)
884                         return token_length;
885
886                 pos += token_length;
887                 total -= token_length;
888                 iter++;
889                 num_entries++;
890         }
891
892         if (num_entries == 0) {
893                 pr_debug("Couldn't parse response.\n");
894                 return -EINVAL;
895         }
896         resp->num = num_entries;
897
898         return 0;
899 }
900
901 static size_t response_get_string(const struct parsed_resp *resp, int n,
902                                   const char **store)
903 {
904         u8 skip;
905         const struct opal_resp_tok *tok;
906
907         *store = NULL;
908         tok = response_get_token(resp, n);
909         if (IS_ERR(tok))
910                 return 0;
911
912         if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) {
913                 pr_debug("Token is not a byte string!\n");
914                 return 0;
915         }
916
917         switch (tok->width) {
918         case OPAL_WIDTH_TINY:
919         case OPAL_WIDTH_SHORT:
920                 skip = 1;
921                 break;
922         case OPAL_WIDTH_MEDIUM:
923                 skip = 2;
924                 break;
925         case OPAL_WIDTH_LONG:
926                 skip = 4;
927                 break;
928         default:
929                 pr_debug("Token has invalid width!\n");
930                 return 0;
931         }
932
933         *store = tok->pos + skip;
934         return tok->len - skip;
935 }
936
937 static u64 response_get_u64(const struct parsed_resp *resp, int n)
938 {
939         const struct opal_resp_tok *tok;
940
941         tok = response_get_token(resp, n);
942         if (IS_ERR(tok))
943                 return 0;
944
945         if (tok->type != OPAL_DTA_TOKENID_UINT) {
946                 pr_debug("Token is not unsigned int: %d\n", tok->type);
947                 return 0;
948         }
949
950         if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) {
951                 pr_debug("Atom is not short or tiny: %d\n", tok->width);
952                 return 0;
953         }
954
955         return tok->stored.u;
956 }
957
958 static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
959 {
960         if (IS_ERR(token) ||
961             token->type != OPAL_DTA_TOKENID_TOKEN ||
962             token->pos[0] != match)
963                 return false;
964         return true;
965 }
966
967 static u8 response_status(const struct parsed_resp *resp)
968 {
969         const struct opal_resp_tok *tok;
970
971         tok = response_get_token(resp, 0);
972         if (response_token_matches(tok, OPAL_ENDOFSESSION))
973                 return 0;
974
975         if (resp->num < 5)
976                 return DTAERROR_NO_METHOD_STATUS;
977
978         tok = response_get_token(resp, resp->num - 5);
979         if (!response_token_matches(tok, OPAL_STARTLIST))
980                 return DTAERROR_NO_METHOD_STATUS;
981
982         tok = response_get_token(resp, resp->num - 1);
983         if (!response_token_matches(tok, OPAL_ENDLIST))
984                 return DTAERROR_NO_METHOD_STATUS;
985
986         return response_get_u64(resp, resp->num - 4);
987 }
988
989 /* Parses and checks for errors */
990 static int parse_and_check_status(struct opal_dev *dev)
991 {
992         int error;
993
994         print_buffer(dev->cmd, dev->pos);
995
996         error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
997         if (error) {
998                 pr_debug("Couldn't parse response.\n");
999                 return error;
1000         }
1001
1002         return response_status(&dev->parsed);
1003 }
1004
1005 static void clear_opal_cmd(struct opal_dev *dev)
1006 {
1007         dev->pos = sizeof(struct opal_header);
1008         memset(dev->cmd, 0, IO_BUFFER_LENGTH);
1009 }
1010
1011 static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method)
1012 {
1013         int err = 0;
1014
1015         clear_opal_cmd(dev);
1016         set_comid(dev, dev->comid);
1017
1018         add_token_u8(&err, dev, OPAL_CALL);
1019         add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1020         add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH);
1021
1022         /*
1023          * Every method call is followed by its parameters enclosed within
1024          * OPAL_STARTLIST and OPAL_ENDLIST tokens. We automatically open the
1025          * parameter list here and close it later in cmd_finalize.
1026          */
1027         add_token_u8(&err, dev, OPAL_STARTLIST);
1028
1029         return err;
1030 }
1031
1032 static int start_opal_session_cont(struct opal_dev *dev)
1033 {
1034         u32 hsn, tsn;
1035         int error = 0;
1036
1037         error = parse_and_check_status(dev);
1038         if (error)
1039                 return error;
1040
1041         hsn = response_get_u64(&dev->parsed, 4);
1042         tsn = response_get_u64(&dev->parsed, 5);
1043
1044         if (hsn == 0 && tsn == 0) {
1045                 pr_debug("Couldn't authenticate session\n");
1046                 return -EPERM;
1047         }
1048
1049         dev->hsn = hsn;
1050         dev->tsn = tsn;
1051         return 0;
1052 }
1053
1054 static void add_suspend_info(struct opal_dev *dev,
1055                              struct opal_suspend_data *sus)
1056 {
1057         struct opal_suspend_data *iter;
1058
1059         list_for_each_entry(iter, &dev->unlk_lst, node) {
1060                 if (iter->lr == sus->lr) {
1061                         list_del(&iter->node);
1062                         kfree(iter);
1063                         break;
1064                 }
1065         }
1066         list_add_tail(&sus->node, &dev->unlk_lst);
1067 }
1068
1069 static int end_session_cont(struct opal_dev *dev)
1070 {
1071         dev->hsn = 0;
1072         dev->tsn = 0;
1073         return parse_and_check_status(dev);
1074 }
1075
1076 static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1077 {
1078         int ret;
1079
1080         ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1081         if (ret) {
1082                 pr_debug("Error finalizing command buffer: %d\n", ret);
1083                 return ret;
1084         }
1085
1086         print_buffer(dev->cmd, dev->pos);
1087
1088         return opal_send_recv(dev, cont);
1089 }
1090
1091 /*
1092  * request @column from table @table on device @dev. On success, the column
1093  * data will be available in dev->resp->tok[4]
1094  */
1095 static int generic_get_column(struct opal_dev *dev, const u8 *table,
1096                               u64 column)
1097 {
1098         int err;
1099
1100         err = cmd_start(dev, table, opalmethod[OPAL_GET]);
1101
1102         add_token_u8(&err, dev, OPAL_STARTLIST);
1103
1104         add_token_u8(&err, dev, OPAL_STARTNAME);
1105         add_token_u8(&err, dev, OPAL_STARTCOLUMN);
1106         add_token_u64(&err, dev, column);
1107         add_token_u8(&err, dev, OPAL_ENDNAME);
1108
1109         add_token_u8(&err, dev, OPAL_STARTNAME);
1110         add_token_u8(&err, dev, OPAL_ENDCOLUMN);
1111         add_token_u64(&err, dev, column);
1112         add_token_u8(&err, dev, OPAL_ENDNAME);
1113
1114         add_token_u8(&err, dev, OPAL_ENDLIST);
1115
1116         if (err)
1117                 return err;
1118
1119         return finalize_and_send(dev, parse_and_check_status);
1120 }
1121
1122 static int gen_key(struct opal_dev *dev, void *data)
1123 {
1124         u8 uid[OPAL_UID_LENGTH];
1125         int err;
1126
1127         memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1128         kfree(dev->prev_data);
1129         dev->prev_data = NULL;
1130
1131         err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]);
1132
1133         if (err) {
1134                 pr_debug("Error building gen key command\n");
1135                 return err;
1136
1137         }
1138         return finalize_and_send(dev, parse_and_check_status);
1139 }
1140
1141 static int get_active_key_cont(struct opal_dev *dev)
1142 {
1143         const char *activekey;
1144         size_t keylen;
1145         int error = 0;
1146
1147         error = parse_and_check_status(dev);
1148         if (error)
1149                 return error;
1150         keylen = response_get_string(&dev->parsed, 4, &activekey);
1151         if (!activekey) {
1152                 pr_debug("%s: Couldn't extract the Activekey from the response\n",
1153                          __func__);
1154                 return OPAL_INVAL_PARAM;
1155         }
1156         dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1157
1158         if (!dev->prev_data)
1159                 return -ENOMEM;
1160
1161         dev->prev_d_len = keylen;
1162
1163         return 0;
1164 }
1165
1166 static int get_active_key(struct opal_dev *dev, void *data)
1167 {
1168         u8 uid[OPAL_UID_LENGTH];
1169         int err;
1170         u8 *lr = data;
1171
1172         err = build_locking_range(uid, sizeof(uid), *lr);
1173         if (err)
1174                 return err;
1175
1176         err = generic_get_column(dev, uid, OPAL_ACTIVEKEY);
1177         if (err)
1178                 return err;
1179
1180         return get_active_key_cont(dev);
1181 }
1182
1183 static int generic_lr_enable_disable(struct opal_dev *dev,
1184                                      u8 *uid, bool rle, bool wle,
1185                                      bool rl, bool wl)
1186 {
1187         int err;
1188
1189         err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1190
1191         add_token_u8(&err, dev, OPAL_STARTNAME);
1192         add_token_u8(&err, dev, OPAL_VALUES);
1193         add_token_u8(&err, dev, OPAL_STARTLIST);
1194
1195         add_token_u8(&err, dev, OPAL_STARTNAME);
1196         add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1197         add_token_u8(&err, dev, rle);
1198         add_token_u8(&err, dev, OPAL_ENDNAME);
1199
1200         add_token_u8(&err, dev, OPAL_STARTNAME);
1201         add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1202         add_token_u8(&err, dev, wle);
1203         add_token_u8(&err, dev, OPAL_ENDNAME);
1204
1205         add_token_u8(&err, dev, OPAL_STARTNAME);
1206         add_token_u8(&err, dev, OPAL_READLOCKED);
1207         add_token_u8(&err, dev, rl);
1208         add_token_u8(&err, dev, OPAL_ENDNAME);
1209
1210         add_token_u8(&err, dev, OPAL_STARTNAME);
1211         add_token_u8(&err, dev, OPAL_WRITELOCKED);
1212         add_token_u8(&err, dev, wl);
1213         add_token_u8(&err, dev, OPAL_ENDNAME);
1214
1215         add_token_u8(&err, dev, OPAL_ENDLIST);
1216         add_token_u8(&err, dev, OPAL_ENDNAME);
1217         return err;
1218 }
1219
1220 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1221                                    struct opal_user_lr_setup *setup)
1222 {
1223         int err;
1224
1225         err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1226                                         0, 0);
1227         if (err)
1228                 pr_debug("Failed to create enable global lr command\n");
1229         return err;
1230 }
1231
1232 static int setup_locking_range(struct opal_dev *dev, void *data)
1233 {
1234         u8 uid[OPAL_UID_LENGTH];
1235         struct opal_user_lr_setup *setup = data;
1236         u8 lr;
1237         int err;
1238
1239         lr = setup->session.opal_key.lr;
1240         err = build_locking_range(uid, sizeof(uid), lr);
1241         if (err)
1242                 return err;
1243
1244         if (lr == 0)
1245                 err = enable_global_lr(dev, uid, setup);
1246         else {
1247                 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1248
1249                 add_token_u8(&err, dev, OPAL_STARTNAME);
1250                 add_token_u8(&err, dev, OPAL_VALUES);
1251                 add_token_u8(&err, dev, OPAL_STARTLIST);
1252
1253                 add_token_u8(&err, dev, OPAL_STARTNAME);
1254                 add_token_u8(&err, dev, OPAL_RANGESTART);
1255                 add_token_u64(&err, dev, setup->range_start);
1256                 add_token_u8(&err, dev, OPAL_ENDNAME);
1257
1258                 add_token_u8(&err, dev, OPAL_STARTNAME);
1259                 add_token_u8(&err, dev, OPAL_RANGELENGTH);
1260                 add_token_u64(&err, dev, setup->range_length);
1261                 add_token_u8(&err, dev, OPAL_ENDNAME);
1262
1263                 add_token_u8(&err, dev, OPAL_STARTNAME);
1264                 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1265                 add_token_u64(&err, dev, !!setup->RLE);
1266                 add_token_u8(&err, dev, OPAL_ENDNAME);
1267
1268                 add_token_u8(&err, dev, OPAL_STARTNAME);
1269                 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1270                 add_token_u64(&err, dev, !!setup->WLE);
1271                 add_token_u8(&err, dev, OPAL_ENDNAME);
1272
1273                 add_token_u8(&err, dev, OPAL_ENDLIST);
1274                 add_token_u8(&err, dev, OPAL_ENDNAME);
1275         }
1276         if (err) {
1277                 pr_debug("Error building Setup Locking range command.\n");
1278                 return err;
1279
1280         }
1281
1282         return finalize_and_send(dev, parse_and_check_status);
1283 }
1284
1285 static int start_generic_opal_session(struct opal_dev *dev,
1286                                       enum opal_uid auth,
1287                                       enum opal_uid sp_type,
1288                                       const char *key,
1289                                       u8 key_len)
1290 {
1291         u32 hsn;
1292         int err;
1293
1294         if (key == NULL && auth != OPAL_ANYBODY_UID)
1295                 return OPAL_INVAL_PARAM;
1296
1297         hsn = GENERIC_HOST_SESSION_NUM;
1298         err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1299                         opalmethod[OPAL_STARTSESSION]);
1300
1301         add_token_u64(&err, dev, hsn);
1302         add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1303         add_token_u8(&err, dev, 1);
1304
1305         switch (auth) {
1306         case OPAL_ANYBODY_UID:
1307                 break;
1308         case OPAL_ADMIN1_UID:
1309         case OPAL_SID_UID:
1310                 add_token_u8(&err, dev, OPAL_STARTNAME);
1311                 add_token_u8(&err, dev, 0); /* HostChallenge */
1312                 add_token_bytestring(&err, dev, key, key_len);
1313                 add_token_u8(&err, dev, OPAL_ENDNAME);
1314                 add_token_u8(&err, dev, OPAL_STARTNAME);
1315                 add_token_u8(&err, dev, 3); /* HostSignAuth */
1316                 add_token_bytestring(&err, dev, opaluid[auth],
1317                                      OPAL_UID_LENGTH);
1318                 add_token_u8(&err, dev, OPAL_ENDNAME);
1319                 break;
1320         default:
1321                 pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1322                 return OPAL_INVAL_PARAM;
1323         }
1324
1325         if (err) {
1326                 pr_debug("Error building start adminsp session command.\n");
1327                 return err;
1328         }
1329
1330         return finalize_and_send(dev, start_opal_session_cont);
1331 }
1332
1333 static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1334 {
1335         return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1336                                           OPAL_ADMINSP_UID, NULL, 0);
1337 }
1338
1339 static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1340 {
1341         int ret;
1342         const u8 *key = dev->prev_data;
1343
1344         if (!key) {
1345                 const struct opal_key *okey = data;
1346
1347                 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1348                                                  OPAL_ADMINSP_UID,
1349                                                  okey->key,
1350                                                  okey->key_len);
1351         } else {
1352                 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1353                                                  OPAL_ADMINSP_UID,
1354                                                  key, dev->prev_d_len);
1355                 kfree(key);
1356                 dev->prev_data = NULL;
1357         }
1358         return ret;
1359 }
1360
1361 static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1362 {
1363         struct opal_key *key = data;
1364
1365         return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1366                                           OPAL_LOCKINGSP_UID,
1367                                           key->key, key->key_len);
1368 }
1369
1370 static int start_auth_opal_session(struct opal_dev *dev, void *data)
1371 {
1372         struct opal_session_info *session = data;
1373         u8 lk_ul_user[OPAL_UID_LENGTH];
1374         size_t keylen = session->opal_key.key_len;
1375         int err = 0;
1376
1377         u8 *key = session->opal_key.key;
1378         u32 hsn = GENERIC_HOST_SESSION_NUM;
1379
1380         if (session->sum)
1381                 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1382                                          session->opal_key.lr);
1383         else if (session->who != OPAL_ADMIN1 && !session->sum)
1384                 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1385                                          session->who - 1);
1386         else
1387                 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1388
1389         if (err)
1390                 return err;
1391
1392         err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1393                         opalmethod[OPAL_STARTSESSION]);
1394
1395         add_token_u64(&err, dev, hsn);
1396         add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1397                              OPAL_UID_LENGTH);
1398         add_token_u8(&err, dev, 1);
1399         add_token_u8(&err, dev, OPAL_STARTNAME);
1400         add_token_u8(&err, dev, 0);
1401         add_token_bytestring(&err, dev, key, keylen);
1402         add_token_u8(&err, dev, OPAL_ENDNAME);
1403         add_token_u8(&err, dev, OPAL_STARTNAME);
1404         add_token_u8(&err, dev, 3);
1405         add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1406         add_token_u8(&err, dev, OPAL_ENDNAME);
1407
1408         if (err) {
1409                 pr_debug("Error building STARTSESSION command.\n");
1410                 return err;
1411         }
1412
1413         return finalize_and_send(dev, start_opal_session_cont);
1414 }
1415
1416 static int revert_tper(struct opal_dev *dev, void *data)
1417 {
1418         int err;
1419
1420         err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID],
1421                         opalmethod[OPAL_REVERT]);
1422         if (err) {
1423                 pr_debug("Error building REVERT TPER command.\n");
1424                 return err;
1425         }
1426
1427         return finalize_and_send(dev, parse_and_check_status);
1428 }
1429
1430 static int internal_activate_user(struct opal_dev *dev, void *data)
1431 {
1432         struct opal_session_info *session = data;
1433         u8 uid[OPAL_UID_LENGTH];
1434         int err;
1435
1436         memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1437         uid[7] = session->who;
1438
1439         err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1440         add_token_u8(&err, dev, OPAL_STARTNAME);
1441         add_token_u8(&err, dev, OPAL_VALUES);
1442         add_token_u8(&err, dev, OPAL_STARTLIST);
1443         add_token_u8(&err, dev, OPAL_STARTNAME);
1444         add_token_u8(&err, dev, 5); /* Enabled */
1445         add_token_u8(&err, dev, OPAL_TRUE);
1446         add_token_u8(&err, dev, OPAL_ENDNAME);
1447         add_token_u8(&err, dev, OPAL_ENDLIST);
1448         add_token_u8(&err, dev, OPAL_ENDNAME);
1449
1450         if (err) {
1451                 pr_debug("Error building Activate UserN command.\n");
1452                 return err;
1453         }
1454
1455         return finalize_and_send(dev, parse_and_check_status);
1456 }
1457
1458 static int erase_locking_range(struct opal_dev *dev, void *data)
1459 {
1460         struct opal_session_info *session = data;
1461         u8 uid[OPAL_UID_LENGTH];
1462         int err;
1463
1464         if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1465                 return -ERANGE;
1466
1467         err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]);
1468
1469         if (err) {
1470                 pr_debug("Error building Erase Locking Range Command.\n");
1471                 return err;
1472         }
1473         return finalize_and_send(dev, parse_and_check_status);
1474 }
1475
1476 static int set_mbr_done(struct opal_dev *dev, void *data)
1477 {
1478         u8 *mbr_done_tf = data;
1479         int err;
1480
1481         err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1482                         opalmethod[OPAL_SET]);
1483
1484         add_token_u8(&err, dev, OPAL_STARTNAME);
1485         add_token_u8(&err, dev, OPAL_VALUES);
1486         add_token_u8(&err, dev, OPAL_STARTLIST);
1487         add_token_u8(&err, dev, OPAL_STARTNAME);
1488         add_token_u8(&err, dev, OPAL_MBRDONE);
1489         add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */
1490         add_token_u8(&err, dev, OPAL_ENDNAME);
1491         add_token_u8(&err, dev, OPAL_ENDLIST);
1492         add_token_u8(&err, dev, OPAL_ENDNAME);
1493
1494         if (err) {
1495                 pr_debug("Error Building set MBR Done command\n");
1496                 return err;
1497         }
1498
1499         return finalize_and_send(dev, parse_and_check_status);
1500 }
1501
1502 static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1503 {
1504         u8 *mbr_en_dis = data;
1505         int err;
1506
1507         err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1508                         opalmethod[OPAL_SET]);
1509
1510         add_token_u8(&err, dev, OPAL_STARTNAME);
1511         add_token_u8(&err, dev, OPAL_VALUES);
1512         add_token_u8(&err, dev, OPAL_STARTLIST);
1513         add_token_u8(&err, dev, OPAL_STARTNAME);
1514         add_token_u8(&err, dev, OPAL_MBRENABLE);
1515         add_token_u8(&err, dev, *mbr_en_dis);
1516         add_token_u8(&err, dev, OPAL_ENDNAME);
1517         add_token_u8(&err, dev, OPAL_ENDLIST);
1518         add_token_u8(&err, dev, OPAL_ENDNAME);
1519
1520         if (err) {
1521                 pr_debug("Error Building set MBR done command\n");
1522                 return err;
1523         }
1524
1525         return finalize_and_send(dev, parse_and_check_status);
1526 }
1527
1528 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1529                           struct opal_dev *dev)
1530 {
1531         int err;
1532
1533         err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]);
1534
1535         add_token_u8(&err, dev, OPAL_STARTNAME);
1536         add_token_u8(&err, dev, OPAL_VALUES);
1537         add_token_u8(&err, dev, OPAL_STARTLIST);
1538         add_token_u8(&err, dev, OPAL_STARTNAME);
1539         add_token_u8(&err, dev, OPAL_PIN);
1540         add_token_bytestring(&err, dev, key, key_len);
1541         add_token_u8(&err, dev, OPAL_ENDNAME);
1542         add_token_u8(&err, dev, OPAL_ENDLIST);
1543         add_token_u8(&err, dev, OPAL_ENDNAME);
1544
1545         return err;
1546 }
1547
1548 static int set_new_pw(struct opal_dev *dev, void *data)
1549 {
1550         u8 cpin_uid[OPAL_UID_LENGTH];
1551         struct opal_session_info *usr = data;
1552
1553         memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1554
1555         if (usr->who != OPAL_ADMIN1) {
1556                 cpin_uid[5] = 0x03;
1557                 if (usr->sum)
1558                         cpin_uid[7] = usr->opal_key.lr + 1;
1559                 else
1560                         cpin_uid[7] = usr->who;
1561         }
1562
1563         if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
1564                            cpin_uid, dev)) {
1565                 pr_debug("Error building set password command.\n");
1566                 return -ERANGE;
1567         }
1568
1569         return finalize_and_send(dev, parse_and_check_status);
1570 }
1571
1572 static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
1573 {
1574         u8 cpin_uid[OPAL_UID_LENGTH];
1575         struct opal_key *key = data;
1576
1577         memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
1578
1579         if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
1580                 pr_debug("Error building Set SID cpin\n");
1581                 return -ERANGE;
1582         }
1583         return finalize_and_send(dev, parse_and_check_status);
1584 }
1585
1586 static int add_user_to_lr(struct opal_dev *dev, void *data)
1587 {
1588         u8 lr_buffer[OPAL_UID_LENGTH];
1589         u8 user_uid[OPAL_UID_LENGTH];
1590         struct opal_lock_unlock *lkul = data;
1591         int err;
1592
1593         memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_RDLOCKED],
1594                OPAL_UID_LENGTH);
1595
1596         if (lkul->l_state == OPAL_RW)
1597                 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_WRLOCKED],
1598                        OPAL_UID_LENGTH);
1599
1600         lr_buffer[7] = lkul->session.opal_key.lr;
1601
1602         memcpy(user_uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1603
1604         user_uid[7] = lkul->session.who;
1605
1606         err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1607
1608         add_token_u8(&err, dev, OPAL_STARTNAME);
1609         add_token_u8(&err, dev, OPAL_VALUES);
1610
1611         add_token_u8(&err, dev, OPAL_STARTLIST);
1612         add_token_u8(&err, dev, OPAL_STARTNAME);
1613         add_token_u8(&err, dev, 3);
1614
1615         add_token_u8(&err, dev, OPAL_STARTLIST);
1616
1617
1618         add_token_u8(&err, dev, OPAL_STARTNAME);
1619         add_token_bytestring(&err, dev,
1620                              opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1621                              OPAL_UID_LENGTH/2);
1622         add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1623         add_token_u8(&err, dev, OPAL_ENDNAME);
1624
1625
1626         add_token_u8(&err, dev, OPAL_STARTNAME);
1627         add_token_bytestring(&err, dev,
1628                              opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1629                              OPAL_UID_LENGTH/2);
1630         add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1631         add_token_u8(&err, dev, OPAL_ENDNAME);
1632
1633
1634         add_token_u8(&err, dev, OPAL_STARTNAME);
1635         add_token_bytestring(&err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
1636                              OPAL_UID_LENGTH/2);
1637         add_token_u8(&err, dev, 1);
1638         add_token_u8(&err, dev, OPAL_ENDNAME);
1639
1640
1641         add_token_u8(&err, dev, OPAL_ENDLIST);
1642         add_token_u8(&err, dev, OPAL_ENDNAME);
1643         add_token_u8(&err, dev, OPAL_ENDLIST);
1644         add_token_u8(&err, dev, OPAL_ENDNAME);
1645
1646         if (err) {
1647                 pr_debug("Error building add user to locking range command.\n");
1648                 return err;
1649         }
1650
1651         return finalize_and_send(dev, parse_and_check_status);
1652 }
1653
1654 static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
1655 {
1656         u8 lr_buffer[OPAL_UID_LENGTH];
1657         struct opal_lock_unlock *lkul = data;
1658         u8 read_locked = 1, write_locked = 1;
1659         int err = 0;
1660
1661         if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1662                                 lkul->session.opal_key.lr) < 0)
1663                 return -ERANGE;
1664
1665         switch (lkul->l_state) {
1666         case OPAL_RO:
1667                 read_locked = 0;
1668                 write_locked = 1;
1669                 break;
1670         case OPAL_RW:
1671                 read_locked = 0;
1672                 write_locked = 0;
1673                 break;
1674         case OPAL_LK:
1675                 /* vars are initialized to locked */
1676                 break;
1677         default:
1678                 pr_debug("Tried to set an invalid locking state... returning to uland\n");
1679                 return OPAL_INVAL_PARAM;
1680         }
1681
1682         err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1683
1684         add_token_u8(&err, dev, OPAL_STARTNAME);
1685         add_token_u8(&err, dev, OPAL_VALUES);
1686         add_token_u8(&err, dev, OPAL_STARTLIST);
1687
1688         add_token_u8(&err, dev, OPAL_STARTNAME);
1689         add_token_u8(&err, dev, OPAL_READLOCKED);
1690         add_token_u8(&err, dev, read_locked);
1691         add_token_u8(&err, dev, OPAL_ENDNAME);
1692
1693         add_token_u8(&err, dev, OPAL_STARTNAME);
1694         add_token_u8(&err, dev, OPAL_WRITELOCKED);
1695         add_token_u8(&err, dev, write_locked);
1696         add_token_u8(&err, dev, OPAL_ENDNAME);
1697
1698         add_token_u8(&err, dev, OPAL_ENDLIST);
1699         add_token_u8(&err, dev, OPAL_ENDNAME);
1700
1701         if (err) {
1702                 pr_debug("Error building SET command.\n");
1703                 return err;
1704         }
1705         return finalize_and_send(dev, parse_and_check_status);
1706 }
1707
1708
1709 static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
1710 {
1711         u8 lr_buffer[OPAL_UID_LENGTH];
1712         u8 read_locked = 1, write_locked = 1;
1713         struct opal_lock_unlock *lkul = data;
1714         int ret;
1715
1716         clear_opal_cmd(dev);
1717         set_comid(dev, dev->comid);
1718
1719         if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1720                                 lkul->session.opal_key.lr) < 0)
1721                 return -ERANGE;
1722
1723         switch (lkul->l_state) {
1724         case OPAL_RO:
1725                 read_locked = 0;
1726                 write_locked = 1;
1727                 break;
1728         case OPAL_RW:
1729                 read_locked = 0;
1730                 write_locked = 0;
1731                 break;
1732         case OPAL_LK:
1733                 /* vars are initialized to locked */
1734                 break;
1735         default:
1736                 pr_debug("Tried to set an invalid locking state.\n");
1737                 return OPAL_INVAL_PARAM;
1738         }
1739         ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
1740                                         read_locked, write_locked);
1741
1742         if (ret < 0) {
1743                 pr_debug("Error building SET command.\n");
1744                 return ret;
1745         }
1746         return finalize_and_send(dev, parse_and_check_status);
1747 }
1748
1749 static int activate_lsp(struct opal_dev *dev, void *data)
1750 {
1751         struct opal_lr_act *opal_act = data;
1752         u8 user_lr[OPAL_UID_LENGTH];
1753         u8 uint_3 = 0x83;
1754         int err, i;
1755
1756         err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID],
1757                         opalmethod[OPAL_ACTIVATE]);
1758
1759         if (opal_act->sum) {
1760                 err = build_locking_range(user_lr, sizeof(user_lr),
1761                                           opal_act->lr[0]);
1762                 if (err)
1763                         return err;
1764
1765                 add_token_u8(&err, dev, OPAL_STARTNAME);
1766                 add_token_u8(&err, dev, uint_3);
1767                 add_token_u8(&err, dev, 6);
1768                 add_token_u8(&err, dev, 0);
1769                 add_token_u8(&err, dev, 0);
1770
1771                 add_token_u8(&err, dev, OPAL_STARTLIST);
1772                 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1773                 for (i = 1; i < opal_act->num_lrs; i++) {
1774                         user_lr[7] = opal_act->lr[i];
1775                         add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1776                 }
1777                 add_token_u8(&err, dev, OPAL_ENDLIST);
1778                 add_token_u8(&err, dev, OPAL_ENDNAME);
1779         }
1780
1781         if (err) {
1782                 pr_debug("Error building Activate LockingSP command.\n");
1783                 return err;
1784         }
1785
1786         return finalize_and_send(dev, parse_and_check_status);
1787 }
1788
1789 /* Determine if we're in the Manufactured Inactive or Active state */
1790 static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
1791 {
1792         u8 lc_status;
1793         int err;
1794
1795         err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID],
1796                                  OPAL_LIFECYCLE);
1797         if (err)
1798                 return err;
1799
1800         lc_status = response_get_u64(&dev->parsed, 4);
1801         /* 0x08 is Manufactured Inactive */
1802         /* 0x09 is Manufactured */
1803         if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
1804                 pr_debug("Couldn't determine the status of the Lifecycle state\n");
1805                 return -ENODEV;
1806         }
1807
1808         return 0;
1809 }
1810
1811 static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
1812 {
1813         const char *msid_pin;
1814         size_t strlen;
1815         int err;
1816
1817         err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN);
1818         if (err)
1819                 return err;
1820
1821         strlen = response_get_string(&dev->parsed, 4, &msid_pin);
1822         if (!msid_pin) {
1823                 pr_debug("Couldn't extract MSID_CPIN from response\n");
1824                 return OPAL_INVAL_PARAM;
1825         }
1826
1827         dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
1828         if (!dev->prev_data)
1829                 return -ENOMEM;
1830
1831         dev->prev_d_len = strlen;
1832
1833         return 0;
1834 }
1835
1836 static int end_opal_session(struct opal_dev *dev, void *data)
1837 {
1838         int err = 0;
1839
1840         clear_opal_cmd(dev);
1841         set_comid(dev, dev->comid);
1842         add_token_u8(&err, dev, OPAL_ENDOFSESSION);
1843
1844         if (err < 0)
1845                 return err;
1846         return finalize_and_send(dev, end_session_cont);
1847 }
1848
1849 static int end_opal_session_error(struct opal_dev *dev)
1850 {
1851         const struct opal_step error_end_session = {
1852                 end_opal_session,
1853         };
1854         return execute_step(dev, &error_end_session, 0);
1855 }
1856
1857 static inline void setup_opal_dev(struct opal_dev *dev)
1858 {
1859         dev->tsn = 0;
1860         dev->hsn = 0;
1861         dev->prev_data = NULL;
1862 }
1863
1864 static int check_opal_support(struct opal_dev *dev)
1865 {
1866         int ret;
1867
1868         mutex_lock(&dev->dev_lock);
1869         setup_opal_dev(dev);
1870         ret = opal_discovery0_step(dev);
1871         dev->supported = !ret;
1872         mutex_unlock(&dev->dev_lock);
1873         return ret;
1874 }
1875
1876 static void clean_opal_dev(struct opal_dev *dev)
1877 {
1878
1879         struct opal_suspend_data *suspend, *next;
1880
1881         mutex_lock(&dev->dev_lock);
1882         list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
1883                 list_del(&suspend->node);
1884                 kfree(suspend);
1885         }
1886         mutex_unlock(&dev->dev_lock);
1887 }
1888
1889 void free_opal_dev(struct opal_dev *dev)
1890 {
1891         if (!dev)
1892                 return;
1893         clean_opal_dev(dev);
1894         kfree(dev);
1895 }
1896 EXPORT_SYMBOL(free_opal_dev);
1897
1898 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
1899 {
1900         struct opal_dev *dev;
1901
1902         dev = kmalloc(sizeof(*dev), GFP_KERNEL);
1903         if (!dev)
1904                 return NULL;
1905
1906         INIT_LIST_HEAD(&dev->unlk_lst);
1907         mutex_init(&dev->dev_lock);
1908         dev->data = data;
1909         dev->send_recv = send_recv;
1910         if (check_opal_support(dev) != 0) {
1911                 pr_debug("Opal is not supported on this device\n");
1912                 kfree(dev);
1913                 return NULL;
1914         }
1915         return dev;
1916 }
1917 EXPORT_SYMBOL(init_opal_dev);
1918
1919 static int opal_secure_erase_locking_range(struct opal_dev *dev,
1920                                            struct opal_session_info *opal_session)
1921 {
1922         const struct opal_step erase_steps[] = {
1923                 { start_auth_opal_session, opal_session },
1924                 { get_active_key, &opal_session->opal_key.lr },
1925                 { gen_key, },
1926                 { end_opal_session, }
1927         };
1928         int ret;
1929
1930         mutex_lock(&dev->dev_lock);
1931         setup_opal_dev(dev);
1932         ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
1933         mutex_unlock(&dev->dev_lock);
1934         return ret;
1935 }
1936
1937 static int opal_erase_locking_range(struct opal_dev *dev,
1938                                     struct opal_session_info *opal_session)
1939 {
1940         const struct opal_step erase_steps[] = {
1941                 { start_auth_opal_session, opal_session },
1942                 { erase_locking_range, opal_session },
1943                 { end_opal_session, }
1944         };
1945         int ret;
1946
1947         mutex_lock(&dev->dev_lock);
1948         setup_opal_dev(dev);
1949         ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
1950         mutex_unlock(&dev->dev_lock);
1951         return ret;
1952 }
1953
1954 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
1955                                           struct opal_mbr_data *opal_mbr)
1956 {
1957         u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ?
1958                 OPAL_TRUE : OPAL_FALSE;
1959
1960         const struct opal_step mbr_steps[] = {
1961                 { start_admin1LSP_opal_session, &opal_mbr->key },
1962                 { set_mbr_done, &enable_disable },
1963                 { end_opal_session, },
1964                 { start_admin1LSP_opal_session, &opal_mbr->key },
1965                 { set_mbr_enable_disable, &enable_disable },
1966                 { end_opal_session, }
1967         };
1968         int ret;
1969
1970         if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
1971             opal_mbr->enable_disable != OPAL_MBR_DISABLE)
1972                 return -EINVAL;
1973
1974         mutex_lock(&dev->dev_lock);
1975         setup_opal_dev(dev);
1976         ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
1977         mutex_unlock(&dev->dev_lock);
1978         return ret;
1979 }
1980
1981 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
1982 {
1983         struct opal_suspend_data *suspend;
1984
1985         suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
1986         if (!suspend)
1987                 return -ENOMEM;
1988
1989         suspend->unlk = *lk_unlk;
1990         suspend->lr = lk_unlk->session.opal_key.lr;
1991
1992         mutex_lock(&dev->dev_lock);
1993         setup_opal_dev(dev);
1994         add_suspend_info(dev, suspend);
1995         mutex_unlock(&dev->dev_lock);
1996         return 0;
1997 }
1998
1999 static int opal_add_user_to_lr(struct opal_dev *dev,
2000                                struct opal_lock_unlock *lk_unlk)
2001 {
2002         const struct opal_step steps[] = {
2003                 { start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2004                 { add_user_to_lr, lk_unlk },
2005                 { end_opal_session, }
2006         };
2007         int ret;
2008
2009         if (lk_unlk->l_state != OPAL_RO &&
2010             lk_unlk->l_state != OPAL_RW) {
2011                 pr_debug("Locking state was not RO or RW\n");
2012                 return -EINVAL;
2013         }
2014         if (lk_unlk->session.who < OPAL_USER1 ||
2015             lk_unlk->session.who > OPAL_USER9) {
2016                 pr_debug("Authority was not within the range of users: %d\n",
2017                          lk_unlk->session.who);
2018                 return -EINVAL;
2019         }
2020         if (lk_unlk->session.sum) {
2021                 pr_debug("%s not supported in sum. Use setup locking range\n",
2022                          __func__);
2023                 return -EINVAL;
2024         }
2025
2026         mutex_lock(&dev->dev_lock);
2027         setup_opal_dev(dev);
2028         ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2029         mutex_unlock(&dev->dev_lock);
2030         return ret;
2031 }
2032
2033 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal)
2034 {
2035         const struct opal_step revert_steps[] = {
2036                 { start_SIDASP_opal_session, opal },
2037                 { revert_tper, } /* controller will terminate session */
2038         };
2039         int ret;
2040
2041         mutex_lock(&dev->dev_lock);
2042         setup_opal_dev(dev);
2043         ret = execute_steps(dev, revert_steps, ARRAY_SIZE(revert_steps));
2044         mutex_unlock(&dev->dev_lock);
2045
2046         /*
2047          * If we successfully reverted lets clean
2048          * any saved locking ranges.
2049          */
2050         if (!ret)
2051                 clean_opal_dev(dev);
2052
2053         return ret;
2054 }
2055
2056 static int __opal_lock_unlock(struct opal_dev *dev,
2057                               struct opal_lock_unlock *lk_unlk)
2058 {
2059         const struct opal_step unlock_steps[] = {
2060                 { start_auth_opal_session, &lk_unlk->session },
2061                 { lock_unlock_locking_range, lk_unlk },
2062                 { end_opal_session, }
2063         };
2064         const struct opal_step unlock_sum_steps[] = {
2065                 { start_auth_opal_session, &lk_unlk->session },
2066                 { lock_unlock_locking_range_sum, lk_unlk },
2067                 { end_opal_session, }
2068         };
2069
2070         if (lk_unlk->session.sum)
2071                 return execute_steps(dev, unlock_sum_steps,
2072                                      ARRAY_SIZE(unlock_sum_steps));
2073         else
2074                 return execute_steps(dev, unlock_steps,
2075                                      ARRAY_SIZE(unlock_steps));
2076 }
2077
2078 static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2079 {
2080         u8 mbr_done_tf = OPAL_TRUE;
2081         const struct opal_step mbrdone_step[] = {
2082                 { start_admin1LSP_opal_session, key },
2083                 { set_mbr_done, &mbr_done_tf },
2084                 { end_opal_session, }
2085         };
2086
2087         return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step));
2088 }
2089
2090 static int opal_lock_unlock(struct opal_dev *dev,
2091                             struct opal_lock_unlock *lk_unlk)
2092 {
2093         int ret;
2094
2095         if (lk_unlk->session.who < OPAL_ADMIN1 ||
2096             lk_unlk->session.who > OPAL_USER9)
2097                 return -EINVAL;
2098
2099         mutex_lock(&dev->dev_lock);
2100         ret = __opal_lock_unlock(dev, lk_unlk);
2101         mutex_unlock(&dev->dev_lock);
2102         return ret;
2103 }
2104
2105 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2106 {
2107         const struct opal_step owner_steps[] = {
2108                 { start_anybodyASP_opal_session, },
2109                 { get_msid_cpin_pin, },
2110                 { end_opal_session, },
2111                 { start_SIDASP_opal_session, opal },
2112                 { set_sid_cpin_pin, opal },
2113                 { end_opal_session, }
2114         };
2115         int ret;
2116
2117         if (!dev)
2118                 return -ENODEV;
2119
2120         mutex_lock(&dev->dev_lock);
2121         setup_opal_dev(dev);
2122         ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
2123         mutex_unlock(&dev->dev_lock);
2124         return ret;
2125 }
2126
2127 static int opal_activate_lsp(struct opal_dev *dev,
2128                              struct opal_lr_act *opal_lr_act)
2129 {
2130         const struct opal_step active_steps[] = {
2131                 { start_SIDASP_opal_session, &opal_lr_act->key },
2132                 { get_lsp_lifecycle, },
2133                 { activate_lsp, opal_lr_act },
2134                 { end_opal_session, }
2135         };
2136         int ret;
2137
2138         if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2139                 return -EINVAL;
2140
2141         mutex_lock(&dev->dev_lock);
2142         setup_opal_dev(dev);
2143         ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
2144         mutex_unlock(&dev->dev_lock);
2145         return ret;
2146 }
2147
2148 static int opal_setup_locking_range(struct opal_dev *dev,
2149                                     struct opal_user_lr_setup *opal_lrs)
2150 {
2151         const struct opal_step lr_steps[] = {
2152                 { start_auth_opal_session, &opal_lrs->session },
2153                 { setup_locking_range, opal_lrs },
2154                 { end_opal_session, }
2155         };
2156         int ret;
2157
2158         mutex_lock(&dev->dev_lock);
2159         setup_opal_dev(dev);
2160         ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2161         mutex_unlock(&dev->dev_lock);
2162         return ret;
2163 }
2164
2165 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
2166 {
2167         const struct opal_step pw_steps[] = {
2168                 { start_auth_opal_session, &opal_pw->session },
2169                 { set_new_pw, &opal_pw->new_user_pw },
2170                 { end_opal_session, }
2171         };
2172         int ret;
2173
2174         if (opal_pw->session.who < OPAL_ADMIN1 ||
2175             opal_pw->session.who > OPAL_USER9  ||
2176             opal_pw->new_user_pw.who < OPAL_ADMIN1 ||
2177             opal_pw->new_user_pw.who > OPAL_USER9)
2178                 return -EINVAL;
2179
2180         mutex_lock(&dev->dev_lock);
2181         setup_opal_dev(dev);
2182         ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
2183         mutex_unlock(&dev->dev_lock);
2184         return ret;
2185 }
2186
2187 static int opal_activate_user(struct opal_dev *dev,
2188                               struct opal_session_info *opal_session)
2189 {
2190         const struct opal_step act_steps[] = {
2191                 { start_admin1LSP_opal_session, &opal_session->opal_key },
2192                 { internal_activate_user, opal_session },
2193                 { end_opal_session, }
2194         };
2195         int ret;
2196
2197         /* We can't activate Admin1 it's active as manufactured */
2198         if (opal_session->who < OPAL_USER1 ||
2199             opal_session->who > OPAL_USER9) {
2200                 pr_debug("Who was not a valid user: %d\n", opal_session->who);
2201                 return -EINVAL;
2202         }
2203
2204         mutex_lock(&dev->dev_lock);
2205         setup_opal_dev(dev);
2206         ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
2207         mutex_unlock(&dev->dev_lock);
2208         return ret;
2209 }
2210
2211 bool opal_unlock_from_suspend(struct opal_dev *dev)
2212 {
2213         struct opal_suspend_data *suspend;
2214         bool was_failure = false;
2215         int ret = 0;
2216
2217         if (!dev)
2218                 return false;
2219         if (!dev->supported)
2220                 return false;
2221
2222         mutex_lock(&dev->dev_lock);
2223         setup_opal_dev(dev);
2224
2225         list_for_each_entry(suspend, &dev->unlk_lst, node) {
2226                 dev->tsn = 0;
2227                 dev->hsn = 0;
2228
2229                 ret = __opal_lock_unlock(dev, &suspend->unlk);
2230                 if (ret) {
2231                         pr_debug("Failed to unlock LR %hhu with sum %d\n",
2232                                  suspend->unlk.session.opal_key.lr,
2233                                  suspend->unlk.session.sum);
2234                         was_failure = true;
2235                 }
2236                 if (dev->mbr_enabled) {
2237                         ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
2238                         if (ret)
2239                                 pr_debug("Failed to set MBR Done in S3 resume\n");
2240                 }
2241         }
2242         mutex_unlock(&dev->dev_lock);
2243         return was_failure;
2244 }
2245 EXPORT_SYMBOL(opal_unlock_from_suspend);
2246
2247 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
2248 {
2249         void *p;
2250         int ret = -ENOTTY;
2251
2252         if (!capable(CAP_SYS_ADMIN))
2253                 return -EACCES;
2254         if (!dev)
2255                 return -ENOTSUPP;
2256         if (!dev->supported)
2257                 return -ENOTSUPP;
2258
2259         p = memdup_user(arg, _IOC_SIZE(cmd));
2260         if (IS_ERR(p))
2261                 return PTR_ERR(p);
2262
2263         switch (cmd) {
2264         case IOC_OPAL_SAVE:
2265                 ret = opal_save(dev, p);
2266                 break;
2267         case IOC_OPAL_LOCK_UNLOCK:
2268                 ret = opal_lock_unlock(dev, p);
2269                 break;
2270         case IOC_OPAL_TAKE_OWNERSHIP:
2271                 ret = opal_take_ownership(dev, p);
2272                 break;
2273         case IOC_OPAL_ACTIVATE_LSP:
2274                 ret = opal_activate_lsp(dev, p);
2275                 break;
2276         case IOC_OPAL_SET_PW:
2277                 ret = opal_set_new_pw(dev, p);
2278                 break;
2279         case IOC_OPAL_ACTIVATE_USR:
2280                 ret = opal_activate_user(dev, p);
2281                 break;
2282         case IOC_OPAL_REVERT_TPR:
2283                 ret = opal_reverttper(dev, p);
2284                 break;
2285         case IOC_OPAL_LR_SETUP:
2286                 ret = opal_setup_locking_range(dev, p);
2287                 break;
2288         case IOC_OPAL_ADD_USR_TO_LR:
2289                 ret = opal_add_user_to_lr(dev, p);
2290                 break;
2291         case IOC_OPAL_ENABLE_DISABLE_MBR:
2292                 ret = opal_enable_disable_shadow_mbr(dev, p);
2293                 break;
2294         case IOC_OPAL_ERASE_LR:
2295                 ret = opal_erase_locking_range(dev, p);
2296                 break;
2297         case IOC_OPAL_SECURE_ERASE_LR:
2298                 ret = opal_secure_erase_locking_range(dev, p);
2299                 break;
2300         default:
2301                 break;
2302         }
2303
2304         kfree(p);
2305         return ret;
2306 }
2307 EXPORT_SYMBOL_GPL(sed_ioctl);