xref: /openbmc/linux/block/sed-opal.c (revision 3ddc8b84)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright © 2016 Intel Corporation
4  *
5  * Authors:
6  *    Scott  Bauer      <scott.bauer@intel.com>
7  *    Rafael Antognolli <rafael.antognolli@intel.com>
8  */
9 
10 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
11 
12 #include <linux/delay.h>
13 #include <linux/device.h>
14 #include <linux/kernel.h>
15 #include <linux/list.h>
16 #include <linux/blkdev.h>
17 #include <linux/slab.h>
18 #include <linux/uaccess.h>
19 #include <uapi/linux/sed-opal.h>
20 #include <linux/sed-opal.h>
21 #include <linux/string.h>
22 #include <linux/kdev_t.h>
23 #include <linux/key.h>
24 #include <linux/key-type.h>
25 #include <keys/user-type.h>
26 
27 #include "opal_proto.h"
28 
29 #define IO_BUFFER_LENGTH 2048
30 #define MAX_TOKS 64
31 
32 /* Number of bytes needed by cmd_finalize. */
33 #define CMD_FINALIZE_BYTES_NEEDED 7
34 
35 static struct key *sed_opal_keyring;
36 
37 struct opal_step {
38 	int (*fn)(struct opal_dev *dev, void *data);
39 	void *data;
40 };
41 typedef int (cont_fn)(struct opal_dev *dev);
42 
43 enum opal_atom_width {
44 	OPAL_WIDTH_TINY,
45 	OPAL_WIDTH_SHORT,
46 	OPAL_WIDTH_MEDIUM,
47 	OPAL_WIDTH_LONG,
48 	OPAL_WIDTH_TOKEN
49 };
50 
51 /*
52  * On the parsed response, we don't store again the toks that are already
53  * stored in the response buffer. Instead, for each token, we just store a
54  * pointer to the position in the buffer where the token starts, and the size
55  * of the token in bytes.
56  */
57 struct opal_resp_tok {
58 	const u8 *pos;
59 	size_t len;
60 	enum opal_response_token type;
61 	enum opal_atom_width width;
62 	union {
63 		u64 u;
64 		s64 s;
65 	} stored;
66 };
67 
68 /*
69  * From the response header it's not possible to know how many tokens there are
70  * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
71  * if we start dealing with messages that have more than that, we can increase
72  * this number. This is done to avoid having to make two passes through the
73  * response, the first one counting how many tokens we have and the second one
74  * actually storing the positions.
75  */
76 struct parsed_resp {
77 	int num;
78 	struct opal_resp_tok toks[MAX_TOKS];
79 };
80 
81 struct opal_dev {
82 	u32 flags;
83 
84 	void *data;
85 	sec_send_recv *send_recv;
86 
87 	struct mutex dev_lock;
88 	u16 comid;
89 	u32 hsn;
90 	u32 tsn;
91 	u64 align; /* alignment granularity */
92 	u64 lowest_lba;
93 	u32 logical_block_size;
94 	u8  align_required; /* ALIGN: 0 or 1 */
95 
96 	size_t pos;
97 	u8 *cmd;
98 	u8 *resp;
99 
100 	struct parsed_resp parsed;
101 	size_t prev_d_len;
102 	void *prev_data;
103 
104 	struct list_head unlk_lst;
105 };
106 
107 
108 static const u8 opaluid[][OPAL_UID_LENGTH] = {
109 	/* users */
110 	[OPAL_SMUID_UID] =
111 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
112 	[OPAL_THISSP_UID] =
113 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
114 	[OPAL_ADMINSP_UID] =
115 		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
116 	[OPAL_LOCKINGSP_UID] =
117 		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
118 	[OPAL_ENTERPRISE_LOCKINGSP_UID] =
119 		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
120 	[OPAL_ANYBODY_UID] =
121 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
122 	[OPAL_SID_UID] =
123 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
124 	[OPAL_ADMIN1_UID] =
125 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
126 	[OPAL_USER1_UID] =
127 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
128 	[OPAL_USER2_UID] =
129 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
130 	[OPAL_PSID_UID] =
131 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
132 	[OPAL_ENTERPRISE_BANDMASTER0_UID] =
133 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
134 	[OPAL_ENTERPRISE_ERASEMASTER_UID] =
135 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
136 
137 	/* tables */
138 	[OPAL_TABLE_TABLE] =
139 		{ 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01 },
140 	[OPAL_LOCKINGRANGE_GLOBAL] =
141 		{ 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
142 	[OPAL_LOCKINGRANGE_ACE_START_TO_KEY] =
143 		{ 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xD0, 0x01 },
144 	[OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
145 		{ 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
146 	[OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
147 		{ 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
148 	[OPAL_MBRCONTROL] =
149 		{ 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
150 	[OPAL_MBR] =
151 		{ 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
152 	[OPAL_AUTHORITY_TABLE] =
153 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
154 	[OPAL_C_PIN_TABLE] =
155 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
156 	[OPAL_LOCKING_INFO_TABLE] =
157 		{ 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
158 	[OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
159 		{ 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
160 	[OPAL_DATASTORE] =
161 		{ 0x00, 0x00, 0x10, 0x01, 0x00, 0x00, 0x00, 0x00 },
162 
163 	/* C_PIN_TABLE object ID's */
164 	[OPAL_C_PIN_MSID] =
165 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
166 	[OPAL_C_PIN_SID] =
167 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
168 	[OPAL_C_PIN_ADMIN1] =
169 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
170 
171 	/* half UID's (only first 4 bytes used) */
172 	[OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
173 		{ 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
174 	[OPAL_HALF_UID_BOOLEAN_ACE] =
175 		{ 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
176 
177 	/* special value for omitted optional parameter */
178 	[OPAL_UID_HEXFF] =
179 		{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
180 };
181 
182 /*
183  * TCG Storage SSC Methods.
184  * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
185  * Section: 6.3 Assigned UIDs
186  */
187 static const u8 opalmethod[][OPAL_METHOD_LENGTH] = {
188 	[OPAL_PROPERTIES] =
189 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
190 	[OPAL_STARTSESSION] =
191 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
192 	[OPAL_REVERT] =
193 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
194 	[OPAL_ACTIVATE] =
195 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
196 	[OPAL_EGET] =
197 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
198 	[OPAL_ESET] =
199 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
200 	[OPAL_NEXT] =
201 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
202 	[OPAL_EAUTHENTICATE] =
203 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
204 	[OPAL_GETACL] =
205 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
206 	[OPAL_GENKEY] =
207 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
208 	[OPAL_REVERTSP] =
209 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
210 	[OPAL_GET] =
211 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
212 	[OPAL_SET] =
213 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
214 	[OPAL_AUTHENTICATE] =
215 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
216 	[OPAL_RANDOM] =
217 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
218 	[OPAL_ERASE] =
219 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
220 };
221 
222 static int end_opal_session_error(struct opal_dev *dev);
223 static int opal_discovery0_step(struct opal_dev *dev);
224 
225 struct opal_suspend_data {
226 	struct opal_lock_unlock unlk;
227 	u8 lr;
228 	struct list_head node;
229 };
230 
231 /*
232  * Derived from:
233  * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
234  * Section: 5.1.5 Method Status Codes
235  */
236 static const char * const opal_errors[] = {
237 	"Success",
238 	"Not Authorized",
239 	"Unknown Error",
240 	"SP Busy",
241 	"SP Failed",
242 	"SP Disabled",
243 	"SP Frozen",
244 	"No Sessions Available",
245 	"Uniqueness Conflict",
246 	"Insufficient Space",
247 	"Insufficient Rows",
248 	"Invalid Function",
249 	"Invalid Parameter",
250 	"Invalid Reference",
251 	"Unknown Error",
252 	"TPER Malfunction",
253 	"Transaction Failure",
254 	"Response Overflow",
255 	"Authority Locked Out",
256 };
257 
258 static const char *opal_error_to_human(int error)
259 {
260 	if (error == 0x3f)
261 		return "Failed";
262 
263 	if (error >= ARRAY_SIZE(opal_errors) || error < 0)
264 		return "Unknown Error";
265 
266 	return opal_errors[error];
267 }
268 
269 static void print_buffer(const u8 *ptr, u32 length)
270 {
271 #ifdef DEBUG
272 	print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
273 	pr_debug("\n");
274 #endif
275 }
276 
277 /*
278  * Allocate/update a SED Opal key and add it to the SED Opal keyring.
279  */
280 static int update_sed_opal_key(const char *desc, u_char *key_data, int keylen)
281 {
282 	key_ref_t kr;
283 
284 	if (!sed_opal_keyring)
285 		return -ENOKEY;
286 
287 	kr = key_create_or_update(make_key_ref(sed_opal_keyring, true), "user",
288 				  desc, (const void *)key_data, keylen,
289 				  KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_WRITE,
290 				  KEY_ALLOC_NOT_IN_QUOTA | KEY_ALLOC_BUILT_IN |
291 					KEY_ALLOC_BYPASS_RESTRICTION);
292 	if (IS_ERR(kr)) {
293 		pr_err("Error adding SED key (%ld)\n", PTR_ERR(kr));
294 		return PTR_ERR(kr);
295 	}
296 
297 	return 0;
298 }
299 
300 /*
301  * Read a SED Opal key from the SED Opal keyring.
302  */
303 static int read_sed_opal_key(const char *key_name, u_char *buffer, int buflen)
304 {
305 	int ret;
306 	key_ref_t kref;
307 	struct key *key;
308 
309 	if (!sed_opal_keyring)
310 		return -ENOKEY;
311 
312 	kref = keyring_search(make_key_ref(sed_opal_keyring, true),
313 			      &key_type_user, key_name, true);
314 
315 	if (IS_ERR(kref))
316 		ret = PTR_ERR(kref);
317 
318 	key = key_ref_to_ptr(kref);
319 	down_read(&key->sem);
320 	ret = key_validate(key);
321 	if (ret == 0) {
322 		if (buflen > key->datalen)
323 			buflen = key->datalen;
324 
325 		ret = key->type->read(key, (char *)buffer, buflen);
326 	}
327 	up_read(&key->sem);
328 
329 	key_ref_put(kref);
330 
331 	return ret;
332 }
333 
334 static int opal_get_key(struct opal_dev *dev, struct opal_key *key)
335 {
336 	int ret = 0;
337 
338 	switch (key->key_type) {
339 	case OPAL_INCLUDED:
340 		/* the key is ready to use */
341 		break;
342 	case OPAL_KEYRING:
343 		/* the key is in the keyring */
344 		ret = read_sed_opal_key(OPAL_AUTH_KEY, key->key, OPAL_KEY_MAX);
345 		if (ret > 0) {
346 			if (ret > U8_MAX) {
347 				ret = -ENOSPC;
348 				goto error;
349 			}
350 			key->key_len = ret;
351 			key->key_type = OPAL_INCLUDED;
352 		}
353 		break;
354 	default:
355 		ret = -EINVAL;
356 		break;
357 	}
358 	if (ret < 0)
359 		goto error;
360 
361 	/* must have a PEK by now or it's an error */
362 	if (key->key_type != OPAL_INCLUDED || key->key_len == 0) {
363 		ret = -EINVAL;
364 		goto error;
365 	}
366 	return 0;
367 error:
368 	pr_debug("Error getting password: %d\n", ret);
369 	return ret;
370 }
371 
372 static bool check_tper(const void *data)
373 {
374 	const struct d0_tper_features *tper = data;
375 	u8 flags = tper->supported_features;
376 
377 	if (!(flags & TPER_SYNC_SUPPORTED)) {
378 		pr_debug("TPer sync not supported. flags = %d\n",
379 			 tper->supported_features);
380 		return false;
381 	}
382 
383 	return true;
384 }
385 
386 static bool check_lcksuppt(const void *data)
387 {
388 	const struct d0_locking_features *lfeat = data;
389 	u8 sup_feat = lfeat->supported_features;
390 
391 	return !!(sup_feat & LOCKING_SUPPORTED_MASK);
392 }
393 
394 static bool check_lckenabled(const void *data)
395 {
396 	const struct d0_locking_features *lfeat = data;
397 	u8 sup_feat = lfeat->supported_features;
398 
399 	return !!(sup_feat & LOCKING_ENABLED_MASK);
400 }
401 
402 static bool check_locked(const void *data)
403 {
404 	const struct d0_locking_features *lfeat = data;
405 	u8 sup_feat = lfeat->supported_features;
406 
407 	return !!(sup_feat & LOCKED_MASK);
408 }
409 
410 static bool check_mbrenabled(const void *data)
411 {
412 	const struct d0_locking_features *lfeat = data;
413 	u8 sup_feat = lfeat->supported_features;
414 
415 	return !!(sup_feat & MBR_ENABLED_MASK);
416 }
417 
418 static bool check_mbrdone(const void *data)
419 {
420 	const struct d0_locking_features *lfeat = data;
421 	u8 sup_feat = lfeat->supported_features;
422 
423 	return !!(sup_feat & MBR_DONE_MASK);
424 }
425 
426 static bool check_sum(const void *data)
427 {
428 	const struct d0_single_user_mode *sum = data;
429 	u32 nlo = be32_to_cpu(sum->num_locking_objects);
430 
431 	if (nlo == 0) {
432 		pr_debug("Need at least one locking object.\n");
433 		return false;
434 	}
435 
436 	pr_debug("Number of locking objects: %d\n", nlo);
437 
438 	return true;
439 }
440 
441 static u16 get_comid_v100(const void *data)
442 {
443 	const struct d0_opal_v100 *v100 = data;
444 
445 	return be16_to_cpu(v100->baseComID);
446 }
447 
448 static u16 get_comid_v200(const void *data)
449 {
450 	const struct d0_opal_v200 *v200 = data;
451 
452 	return be16_to_cpu(v200->baseComID);
453 }
454 
455 static int opal_send_cmd(struct opal_dev *dev)
456 {
457 	return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
458 			      dev->cmd, IO_BUFFER_LENGTH,
459 			      true);
460 }
461 
462 static int opal_recv_cmd(struct opal_dev *dev)
463 {
464 	return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
465 			      dev->resp, IO_BUFFER_LENGTH,
466 			      false);
467 }
468 
469 static int opal_recv_check(struct opal_dev *dev)
470 {
471 	size_t buflen = IO_BUFFER_LENGTH;
472 	void *buffer = dev->resp;
473 	struct opal_header *hdr = buffer;
474 	int ret;
475 
476 	do {
477 		pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
478 			 hdr->cp.outstandingData,
479 			 hdr->cp.minTransfer);
480 
481 		if (hdr->cp.outstandingData == 0 ||
482 		    hdr->cp.minTransfer != 0)
483 			return 0;
484 
485 		memset(buffer, 0, buflen);
486 		ret = opal_recv_cmd(dev);
487 	} while (!ret);
488 
489 	return ret;
490 }
491 
492 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
493 {
494 	int ret;
495 
496 	ret = opal_send_cmd(dev);
497 	if (ret)
498 		return ret;
499 	ret = opal_recv_cmd(dev);
500 	if (ret)
501 		return ret;
502 	ret = opal_recv_check(dev);
503 	if (ret)
504 		return ret;
505 	return cont(dev);
506 }
507 
508 static void check_geometry(struct opal_dev *dev, const void *data)
509 {
510 	const struct d0_geometry_features *geo = data;
511 
512 	dev->align = be64_to_cpu(geo->alignment_granularity);
513 	dev->lowest_lba = be64_to_cpu(geo->lowest_aligned_lba);
514 	dev->logical_block_size = be32_to_cpu(geo->logical_block_size);
515 	dev->align_required = geo->reserved01 & 1;
516 }
517 
518 static int execute_step(struct opal_dev *dev,
519 			const struct opal_step *step, size_t stepIndex)
520 {
521 	int error = step->fn(dev, step->data);
522 
523 	if (error) {
524 		pr_debug("Step %zu (%pS) failed with error %d: %s\n",
525 			 stepIndex, step->fn, error,
526 			 opal_error_to_human(error));
527 	}
528 
529 	return error;
530 }
531 
532 static int execute_steps(struct opal_dev *dev,
533 			 const struct opal_step *steps, size_t n_steps)
534 {
535 	size_t state = 0;
536 	int error;
537 
538 	/* first do a discovery0 */
539 	error = opal_discovery0_step(dev);
540 	if (error)
541 		return error;
542 
543 	for (state = 0; state < n_steps; state++) {
544 		error = execute_step(dev, &steps[state], state);
545 		if (error)
546 			goto out_error;
547 	}
548 
549 	return 0;
550 
551 out_error:
552 	/*
553 	 * For each OPAL command the first step in steps starts some sort of
554 	 * session. If an error occurred in the initial discovery0 or if an
555 	 * error occurred in the first step (and thus stopping the loop with
556 	 * state == 0) then there was an error before or during the attempt to
557 	 * start a session. Therefore we shouldn't attempt to terminate a
558 	 * session, as one has not yet been created.
559 	 */
560 	if (state > 0)
561 		end_opal_session_error(dev);
562 
563 	return error;
564 }
565 
566 static int opal_discovery0_end(struct opal_dev *dev, void *data)
567 {
568 	struct opal_discovery *discv_out = data; /* may be NULL */
569 	u8 __user *buf_out;
570 	u64 len_out;
571 	bool found_com_id = false, supported = true, single_user = false;
572 	const struct d0_header *hdr = (struct d0_header *)dev->resp;
573 	const u8 *epos = dev->resp, *cpos = dev->resp;
574 	u16 comid = 0;
575 	u32 hlen = be32_to_cpu(hdr->length);
576 
577 	print_buffer(dev->resp, hlen);
578 	dev->flags &= OPAL_FL_SUPPORTED;
579 
580 	if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
581 		pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
582 			 sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
583 		return -EFAULT;
584 	}
585 
586 	if (discv_out) {
587 		buf_out = (u8 __user *)(uintptr_t)discv_out->data;
588 		len_out = min_t(u64, discv_out->size, hlen);
589 		if (buf_out && copy_to_user(buf_out, dev->resp, len_out))
590 			return -EFAULT;
591 
592 		discv_out->size = hlen; /* actual size of data */
593 	}
594 
595 	epos += hlen; /* end of buffer */
596 	cpos += sizeof(*hdr); /* current position on buffer */
597 
598 	while (cpos < epos && supported) {
599 		const struct d0_features *body =
600 			(const struct d0_features *)cpos;
601 
602 		switch (be16_to_cpu(body->code)) {
603 		case FC_TPER:
604 			supported = check_tper(body->features);
605 			break;
606 		case FC_SINGLEUSER:
607 			single_user = check_sum(body->features);
608 			if (single_user)
609 				dev->flags |= OPAL_FL_SUM_SUPPORTED;
610 			break;
611 		case FC_GEOMETRY:
612 			check_geometry(dev, body);
613 			break;
614 		case FC_LOCKING:
615 			if (check_lcksuppt(body->features))
616 				dev->flags |= OPAL_FL_LOCKING_SUPPORTED;
617 			if (check_lckenabled(body->features))
618 				dev->flags |= OPAL_FL_LOCKING_ENABLED;
619 			if (check_locked(body->features))
620 				dev->flags |= OPAL_FL_LOCKED;
621 			if (check_mbrenabled(body->features))
622 				dev->flags |= OPAL_FL_MBR_ENABLED;
623 			if (check_mbrdone(body->features))
624 				dev->flags |= OPAL_FL_MBR_DONE;
625 			break;
626 		case FC_ENTERPRISE:
627 		case FC_DATASTORE:
628 			/* some ignored properties */
629 			pr_debug("Found OPAL feature description: %d\n",
630 				 be16_to_cpu(body->code));
631 			break;
632 		case FC_OPALV100:
633 			comid = get_comid_v100(body->features);
634 			found_com_id = true;
635 			break;
636 		case FC_OPALV200:
637 			comid = get_comid_v200(body->features);
638 			found_com_id = true;
639 			break;
640 		case 0xbfff ... 0xffff:
641 			/* vendor specific, just ignore */
642 			break;
643 		default:
644 			pr_debug("OPAL Unknown feature: %d\n",
645 				 be16_to_cpu(body->code));
646 
647 		}
648 		cpos += body->length + 4;
649 	}
650 
651 	if (!supported) {
652 		pr_debug("This device is not Opal enabled. Not Supported!\n");
653 		return -EOPNOTSUPP;
654 	}
655 
656 	if (!single_user)
657 		pr_debug("Device doesn't support single user mode\n");
658 
659 
660 	if (!found_com_id) {
661 		pr_debug("Could not find OPAL comid for device. Returning early\n");
662 		return -EOPNOTSUPP;
663 	}
664 
665 	dev->comid = comid;
666 
667 	return 0;
668 }
669 
670 static int opal_discovery0(struct opal_dev *dev, void *data)
671 {
672 	int ret;
673 
674 	memset(dev->resp, 0, IO_BUFFER_LENGTH);
675 	dev->comid = OPAL_DISCOVERY_COMID;
676 	ret = opal_recv_cmd(dev);
677 	if (ret)
678 		return ret;
679 
680 	return opal_discovery0_end(dev, data);
681 }
682 
683 static int opal_discovery0_step(struct opal_dev *dev)
684 {
685 	const struct opal_step discovery0_step = {
686 		opal_discovery0, NULL
687 	};
688 
689 	return execute_step(dev, &discovery0_step, 0);
690 }
691 
692 static size_t remaining_size(struct opal_dev *cmd)
693 {
694 	return IO_BUFFER_LENGTH - cmd->pos;
695 }
696 
697 static bool can_add(int *err, struct opal_dev *cmd, size_t len)
698 {
699 	if (*err)
700 		return false;
701 
702 	if (remaining_size(cmd) < len) {
703 		pr_debug("Error adding %zu bytes: end of buffer.\n", len);
704 		*err = -ERANGE;
705 		return false;
706 	}
707 
708 	return true;
709 }
710 
711 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
712 {
713 	if (!can_add(err, cmd, 1))
714 		return;
715 
716 	cmd->cmd[cmd->pos++] = tok;
717 }
718 
719 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
720 				  bool has_sign, int len)
721 {
722 	u8 atom;
723 	int err = 0;
724 
725 	atom = SHORT_ATOM_ID;
726 	atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
727 	atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
728 	atom |= len & SHORT_ATOM_LEN_MASK;
729 
730 	add_token_u8(&err, cmd, atom);
731 }
732 
733 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
734 				   bool has_sign, int len)
735 {
736 	u8 header0;
737 
738 	header0 = MEDIUM_ATOM_ID;
739 	header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
740 	header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
741 	header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
742 
743 	cmd->cmd[cmd->pos++] = header0;
744 	cmd->cmd[cmd->pos++] = len;
745 }
746 
747 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
748 {
749 	size_t len;
750 	int msb;
751 
752 	if (!(number & ~TINY_ATOM_DATA_MASK)) {
753 		add_token_u8(err, cmd, number);
754 		return;
755 	}
756 
757 	msb = fls64(number);
758 	len = DIV_ROUND_UP(msb, 8);
759 
760 	if (!can_add(err, cmd, len + 1)) {
761 		pr_debug("Error adding u64: end of buffer.\n");
762 		return;
763 	}
764 	add_short_atom_header(cmd, false, false, len);
765 	while (len--)
766 		add_token_u8(err, cmd, number >> (len * 8));
767 }
768 
769 static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len)
770 {
771 	size_t header_len = 1;
772 	bool is_short_atom = true;
773 
774 	if (len & ~SHORT_ATOM_LEN_MASK) {
775 		header_len = 2;
776 		is_short_atom = false;
777 	}
778 
779 	if (!can_add(err, cmd, header_len + len)) {
780 		pr_debug("Error adding bytestring: end of buffer.\n");
781 		return NULL;
782 	}
783 
784 	if (is_short_atom)
785 		add_short_atom_header(cmd, true, false, len);
786 	else
787 		add_medium_atom_header(cmd, true, false, len);
788 
789 	return &cmd->cmd[cmd->pos];
790 }
791 
792 static void add_token_bytestring(int *err, struct opal_dev *cmd,
793 				 const u8 *bytestring, size_t len)
794 {
795 	u8 *start;
796 
797 	start = add_bytestring_header(err, cmd, len);
798 	if (!start)
799 		return;
800 	memcpy(start, bytestring, len);
801 	cmd->pos += len;
802 }
803 
804 static int build_locking_range(u8 *buffer, size_t length, u8 lr)
805 {
806 	if (length > OPAL_UID_LENGTH) {
807 		pr_debug("Can't build locking range. Length OOB\n");
808 		return -ERANGE;
809 	}
810 
811 	memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
812 
813 	if (lr == 0)
814 		return 0;
815 
816 	buffer[5] = LOCKING_RANGE_NON_GLOBAL;
817 	buffer[7] = lr;
818 
819 	return 0;
820 }
821 
822 static int build_locking_user(u8 *buffer, size_t length, u8 lr)
823 {
824 	if (length > OPAL_UID_LENGTH) {
825 		pr_debug("Can't build locking range user. Length OOB\n");
826 		return -ERANGE;
827 	}
828 
829 	memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
830 
831 	buffer[7] = lr + 1;
832 
833 	return 0;
834 }
835 
836 static void set_comid(struct opal_dev *cmd, u16 comid)
837 {
838 	struct opal_header *hdr = (struct opal_header *)cmd->cmd;
839 
840 	hdr->cp.extendedComID[0] = comid >> 8;
841 	hdr->cp.extendedComID[1] = comid;
842 	hdr->cp.extendedComID[2] = 0;
843 	hdr->cp.extendedComID[3] = 0;
844 }
845 
846 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
847 {
848 	struct opal_header *hdr;
849 	int err = 0;
850 
851 	/*
852 	 * Close the parameter list opened from cmd_start.
853 	 * The number of bytes added must be equal to
854 	 * CMD_FINALIZE_BYTES_NEEDED.
855 	 */
856 	add_token_u8(&err, cmd, OPAL_ENDLIST);
857 
858 	add_token_u8(&err, cmd, OPAL_ENDOFDATA);
859 	add_token_u8(&err, cmd, OPAL_STARTLIST);
860 	add_token_u8(&err, cmd, 0);
861 	add_token_u8(&err, cmd, 0);
862 	add_token_u8(&err, cmd, 0);
863 	add_token_u8(&err, cmd, OPAL_ENDLIST);
864 
865 	if (err) {
866 		pr_debug("Error finalizing command.\n");
867 		return -EFAULT;
868 	}
869 
870 	hdr = (struct opal_header *) cmd->cmd;
871 
872 	hdr->pkt.tsn = cpu_to_be32(tsn);
873 	hdr->pkt.hsn = cpu_to_be32(hsn);
874 
875 	hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
876 	while (cmd->pos % 4) {
877 		if (cmd->pos >= IO_BUFFER_LENGTH) {
878 			pr_debug("Error: Buffer overrun\n");
879 			return -ERANGE;
880 		}
881 		cmd->cmd[cmd->pos++] = 0;
882 	}
883 	hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
884 				      sizeof(hdr->pkt));
885 	hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
886 
887 	return 0;
888 }
889 
890 static const struct opal_resp_tok *response_get_token(
891 				const struct parsed_resp *resp,
892 				int n)
893 {
894 	const struct opal_resp_tok *tok;
895 
896 	if (!resp) {
897 		pr_debug("Response is NULL\n");
898 		return ERR_PTR(-EINVAL);
899 	}
900 
901 	if (n >= resp->num) {
902 		pr_debug("Token number doesn't exist: %d, resp: %d\n",
903 			 n, resp->num);
904 		return ERR_PTR(-EINVAL);
905 	}
906 
907 	tok = &resp->toks[n];
908 	if (tok->len == 0) {
909 		pr_debug("Token length must be non-zero\n");
910 		return ERR_PTR(-EINVAL);
911 	}
912 
913 	return tok;
914 }
915 
916 static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
917 				   const u8 *pos)
918 {
919 	tok->pos = pos;
920 	tok->len = 1;
921 	tok->width = OPAL_WIDTH_TINY;
922 
923 	if (pos[0] & TINY_ATOM_SIGNED) {
924 		tok->type = OPAL_DTA_TOKENID_SINT;
925 	} else {
926 		tok->type = OPAL_DTA_TOKENID_UINT;
927 		tok->stored.u = pos[0] & 0x3f;
928 	}
929 
930 	return tok->len;
931 }
932 
933 static ssize_t response_parse_short(struct opal_resp_tok *tok,
934 				    const u8 *pos)
935 {
936 	tok->pos = pos;
937 	tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
938 	tok->width = OPAL_WIDTH_SHORT;
939 
940 	if (pos[0] & SHORT_ATOM_BYTESTRING) {
941 		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
942 	} else if (pos[0] & SHORT_ATOM_SIGNED) {
943 		tok->type = OPAL_DTA_TOKENID_SINT;
944 	} else {
945 		u64 u_integer = 0;
946 		ssize_t i, b = 0;
947 
948 		tok->type = OPAL_DTA_TOKENID_UINT;
949 		if (tok->len > 9) {
950 			pr_debug("uint64 with more than 8 bytes\n");
951 			return -EINVAL;
952 		}
953 		for (i = tok->len - 1; i > 0; i--) {
954 			u_integer |= ((u64)pos[i] << (8 * b));
955 			b++;
956 		}
957 		tok->stored.u = u_integer;
958 	}
959 
960 	return tok->len;
961 }
962 
963 static ssize_t response_parse_medium(struct opal_resp_tok *tok,
964 				     const u8 *pos)
965 {
966 	tok->pos = pos;
967 	tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
968 	tok->width = OPAL_WIDTH_MEDIUM;
969 
970 	if (pos[0] & MEDIUM_ATOM_BYTESTRING)
971 		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
972 	else if (pos[0] & MEDIUM_ATOM_SIGNED)
973 		tok->type = OPAL_DTA_TOKENID_SINT;
974 	else
975 		tok->type = OPAL_DTA_TOKENID_UINT;
976 
977 	return tok->len;
978 }
979 
980 static ssize_t response_parse_long(struct opal_resp_tok *tok,
981 				   const u8 *pos)
982 {
983 	tok->pos = pos;
984 	tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
985 	tok->width = OPAL_WIDTH_LONG;
986 
987 	if (pos[0] & LONG_ATOM_BYTESTRING)
988 		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
989 	else if (pos[0] & LONG_ATOM_SIGNED)
990 		tok->type = OPAL_DTA_TOKENID_SINT;
991 	else
992 		tok->type = OPAL_DTA_TOKENID_UINT;
993 
994 	return tok->len;
995 }
996 
997 static ssize_t response_parse_token(struct opal_resp_tok *tok,
998 				    const u8 *pos)
999 {
1000 	tok->pos = pos;
1001 	tok->len = 1;
1002 	tok->type = OPAL_DTA_TOKENID_TOKEN;
1003 	tok->width = OPAL_WIDTH_TOKEN;
1004 
1005 	return tok->len;
1006 }
1007 
1008 static int response_parse(const u8 *buf, size_t length,
1009 			  struct parsed_resp *resp)
1010 {
1011 	const struct opal_header *hdr;
1012 	struct opal_resp_tok *iter;
1013 	int num_entries = 0;
1014 	int total;
1015 	ssize_t token_length;
1016 	const u8 *pos;
1017 	u32 clen, plen, slen;
1018 
1019 	if (!buf)
1020 		return -EFAULT;
1021 
1022 	if (!resp)
1023 		return -EFAULT;
1024 
1025 	hdr = (struct opal_header *)buf;
1026 	pos = buf;
1027 	pos += sizeof(*hdr);
1028 
1029 	clen = be32_to_cpu(hdr->cp.length);
1030 	plen = be32_to_cpu(hdr->pkt.length);
1031 	slen = be32_to_cpu(hdr->subpkt.length);
1032 	pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
1033 		 clen, plen, slen);
1034 
1035 	if (clen == 0 || plen == 0 || slen == 0 ||
1036 	    slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
1037 		pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
1038 			 clen, plen, slen);
1039 		print_buffer(pos, sizeof(*hdr));
1040 		return -EINVAL;
1041 	}
1042 
1043 	if (pos > buf + length)
1044 		return -EFAULT;
1045 
1046 	iter = resp->toks;
1047 	total = slen;
1048 	print_buffer(pos, total);
1049 	while (total > 0) {
1050 		if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
1051 			token_length = response_parse_tiny(iter, pos);
1052 		else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
1053 			token_length = response_parse_short(iter, pos);
1054 		else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
1055 			token_length = response_parse_medium(iter, pos);
1056 		else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
1057 			token_length = response_parse_long(iter, pos);
1058 		else /* TOKEN */
1059 			token_length = response_parse_token(iter, pos);
1060 
1061 		if (token_length < 0)
1062 			return token_length;
1063 
1064 		pos += token_length;
1065 		total -= token_length;
1066 		iter++;
1067 		num_entries++;
1068 	}
1069 
1070 	resp->num = num_entries;
1071 
1072 	return 0;
1073 }
1074 
1075 static size_t response_get_string(const struct parsed_resp *resp, int n,
1076 				  const char **store)
1077 {
1078 	u8 skip;
1079 	const struct opal_resp_tok *tok;
1080 
1081 	*store = NULL;
1082 	tok = response_get_token(resp, n);
1083 	if (IS_ERR(tok))
1084 		return 0;
1085 
1086 	if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) {
1087 		pr_debug("Token is not a byte string!\n");
1088 		return 0;
1089 	}
1090 
1091 	switch (tok->width) {
1092 	case OPAL_WIDTH_TINY:
1093 	case OPAL_WIDTH_SHORT:
1094 		skip = 1;
1095 		break;
1096 	case OPAL_WIDTH_MEDIUM:
1097 		skip = 2;
1098 		break;
1099 	case OPAL_WIDTH_LONG:
1100 		skip = 4;
1101 		break;
1102 	default:
1103 		pr_debug("Token has invalid width!\n");
1104 		return 0;
1105 	}
1106 
1107 	*store = tok->pos + skip;
1108 
1109 	return tok->len - skip;
1110 }
1111 
1112 static u64 response_get_u64(const struct parsed_resp *resp, int n)
1113 {
1114 	const struct opal_resp_tok *tok;
1115 
1116 	tok = response_get_token(resp, n);
1117 	if (IS_ERR(tok))
1118 		return 0;
1119 
1120 	if (tok->type != OPAL_DTA_TOKENID_UINT) {
1121 		pr_debug("Token is not unsigned int: %d\n", tok->type);
1122 		return 0;
1123 	}
1124 
1125 	if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) {
1126 		pr_debug("Atom is not short or tiny: %d\n", tok->width);
1127 		return 0;
1128 	}
1129 
1130 	return tok->stored.u;
1131 }
1132 
1133 static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
1134 {
1135 	if (IS_ERR(token) ||
1136 	    token->type != OPAL_DTA_TOKENID_TOKEN ||
1137 	    token->pos[0] != match)
1138 		return false;
1139 	return true;
1140 }
1141 
1142 static u8 response_status(const struct parsed_resp *resp)
1143 {
1144 	const struct opal_resp_tok *tok;
1145 
1146 	tok = response_get_token(resp, 0);
1147 	if (response_token_matches(tok, OPAL_ENDOFSESSION))
1148 		return 0;
1149 
1150 	if (resp->num < 5)
1151 		return DTAERROR_NO_METHOD_STATUS;
1152 
1153 	tok = response_get_token(resp, resp->num - 5);
1154 	if (!response_token_matches(tok, OPAL_STARTLIST))
1155 		return DTAERROR_NO_METHOD_STATUS;
1156 
1157 	tok = response_get_token(resp, resp->num - 1);
1158 	if (!response_token_matches(tok, OPAL_ENDLIST))
1159 		return DTAERROR_NO_METHOD_STATUS;
1160 
1161 	return response_get_u64(resp, resp->num - 4);
1162 }
1163 
1164 /* Parses and checks for errors */
1165 static int parse_and_check_status(struct opal_dev *dev)
1166 {
1167 	int error;
1168 
1169 	print_buffer(dev->cmd, dev->pos);
1170 
1171 	error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
1172 	if (error) {
1173 		pr_debug("Couldn't parse response.\n");
1174 		return error;
1175 	}
1176 
1177 	return response_status(&dev->parsed);
1178 }
1179 
1180 static void clear_opal_cmd(struct opal_dev *dev)
1181 {
1182 	dev->pos = sizeof(struct opal_header);
1183 	memset(dev->cmd, 0, IO_BUFFER_LENGTH);
1184 }
1185 
1186 static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method)
1187 {
1188 	int err = 0;
1189 
1190 	clear_opal_cmd(dev);
1191 	set_comid(dev, dev->comid);
1192 
1193 	add_token_u8(&err, dev, OPAL_CALL);
1194 	add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1195 	add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH);
1196 
1197 	/*
1198 	 * Every method call is followed by its parameters enclosed within
1199 	 * OPAL_STARTLIST and OPAL_ENDLIST tokens. We automatically open the
1200 	 * parameter list here and close it later in cmd_finalize.
1201 	 */
1202 	add_token_u8(&err, dev, OPAL_STARTLIST);
1203 
1204 	return err;
1205 }
1206 
1207 static int start_opal_session_cont(struct opal_dev *dev)
1208 {
1209 	u32 hsn, tsn;
1210 	int error = 0;
1211 
1212 	error = parse_and_check_status(dev);
1213 	if (error)
1214 		return error;
1215 
1216 	hsn = response_get_u64(&dev->parsed, 4);
1217 	tsn = response_get_u64(&dev->parsed, 5);
1218 
1219 	if (hsn != GENERIC_HOST_SESSION_NUM || tsn < FIRST_TPER_SESSION_NUM) {
1220 		pr_debug("Couldn't authenticate session\n");
1221 		return -EPERM;
1222 	}
1223 
1224 	dev->hsn = hsn;
1225 	dev->tsn = tsn;
1226 
1227 	return 0;
1228 }
1229 
1230 static void add_suspend_info(struct opal_dev *dev,
1231 			     struct opal_suspend_data *sus)
1232 {
1233 	struct opal_suspend_data *iter;
1234 
1235 	list_for_each_entry(iter, &dev->unlk_lst, node) {
1236 		if (iter->lr == sus->lr) {
1237 			list_del(&iter->node);
1238 			kfree(iter);
1239 			break;
1240 		}
1241 	}
1242 	list_add_tail(&sus->node, &dev->unlk_lst);
1243 }
1244 
1245 static int end_session_cont(struct opal_dev *dev)
1246 {
1247 	dev->hsn = 0;
1248 	dev->tsn = 0;
1249 
1250 	return parse_and_check_status(dev);
1251 }
1252 
1253 static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1254 {
1255 	int ret;
1256 
1257 	ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1258 	if (ret) {
1259 		pr_debug("Error finalizing command buffer: %d\n", ret);
1260 		return ret;
1261 	}
1262 
1263 	print_buffer(dev->cmd, dev->pos);
1264 
1265 	return opal_send_recv(dev, cont);
1266 }
1267 
1268 static int generic_get_columns(struct opal_dev *dev, const u8 *table,
1269 			       u64 start_column, u64 end_column)
1270 {
1271 	int err;
1272 
1273 	err = cmd_start(dev, table, opalmethod[OPAL_GET]);
1274 
1275 	add_token_u8(&err, dev, OPAL_STARTLIST);
1276 
1277 	add_token_u8(&err, dev, OPAL_STARTNAME);
1278 	add_token_u8(&err, dev, OPAL_STARTCOLUMN);
1279 	add_token_u64(&err, dev, start_column);
1280 	add_token_u8(&err, dev, OPAL_ENDNAME);
1281 
1282 	add_token_u8(&err, dev, OPAL_STARTNAME);
1283 	add_token_u8(&err, dev, OPAL_ENDCOLUMN);
1284 	add_token_u64(&err, dev, end_column);
1285 	add_token_u8(&err, dev, OPAL_ENDNAME);
1286 
1287 	add_token_u8(&err, dev, OPAL_ENDLIST);
1288 
1289 	if (err)
1290 		return err;
1291 
1292 	return finalize_and_send(dev, parse_and_check_status);
1293 }
1294 
1295 /*
1296  * request @column from table @table on device @dev. On success, the column
1297  * data will be available in dev->resp->tok[4]
1298  */
1299 static int generic_get_column(struct opal_dev *dev, const u8 *table,
1300 			      u64 column)
1301 {
1302 	return generic_get_columns(dev, table, column, column);
1303 }
1304 
1305 /*
1306  * see TCG SAS 5.3.2.3 for a description of the available columns
1307  *
1308  * the result is provided in dev->resp->tok[4]
1309  */
1310 static int generic_get_table_info(struct opal_dev *dev, const u8 *table_uid,
1311 				  u64 column)
1312 {
1313 	u8 uid[OPAL_UID_LENGTH];
1314 	const unsigned int half = OPAL_UID_LENGTH_HALF;
1315 
1316 	/* sed-opal UIDs can be split in two halves:
1317 	 *  first:  actual table index
1318 	 *  second: relative index in the table
1319 	 * so we have to get the first half of the OPAL_TABLE_TABLE and use the
1320 	 * first part of the target table as relative index into that table
1321 	 */
1322 	memcpy(uid, opaluid[OPAL_TABLE_TABLE], half);
1323 	memcpy(uid + half, table_uid, half);
1324 
1325 	return generic_get_column(dev, uid, column);
1326 }
1327 
1328 static int gen_key(struct opal_dev *dev, void *data)
1329 {
1330 	u8 uid[OPAL_UID_LENGTH];
1331 	int err;
1332 
1333 	memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1334 	kfree(dev->prev_data);
1335 	dev->prev_data = NULL;
1336 
1337 	err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]);
1338 
1339 	if (err) {
1340 		pr_debug("Error building gen key command\n");
1341 		return err;
1342 
1343 	}
1344 
1345 	return finalize_and_send(dev, parse_and_check_status);
1346 }
1347 
1348 static int get_active_key_cont(struct opal_dev *dev)
1349 {
1350 	const char *activekey;
1351 	size_t keylen;
1352 	int error = 0;
1353 
1354 	error = parse_and_check_status(dev);
1355 	if (error)
1356 		return error;
1357 
1358 	keylen = response_get_string(&dev->parsed, 4, &activekey);
1359 	if (!activekey) {
1360 		pr_debug("%s: Couldn't extract the Activekey from the response\n",
1361 			 __func__);
1362 		return OPAL_INVAL_PARAM;
1363 	}
1364 
1365 	dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1366 
1367 	if (!dev->prev_data)
1368 		return -ENOMEM;
1369 
1370 	dev->prev_d_len = keylen;
1371 
1372 	return 0;
1373 }
1374 
1375 static int get_active_key(struct opal_dev *dev, void *data)
1376 {
1377 	u8 uid[OPAL_UID_LENGTH];
1378 	int err;
1379 	u8 *lr = data;
1380 
1381 	err = build_locking_range(uid, sizeof(uid), *lr);
1382 	if (err)
1383 		return err;
1384 
1385 	err = generic_get_column(dev, uid, OPAL_ACTIVEKEY);
1386 	if (err)
1387 		return err;
1388 
1389 	return get_active_key_cont(dev);
1390 }
1391 
1392 static int generic_table_write_data(struct opal_dev *dev, const u64 data,
1393 				    u64 offset, u64 size, const u8 *uid)
1394 {
1395 	const u8 __user *src = (u8 __user *)(uintptr_t)data;
1396 	u8 *dst;
1397 	u64 len;
1398 	size_t off = 0;
1399 	int err;
1400 
1401 	/* do we fit in the available space? */
1402 	err = generic_get_table_info(dev, uid, OPAL_TABLE_ROWS);
1403 	if (err) {
1404 		pr_debug("Couldn't get the table size\n");
1405 		return err;
1406 	}
1407 
1408 	len = response_get_u64(&dev->parsed, 4);
1409 	if (size > len || offset > len - size) {
1410 		pr_debug("Does not fit in the table (%llu vs. %llu)\n",
1411 			  offset + size, len);
1412 		return -ENOSPC;
1413 	}
1414 
1415 	/* do the actual transmission(s) */
1416 	while (off < size) {
1417 		err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1418 		add_token_u8(&err, dev, OPAL_STARTNAME);
1419 		add_token_u8(&err, dev, OPAL_WHERE);
1420 		add_token_u64(&err, dev, offset + off);
1421 		add_token_u8(&err, dev, OPAL_ENDNAME);
1422 
1423 		add_token_u8(&err, dev, OPAL_STARTNAME);
1424 		add_token_u8(&err, dev, OPAL_VALUES);
1425 
1426 		/*
1427 		 * The bytestring header is either 1 or 2 bytes, so assume 2.
1428 		 * There also needs to be enough space to accommodate the
1429 		 * trailing OPAL_ENDNAME (1 byte) and tokens added by
1430 		 * cmd_finalize.
1431 		 */
1432 		len = min(remaining_size(dev) - (2+1+CMD_FINALIZE_BYTES_NEEDED),
1433 			  (size_t)(size - off));
1434 		pr_debug("Write bytes %zu+%llu/%llu\n", off, len, size);
1435 
1436 		dst = add_bytestring_header(&err, dev, len);
1437 		if (!dst)
1438 			break;
1439 
1440 		if (copy_from_user(dst, src + off, len)) {
1441 			err = -EFAULT;
1442 			break;
1443 		}
1444 
1445 		dev->pos += len;
1446 
1447 		add_token_u8(&err, dev, OPAL_ENDNAME);
1448 		if (err)
1449 			break;
1450 
1451 		err = finalize_and_send(dev, parse_and_check_status);
1452 		if (err)
1453 			break;
1454 
1455 		off += len;
1456 	}
1457 
1458 	return err;
1459 }
1460 
1461 static int generic_lr_enable_disable(struct opal_dev *dev,
1462 				     u8 *uid, bool rle, bool wle,
1463 				     bool rl, bool wl)
1464 {
1465 	int err;
1466 
1467 	err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1468 
1469 	add_token_u8(&err, dev, OPAL_STARTNAME);
1470 	add_token_u8(&err, dev, OPAL_VALUES);
1471 	add_token_u8(&err, dev, OPAL_STARTLIST);
1472 
1473 	add_token_u8(&err, dev, OPAL_STARTNAME);
1474 	add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1475 	add_token_u8(&err, dev, rle);
1476 	add_token_u8(&err, dev, OPAL_ENDNAME);
1477 
1478 	add_token_u8(&err, dev, OPAL_STARTNAME);
1479 	add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1480 	add_token_u8(&err, dev, wle);
1481 	add_token_u8(&err, dev, OPAL_ENDNAME);
1482 
1483 	add_token_u8(&err, dev, OPAL_STARTNAME);
1484 	add_token_u8(&err, dev, OPAL_READLOCKED);
1485 	add_token_u8(&err, dev, rl);
1486 	add_token_u8(&err, dev, OPAL_ENDNAME);
1487 
1488 	add_token_u8(&err, dev, OPAL_STARTNAME);
1489 	add_token_u8(&err, dev, OPAL_WRITELOCKED);
1490 	add_token_u8(&err, dev, wl);
1491 	add_token_u8(&err, dev, OPAL_ENDNAME);
1492 
1493 	add_token_u8(&err, dev, OPAL_ENDLIST);
1494 	add_token_u8(&err, dev, OPAL_ENDNAME);
1495 
1496 	return err;
1497 }
1498 
1499 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1500 				   struct opal_user_lr_setup *setup)
1501 {
1502 	int err;
1503 
1504 	err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1505 					0, 0);
1506 	if (err)
1507 		pr_debug("Failed to create enable global lr command\n");
1508 
1509 	return err;
1510 }
1511 
1512 static int setup_locking_range(struct opal_dev *dev, void *data)
1513 {
1514 	u8 uid[OPAL_UID_LENGTH];
1515 	struct opal_user_lr_setup *setup = data;
1516 	u8 lr;
1517 	int err;
1518 
1519 	lr = setup->session.opal_key.lr;
1520 	err = build_locking_range(uid, sizeof(uid), lr);
1521 	if (err)
1522 		return err;
1523 
1524 	if (lr == 0)
1525 		err = enable_global_lr(dev, uid, setup);
1526 	else {
1527 		err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1528 
1529 		add_token_u8(&err, dev, OPAL_STARTNAME);
1530 		add_token_u8(&err, dev, OPAL_VALUES);
1531 		add_token_u8(&err, dev, OPAL_STARTLIST);
1532 
1533 		add_token_u8(&err, dev, OPAL_STARTNAME);
1534 		add_token_u8(&err, dev, OPAL_RANGESTART);
1535 		add_token_u64(&err, dev, setup->range_start);
1536 		add_token_u8(&err, dev, OPAL_ENDNAME);
1537 
1538 		add_token_u8(&err, dev, OPAL_STARTNAME);
1539 		add_token_u8(&err, dev, OPAL_RANGELENGTH);
1540 		add_token_u64(&err, dev, setup->range_length);
1541 		add_token_u8(&err, dev, OPAL_ENDNAME);
1542 
1543 		add_token_u8(&err, dev, OPAL_STARTNAME);
1544 		add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1545 		add_token_u64(&err, dev, !!setup->RLE);
1546 		add_token_u8(&err, dev, OPAL_ENDNAME);
1547 
1548 		add_token_u8(&err, dev, OPAL_STARTNAME);
1549 		add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1550 		add_token_u64(&err, dev, !!setup->WLE);
1551 		add_token_u8(&err, dev, OPAL_ENDNAME);
1552 
1553 		add_token_u8(&err, dev, OPAL_ENDLIST);
1554 		add_token_u8(&err, dev, OPAL_ENDNAME);
1555 	}
1556 	if (err) {
1557 		pr_debug("Error building Setup Locking range command.\n");
1558 		return err;
1559 	}
1560 
1561 	return finalize_and_send(dev, parse_and_check_status);
1562 }
1563 
1564 static int response_get_column(const struct parsed_resp *resp,
1565 			       int *iter,
1566 			       u8 column,
1567 			       u64 *value)
1568 {
1569 	const struct opal_resp_tok *tok;
1570 	int n = *iter;
1571 	u64 val;
1572 
1573 	tok = response_get_token(resp, n);
1574 	if (IS_ERR(tok))
1575 		return PTR_ERR(tok);
1576 
1577 	if (!response_token_matches(tok, OPAL_STARTNAME)) {
1578 		pr_debug("Unexpected response token type %d.\n", n);
1579 		return OPAL_INVAL_PARAM;
1580 	}
1581 	n++;
1582 
1583 	if (response_get_u64(resp, n) != column) {
1584 		pr_debug("Token %d does not match expected column %u.\n",
1585 			 n, column);
1586 		return OPAL_INVAL_PARAM;
1587 	}
1588 	n++;
1589 
1590 	val = response_get_u64(resp, n);
1591 	n++;
1592 
1593 	tok = response_get_token(resp, n);
1594 	if (IS_ERR(tok))
1595 		return PTR_ERR(tok);
1596 
1597 	if (!response_token_matches(tok, OPAL_ENDNAME)) {
1598 		pr_debug("Unexpected response token type %d.\n", n);
1599 		return OPAL_INVAL_PARAM;
1600 	}
1601 	n++;
1602 
1603 	*value = val;
1604 	*iter = n;
1605 
1606 	return 0;
1607 }
1608 
1609 static int locking_range_status(struct opal_dev *dev, void *data)
1610 {
1611 	u8 lr_buffer[OPAL_UID_LENGTH];
1612 	u64 resp;
1613 	bool rlocked, wlocked;
1614 	int err, tok_n = 2;
1615 	struct opal_lr_status *lrst = data;
1616 
1617 	err = build_locking_range(lr_buffer, sizeof(lr_buffer),
1618 				  lrst->session.opal_key.lr);
1619 	if (err)
1620 		return err;
1621 
1622 	err = generic_get_columns(dev, lr_buffer, OPAL_RANGESTART,
1623 				  OPAL_WRITELOCKED);
1624 	if (err) {
1625 		pr_debug("Couldn't get lr %u table columns %d to %d.\n",
1626 			 lrst->session.opal_key.lr, OPAL_RANGESTART,
1627 			 OPAL_WRITELOCKED);
1628 		return err;
1629 	}
1630 
1631 	/* range start */
1632 	err = response_get_column(&dev->parsed, &tok_n, OPAL_RANGESTART,
1633 				  &lrst->range_start);
1634 	if (err)
1635 		return err;
1636 
1637 	/* range length */
1638 	err = response_get_column(&dev->parsed, &tok_n, OPAL_RANGELENGTH,
1639 				  &lrst->range_length);
1640 	if (err)
1641 		return err;
1642 
1643 	/* RLE */
1644 	err = response_get_column(&dev->parsed, &tok_n, OPAL_READLOCKENABLED,
1645 				  &resp);
1646 	if (err)
1647 		return err;
1648 
1649 	lrst->RLE = !!resp;
1650 
1651 	/* WLE */
1652 	err = response_get_column(&dev->parsed, &tok_n, OPAL_WRITELOCKENABLED,
1653 				  &resp);
1654 	if (err)
1655 		return err;
1656 
1657 	lrst->WLE = !!resp;
1658 
1659 	/* read locked */
1660 	err = response_get_column(&dev->parsed, &tok_n, OPAL_READLOCKED, &resp);
1661 	if (err)
1662 		return err;
1663 
1664 	rlocked = !!resp;
1665 
1666 	/* write locked */
1667 	err = response_get_column(&dev->parsed, &tok_n, OPAL_WRITELOCKED, &resp);
1668 	if (err)
1669 		return err;
1670 
1671 	wlocked = !!resp;
1672 
1673 	/* opal_lock_state can not map 'read locked' only state. */
1674 	lrst->l_state = OPAL_RW;
1675 	if (rlocked && wlocked)
1676 		lrst->l_state = OPAL_LK;
1677 	else if (wlocked)
1678 		lrst->l_state = OPAL_RO;
1679 	else if (rlocked) {
1680 		pr_debug("Can not report read locked only state.\n");
1681 		return -EINVAL;
1682 	}
1683 
1684 	return 0;
1685 }
1686 
1687 static int start_generic_opal_session(struct opal_dev *dev,
1688 				      enum opal_uid auth,
1689 				      enum opal_uid sp_type,
1690 				      const char *key,
1691 				      u8 key_len)
1692 {
1693 	u32 hsn;
1694 	int err;
1695 
1696 	if (key == NULL && auth != OPAL_ANYBODY_UID)
1697 		return OPAL_INVAL_PARAM;
1698 
1699 	hsn = GENERIC_HOST_SESSION_NUM;
1700 	err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1701 			opalmethod[OPAL_STARTSESSION]);
1702 
1703 	add_token_u64(&err, dev, hsn);
1704 	add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1705 	add_token_u8(&err, dev, 1);
1706 
1707 	switch (auth) {
1708 	case OPAL_ANYBODY_UID:
1709 		break;
1710 	case OPAL_ADMIN1_UID:
1711 	case OPAL_SID_UID:
1712 	case OPAL_PSID_UID:
1713 		add_token_u8(&err, dev, OPAL_STARTNAME);
1714 		add_token_u8(&err, dev, 0); /* HostChallenge */
1715 		add_token_bytestring(&err, dev, key, key_len);
1716 		add_token_u8(&err, dev, OPAL_ENDNAME);
1717 		add_token_u8(&err, dev, OPAL_STARTNAME);
1718 		add_token_u8(&err, dev, 3); /* HostSignAuth */
1719 		add_token_bytestring(&err, dev, opaluid[auth],
1720 				     OPAL_UID_LENGTH);
1721 		add_token_u8(&err, dev, OPAL_ENDNAME);
1722 		break;
1723 	default:
1724 		pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1725 		return OPAL_INVAL_PARAM;
1726 	}
1727 
1728 	if (err) {
1729 		pr_debug("Error building start adminsp session command.\n");
1730 		return err;
1731 	}
1732 
1733 	return finalize_and_send(dev, start_opal_session_cont);
1734 }
1735 
1736 static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1737 {
1738 	return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1739 					  OPAL_ADMINSP_UID, NULL, 0);
1740 }
1741 
1742 static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1743 {
1744 	int ret;
1745 	const u8 *key = dev->prev_data;
1746 
1747 	if (!key) {
1748 		const struct opal_key *okey = data;
1749 
1750 		ret = start_generic_opal_session(dev, OPAL_SID_UID,
1751 						 OPAL_ADMINSP_UID,
1752 						 okey->key,
1753 						 okey->key_len);
1754 	} else {
1755 		ret = start_generic_opal_session(dev, OPAL_SID_UID,
1756 						 OPAL_ADMINSP_UID,
1757 						 key, dev->prev_d_len);
1758 		kfree(key);
1759 		dev->prev_data = NULL;
1760 	}
1761 
1762 	return ret;
1763 }
1764 
1765 static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1766 {
1767 	struct opal_key *key = data;
1768 
1769 	return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1770 					  OPAL_LOCKINGSP_UID,
1771 					  key->key, key->key_len);
1772 }
1773 
1774 static int start_PSID_opal_session(struct opal_dev *dev, void *data)
1775 {
1776 	const struct opal_key *okey = data;
1777 
1778 	return start_generic_opal_session(dev, OPAL_PSID_UID,
1779 					  OPAL_ADMINSP_UID,
1780 					  okey->key,
1781 					  okey->key_len);
1782 }
1783 
1784 static int start_auth_opal_session(struct opal_dev *dev, void *data)
1785 {
1786 	struct opal_session_info *session = data;
1787 	u8 lk_ul_user[OPAL_UID_LENGTH];
1788 	size_t keylen = session->opal_key.key_len;
1789 	int err = 0;
1790 
1791 	u8 *key = session->opal_key.key;
1792 	u32 hsn = GENERIC_HOST_SESSION_NUM;
1793 
1794 	if (session->sum)
1795 		err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1796 					 session->opal_key.lr);
1797 	else if (session->who != OPAL_ADMIN1 && !session->sum)
1798 		err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1799 					 session->who - 1);
1800 	else
1801 		memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1802 
1803 	if (err)
1804 		return err;
1805 
1806 	err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1807 			opalmethod[OPAL_STARTSESSION]);
1808 
1809 	add_token_u64(&err, dev, hsn);
1810 	add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1811 			     OPAL_UID_LENGTH);
1812 	add_token_u8(&err, dev, 1);
1813 	add_token_u8(&err, dev, OPAL_STARTNAME);
1814 	add_token_u8(&err, dev, 0);
1815 	add_token_bytestring(&err, dev, key, keylen);
1816 	add_token_u8(&err, dev, OPAL_ENDNAME);
1817 	add_token_u8(&err, dev, OPAL_STARTNAME);
1818 	add_token_u8(&err, dev, 3);
1819 	add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1820 	add_token_u8(&err, dev, OPAL_ENDNAME);
1821 
1822 	if (err) {
1823 		pr_debug("Error building STARTSESSION command.\n");
1824 		return err;
1825 	}
1826 
1827 	return finalize_and_send(dev, start_opal_session_cont);
1828 }
1829 
1830 static int revert_tper(struct opal_dev *dev, void *data)
1831 {
1832 	int err;
1833 
1834 	err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID],
1835 			opalmethod[OPAL_REVERT]);
1836 	if (err) {
1837 		pr_debug("Error building REVERT TPER command.\n");
1838 		return err;
1839 	}
1840 
1841 	return finalize_and_send(dev, parse_and_check_status);
1842 }
1843 
1844 static int internal_activate_user(struct opal_dev *dev, void *data)
1845 {
1846 	struct opal_session_info *session = data;
1847 	u8 uid[OPAL_UID_LENGTH];
1848 	int err;
1849 
1850 	memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1851 	uid[7] = session->who;
1852 
1853 	err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1854 	add_token_u8(&err, dev, OPAL_STARTNAME);
1855 	add_token_u8(&err, dev, OPAL_VALUES);
1856 	add_token_u8(&err, dev, OPAL_STARTLIST);
1857 	add_token_u8(&err, dev, OPAL_STARTNAME);
1858 	add_token_u8(&err, dev, 5); /* Enabled */
1859 	add_token_u8(&err, dev, OPAL_TRUE);
1860 	add_token_u8(&err, dev, OPAL_ENDNAME);
1861 	add_token_u8(&err, dev, OPAL_ENDLIST);
1862 	add_token_u8(&err, dev, OPAL_ENDNAME);
1863 
1864 	if (err) {
1865 		pr_debug("Error building Activate UserN command.\n");
1866 		return err;
1867 	}
1868 
1869 	return finalize_and_send(dev, parse_and_check_status);
1870 }
1871 
1872 static int revert_lsp(struct opal_dev *dev, void *data)
1873 {
1874 	struct opal_revert_lsp *rev = data;
1875 	int err;
1876 
1877 	err = cmd_start(dev, opaluid[OPAL_THISSP_UID],
1878 			opalmethod[OPAL_REVERTSP]);
1879 	add_token_u8(&err, dev, OPAL_STARTNAME);
1880 	add_token_u64(&err, dev, OPAL_KEEP_GLOBAL_RANGE_KEY);
1881 	add_token_u8(&err, dev, (rev->options & OPAL_PRESERVE) ?
1882 			OPAL_TRUE : OPAL_FALSE);
1883 	add_token_u8(&err, dev, OPAL_ENDNAME);
1884 	if (err) {
1885 		pr_debug("Error building REVERT SP command.\n");
1886 		return err;
1887 	}
1888 
1889 	return finalize_and_send(dev, parse_and_check_status);
1890 }
1891 
1892 static int erase_locking_range(struct opal_dev *dev, void *data)
1893 {
1894 	struct opal_session_info *session = data;
1895 	u8 uid[OPAL_UID_LENGTH];
1896 	int err;
1897 
1898 	if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1899 		return -ERANGE;
1900 
1901 	err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]);
1902 
1903 	if (err) {
1904 		pr_debug("Error building Erase Locking Range Command.\n");
1905 		return err;
1906 	}
1907 
1908 	return finalize_and_send(dev, parse_and_check_status);
1909 }
1910 
1911 static int set_mbr_done(struct opal_dev *dev, void *data)
1912 {
1913 	u8 *mbr_done_tf = data;
1914 	int err;
1915 
1916 	err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1917 			opalmethod[OPAL_SET]);
1918 
1919 	add_token_u8(&err, dev, OPAL_STARTNAME);
1920 	add_token_u8(&err, dev, OPAL_VALUES);
1921 	add_token_u8(&err, dev, OPAL_STARTLIST);
1922 	add_token_u8(&err, dev, OPAL_STARTNAME);
1923 	add_token_u8(&err, dev, OPAL_MBRDONE);
1924 	add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */
1925 	add_token_u8(&err, dev, OPAL_ENDNAME);
1926 	add_token_u8(&err, dev, OPAL_ENDLIST);
1927 	add_token_u8(&err, dev, OPAL_ENDNAME);
1928 
1929 	if (err) {
1930 		pr_debug("Error Building set MBR Done command\n");
1931 		return err;
1932 	}
1933 
1934 	return finalize_and_send(dev, parse_and_check_status);
1935 }
1936 
1937 static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1938 {
1939 	u8 *mbr_en_dis = data;
1940 	int err;
1941 
1942 	err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1943 			opalmethod[OPAL_SET]);
1944 
1945 	add_token_u8(&err, dev, OPAL_STARTNAME);
1946 	add_token_u8(&err, dev, OPAL_VALUES);
1947 	add_token_u8(&err, dev, OPAL_STARTLIST);
1948 	add_token_u8(&err, dev, OPAL_STARTNAME);
1949 	add_token_u8(&err, dev, OPAL_MBRENABLE);
1950 	add_token_u8(&err, dev, *mbr_en_dis);
1951 	add_token_u8(&err, dev, OPAL_ENDNAME);
1952 	add_token_u8(&err, dev, OPAL_ENDLIST);
1953 	add_token_u8(&err, dev, OPAL_ENDNAME);
1954 
1955 	if (err) {
1956 		pr_debug("Error Building set MBR done command\n");
1957 		return err;
1958 	}
1959 
1960 	return finalize_and_send(dev, parse_and_check_status);
1961 }
1962 
1963 static int write_shadow_mbr(struct opal_dev *dev, void *data)
1964 {
1965 	struct opal_shadow_mbr *shadow = data;
1966 
1967 	return generic_table_write_data(dev, shadow->data, shadow->offset,
1968 					shadow->size, opaluid[OPAL_MBR]);
1969 }
1970 
1971 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1972 			  struct opal_dev *dev)
1973 {
1974 	int err;
1975 
1976 	err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]);
1977 
1978 	add_token_u8(&err, dev, OPAL_STARTNAME);
1979 	add_token_u8(&err, dev, OPAL_VALUES);
1980 	add_token_u8(&err, dev, OPAL_STARTLIST);
1981 	add_token_u8(&err, dev, OPAL_STARTNAME);
1982 	add_token_u8(&err, dev, OPAL_PIN);
1983 	add_token_bytestring(&err, dev, key, key_len);
1984 	add_token_u8(&err, dev, OPAL_ENDNAME);
1985 	add_token_u8(&err, dev, OPAL_ENDLIST);
1986 	add_token_u8(&err, dev, OPAL_ENDNAME);
1987 
1988 	return err;
1989 }
1990 
1991 static int set_new_pw(struct opal_dev *dev, void *data)
1992 {
1993 	u8 cpin_uid[OPAL_UID_LENGTH];
1994 	struct opal_session_info *usr = data;
1995 
1996 	memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1997 
1998 	if (usr->who != OPAL_ADMIN1) {
1999 		cpin_uid[5] = 0x03;
2000 		if (usr->sum)
2001 			cpin_uid[7] = usr->opal_key.lr + 1;
2002 		else
2003 			cpin_uid[7] = usr->who;
2004 	}
2005 
2006 	if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
2007 			   cpin_uid, dev)) {
2008 		pr_debug("Error building set password command.\n");
2009 		return -ERANGE;
2010 	}
2011 
2012 	return finalize_and_send(dev, parse_and_check_status);
2013 }
2014 
2015 static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
2016 {
2017 	u8 cpin_uid[OPAL_UID_LENGTH];
2018 	struct opal_key *key = data;
2019 
2020 	memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
2021 
2022 	if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
2023 		pr_debug("Error building Set SID cpin\n");
2024 		return -ERANGE;
2025 	}
2026 	return finalize_and_send(dev, parse_and_check_status);
2027 }
2028 
2029 static void add_authority_object_ref(int *err,
2030 				     struct opal_dev *dev,
2031 				     const u8 *uid,
2032 				     size_t uid_len)
2033 {
2034 	add_token_u8(err, dev, OPAL_STARTNAME);
2035 	add_token_bytestring(err, dev,
2036 			     opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
2037 			     OPAL_UID_LENGTH/2);
2038 	add_token_bytestring(err, dev, uid, uid_len);
2039 	add_token_u8(err, dev, OPAL_ENDNAME);
2040 }
2041 
2042 static void add_boolean_object_ref(int *err,
2043 				   struct opal_dev *dev,
2044 				   u8 boolean_op)
2045 {
2046 	add_token_u8(err, dev, OPAL_STARTNAME);
2047 	add_token_bytestring(err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
2048 			     OPAL_UID_LENGTH/2);
2049 	add_token_u8(err, dev, boolean_op);
2050 	add_token_u8(err, dev, OPAL_ENDNAME);
2051 }
2052 
2053 static int set_lr_boolean_ace(struct opal_dev *dev,
2054 			      unsigned int opal_uid,
2055 			      u8 lr,
2056 			      const u8 *users,
2057 			      size_t users_len)
2058 {
2059 	u8 lr_buffer[OPAL_UID_LENGTH];
2060 	u8 user_uid[OPAL_UID_LENGTH];
2061 	u8 u;
2062 	int err;
2063 
2064 	memcpy(lr_buffer, opaluid[opal_uid], OPAL_UID_LENGTH);
2065 	lr_buffer[7] = lr;
2066 
2067 	err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
2068 
2069 	add_token_u8(&err, dev, OPAL_STARTNAME);
2070 	add_token_u8(&err, dev, OPAL_VALUES);
2071 
2072 	add_token_u8(&err, dev, OPAL_STARTLIST);
2073 	add_token_u8(&err, dev, OPAL_STARTNAME);
2074 	add_token_u8(&err, dev, 3);
2075 
2076 	add_token_u8(&err, dev, OPAL_STARTLIST);
2077 
2078 	for (u = 0; u < users_len; u++) {
2079 		if (users[u] == OPAL_ADMIN1)
2080 			memcpy(user_uid, opaluid[OPAL_ADMIN1_UID],
2081 			       OPAL_UID_LENGTH);
2082 		else {
2083 			memcpy(user_uid, opaluid[OPAL_USER1_UID],
2084 			       OPAL_UID_LENGTH);
2085 			user_uid[7] = users[u];
2086 		}
2087 
2088 		add_authority_object_ref(&err, dev, user_uid, sizeof(user_uid));
2089 
2090 		/*
2091 		 * Add boolean operator in postfix only with
2092 		 * two or more authorities being added in ACE
2093 		 * expresion.
2094 		 * */
2095 		if (u > 0)
2096 			add_boolean_object_ref(&err, dev, OPAL_BOOLEAN_OR);
2097 	}
2098 
2099 	add_token_u8(&err, dev, OPAL_ENDLIST);
2100 	add_token_u8(&err, dev, OPAL_ENDNAME);
2101 	add_token_u8(&err, dev, OPAL_ENDLIST);
2102 	add_token_u8(&err, dev, OPAL_ENDNAME);
2103 
2104 	return err;
2105 }
2106 
2107 static int add_user_to_lr(struct opal_dev *dev, void *data)
2108 {
2109 	int err;
2110 	struct opal_lock_unlock *lkul = data;
2111 	const u8 users[] = {
2112 		lkul->session.who
2113 	};
2114 
2115 	err = set_lr_boolean_ace(dev,
2116 				 lkul->l_state == OPAL_RW ?
2117 					OPAL_LOCKINGRANGE_ACE_WRLOCKED :
2118 					OPAL_LOCKINGRANGE_ACE_RDLOCKED,
2119 				 lkul->session.opal_key.lr, users,
2120 				 ARRAY_SIZE(users));
2121 	if (err) {
2122 		pr_debug("Error building add user to locking range command.\n");
2123 		return err;
2124 	}
2125 
2126 	return finalize_and_send(dev, parse_and_check_status);
2127 }
2128 
2129 static int add_user_to_lr_ace(struct opal_dev *dev, void *data)
2130 {
2131 	int err;
2132 	struct opal_lock_unlock *lkul = data;
2133 	const u8 users[] = {
2134 		OPAL_ADMIN1,
2135 		lkul->session.who
2136 	};
2137 
2138 	err = set_lr_boolean_ace(dev, OPAL_LOCKINGRANGE_ACE_START_TO_KEY,
2139 				 lkul->session.opal_key.lr, users,
2140 				 ARRAY_SIZE(users));
2141 
2142 	if (err) {
2143 		pr_debug("Error building add user to locking ranges ACEs.\n");
2144 		return err;
2145 	}
2146 
2147 	return finalize_and_send(dev, parse_and_check_status);
2148 }
2149 
2150 static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
2151 {
2152 	u8 lr_buffer[OPAL_UID_LENGTH];
2153 	struct opal_lock_unlock *lkul = data;
2154 	u8 read_locked = 1, write_locked = 1;
2155 	int err = 0;
2156 
2157 	if (build_locking_range(lr_buffer, sizeof(lr_buffer),
2158 				lkul->session.opal_key.lr) < 0)
2159 		return -ERANGE;
2160 
2161 	switch (lkul->l_state) {
2162 	case OPAL_RO:
2163 		read_locked = 0;
2164 		write_locked = 1;
2165 		break;
2166 	case OPAL_RW:
2167 		read_locked = 0;
2168 		write_locked = 0;
2169 		break;
2170 	case OPAL_LK:
2171 		/* vars are initialized to locked */
2172 		break;
2173 	default:
2174 		pr_debug("Tried to set an invalid locking state... returning to uland\n");
2175 		return OPAL_INVAL_PARAM;
2176 	}
2177 
2178 	err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
2179 
2180 	add_token_u8(&err, dev, OPAL_STARTNAME);
2181 	add_token_u8(&err, dev, OPAL_VALUES);
2182 	add_token_u8(&err, dev, OPAL_STARTLIST);
2183 
2184 	add_token_u8(&err, dev, OPAL_STARTNAME);
2185 	add_token_u8(&err, dev, OPAL_READLOCKED);
2186 	add_token_u8(&err, dev, read_locked);
2187 	add_token_u8(&err, dev, OPAL_ENDNAME);
2188 
2189 	add_token_u8(&err, dev, OPAL_STARTNAME);
2190 	add_token_u8(&err, dev, OPAL_WRITELOCKED);
2191 	add_token_u8(&err, dev, write_locked);
2192 	add_token_u8(&err, dev, OPAL_ENDNAME);
2193 
2194 	add_token_u8(&err, dev, OPAL_ENDLIST);
2195 	add_token_u8(&err, dev, OPAL_ENDNAME);
2196 
2197 	if (err) {
2198 		pr_debug("Error building SET command.\n");
2199 		return err;
2200 	}
2201 
2202 	return finalize_and_send(dev, parse_and_check_status);
2203 }
2204 
2205 
2206 static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
2207 {
2208 	u8 lr_buffer[OPAL_UID_LENGTH];
2209 	u8 read_locked = 1, write_locked = 1;
2210 	struct opal_lock_unlock *lkul = data;
2211 	int ret;
2212 
2213 	clear_opal_cmd(dev);
2214 	set_comid(dev, dev->comid);
2215 
2216 	if (build_locking_range(lr_buffer, sizeof(lr_buffer),
2217 				lkul->session.opal_key.lr) < 0)
2218 		return -ERANGE;
2219 
2220 	switch (lkul->l_state) {
2221 	case OPAL_RO:
2222 		read_locked = 0;
2223 		write_locked = 1;
2224 		break;
2225 	case OPAL_RW:
2226 		read_locked = 0;
2227 		write_locked = 0;
2228 		break;
2229 	case OPAL_LK:
2230 		/* vars are initialized to locked */
2231 		break;
2232 	default:
2233 		pr_debug("Tried to set an invalid locking state.\n");
2234 		return OPAL_INVAL_PARAM;
2235 	}
2236 	ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
2237 					read_locked, write_locked);
2238 
2239 	if (ret < 0) {
2240 		pr_debug("Error building SET command.\n");
2241 		return ret;
2242 	}
2243 
2244 	return finalize_and_send(dev, parse_and_check_status);
2245 }
2246 
2247 static int activate_lsp(struct opal_dev *dev, void *data)
2248 {
2249 	struct opal_lr_act *opal_act = data;
2250 	u8 user_lr[OPAL_UID_LENGTH];
2251 	int err, i;
2252 
2253 	err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID],
2254 			opalmethod[OPAL_ACTIVATE]);
2255 
2256 	if (opal_act->sum) {
2257 		err = build_locking_range(user_lr, sizeof(user_lr),
2258 					  opal_act->lr[0]);
2259 		if (err)
2260 			return err;
2261 
2262 		add_token_u8(&err, dev, OPAL_STARTNAME);
2263 		add_token_u64(&err, dev, OPAL_SUM_SET_LIST);
2264 
2265 		add_token_u8(&err, dev, OPAL_STARTLIST);
2266 		add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
2267 		for (i = 1; i < opal_act->num_lrs; i++) {
2268 			user_lr[7] = opal_act->lr[i];
2269 			add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
2270 		}
2271 		add_token_u8(&err, dev, OPAL_ENDLIST);
2272 		add_token_u8(&err, dev, OPAL_ENDNAME);
2273 	}
2274 
2275 	if (err) {
2276 		pr_debug("Error building Activate LockingSP command.\n");
2277 		return err;
2278 	}
2279 
2280 	return finalize_and_send(dev, parse_and_check_status);
2281 }
2282 
2283 /* Determine if we're in the Manufactured Inactive or Active state */
2284 static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
2285 {
2286 	u8 lc_status;
2287 	int err;
2288 
2289 	err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID],
2290 				 OPAL_LIFECYCLE);
2291 	if (err)
2292 		return err;
2293 
2294 	lc_status = response_get_u64(&dev->parsed, 4);
2295 	/* 0x08 is Manufactured Inactive */
2296 	/* 0x09 is Manufactured */
2297 	if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
2298 		pr_debug("Couldn't determine the status of the Lifecycle state\n");
2299 		return -ENODEV;
2300 	}
2301 
2302 	return 0;
2303 }
2304 
2305 static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
2306 {
2307 	const char *msid_pin;
2308 	size_t strlen;
2309 	int err;
2310 
2311 	err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN);
2312 	if (err)
2313 		return err;
2314 
2315 	strlen = response_get_string(&dev->parsed, 4, &msid_pin);
2316 	if (!msid_pin) {
2317 		pr_debug("Couldn't extract MSID_CPIN from response\n");
2318 		return OPAL_INVAL_PARAM;
2319 	}
2320 
2321 	dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
2322 	if (!dev->prev_data)
2323 		return -ENOMEM;
2324 
2325 	dev->prev_d_len = strlen;
2326 
2327 	return 0;
2328 }
2329 
2330 static int write_table_data(struct opal_dev *dev, void *data)
2331 {
2332 	struct opal_read_write_table *write_tbl = data;
2333 
2334 	return generic_table_write_data(dev, write_tbl->data, write_tbl->offset,
2335 					write_tbl->size, write_tbl->table_uid);
2336 }
2337 
2338 static int read_table_data_cont(struct opal_dev *dev)
2339 {
2340 	int err;
2341 	const char *data_read;
2342 
2343 	err = parse_and_check_status(dev);
2344 	if (err)
2345 		return err;
2346 
2347 	dev->prev_d_len = response_get_string(&dev->parsed, 1, &data_read);
2348 	dev->prev_data = (void *)data_read;
2349 	if (!dev->prev_data) {
2350 		pr_debug("%s: Couldn't read data from the table.\n", __func__);
2351 		return OPAL_INVAL_PARAM;
2352 	}
2353 
2354 	return 0;
2355 }
2356 
2357 /*
2358  * IO_BUFFER_LENGTH = 2048
2359  * sizeof(header) = 56
2360  * No. of Token Bytes in the Response = 11
2361  * MAX size of data that can be carried in response buffer
2362  * at a time is : 2048 - (56 + 11) = 1981 = 0x7BD.
2363  */
2364 #define OPAL_MAX_READ_TABLE (0x7BD)
2365 
2366 static int read_table_data(struct opal_dev *dev, void *data)
2367 {
2368 	struct opal_read_write_table *read_tbl = data;
2369 	int err;
2370 	size_t off = 0, max_read_size = OPAL_MAX_READ_TABLE;
2371 	u64 table_len, len;
2372 	u64 offset = read_tbl->offset, read_size = read_tbl->size - 1;
2373 	u8 __user *dst;
2374 
2375 	err = generic_get_table_info(dev, read_tbl->table_uid, OPAL_TABLE_ROWS);
2376 	if (err) {
2377 		pr_debug("Couldn't get the table size\n");
2378 		return err;
2379 	}
2380 
2381 	table_len = response_get_u64(&dev->parsed, 4);
2382 
2383 	/* Check if the user is trying to read from the table limits */
2384 	if (read_size > table_len || offset > table_len - read_size) {
2385 		pr_debug("Read size exceeds the Table size limits (%llu vs. %llu)\n",
2386 			  offset + read_size, table_len);
2387 		return -EINVAL;
2388 	}
2389 
2390 	while (off < read_size) {
2391 		err = cmd_start(dev, read_tbl->table_uid, opalmethod[OPAL_GET]);
2392 
2393 		add_token_u8(&err, dev, OPAL_STARTLIST);
2394 		add_token_u8(&err, dev, OPAL_STARTNAME);
2395 		add_token_u8(&err, dev, OPAL_STARTROW);
2396 		add_token_u64(&err, dev, offset + off); /* start row value */
2397 		add_token_u8(&err, dev, OPAL_ENDNAME);
2398 
2399 		add_token_u8(&err, dev, OPAL_STARTNAME);
2400 		add_token_u8(&err, dev, OPAL_ENDROW);
2401 
2402 		len = min(max_read_size, (size_t)(read_size - off));
2403 		add_token_u64(&err, dev, offset + off + len); /* end row value
2404 							       */
2405 		add_token_u8(&err, dev, OPAL_ENDNAME);
2406 		add_token_u8(&err, dev, OPAL_ENDLIST);
2407 
2408 		if (err) {
2409 			pr_debug("Error building read table data command.\n");
2410 			break;
2411 		}
2412 
2413 		err = finalize_and_send(dev, read_table_data_cont);
2414 		if (err)
2415 			break;
2416 
2417 		/* len+1: This includes the NULL terminator at the end*/
2418 		if (dev->prev_d_len > len + 1) {
2419 			err = -EOVERFLOW;
2420 			break;
2421 		}
2422 
2423 		dst = (u8 __user *)(uintptr_t)read_tbl->data;
2424 		if (copy_to_user(dst + off, dev->prev_data, dev->prev_d_len)) {
2425 			pr_debug("Error copying data to userspace\n");
2426 			err = -EFAULT;
2427 			break;
2428 		}
2429 		dev->prev_data = NULL;
2430 
2431 		off += len;
2432 	}
2433 
2434 	return err;
2435 }
2436 
2437 static int end_opal_session(struct opal_dev *dev, void *data)
2438 {
2439 	int err = 0;
2440 
2441 	clear_opal_cmd(dev);
2442 	set_comid(dev, dev->comid);
2443 	add_token_u8(&err, dev, OPAL_ENDOFSESSION);
2444 
2445 	if (err < 0)
2446 		return err;
2447 
2448 	return finalize_and_send(dev, end_session_cont);
2449 }
2450 
2451 static int end_opal_session_error(struct opal_dev *dev)
2452 {
2453 	const struct opal_step error_end_session = {
2454 		end_opal_session,
2455 	};
2456 
2457 	return execute_step(dev, &error_end_session, 0);
2458 }
2459 
2460 static inline void setup_opal_dev(struct opal_dev *dev)
2461 {
2462 	dev->tsn = 0;
2463 	dev->hsn = 0;
2464 	dev->prev_data = NULL;
2465 }
2466 
2467 static int check_opal_support(struct opal_dev *dev)
2468 {
2469 	int ret;
2470 
2471 	mutex_lock(&dev->dev_lock);
2472 	setup_opal_dev(dev);
2473 	ret = opal_discovery0_step(dev);
2474 	if (!ret)
2475 		dev->flags |= OPAL_FL_SUPPORTED;
2476 	mutex_unlock(&dev->dev_lock);
2477 
2478 	return ret;
2479 }
2480 
2481 static void clean_opal_dev(struct opal_dev *dev)
2482 {
2483 
2484 	struct opal_suspend_data *suspend, *next;
2485 
2486 	mutex_lock(&dev->dev_lock);
2487 	list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
2488 		list_del(&suspend->node);
2489 		kfree(suspend);
2490 	}
2491 	mutex_unlock(&dev->dev_lock);
2492 }
2493 
2494 void free_opal_dev(struct opal_dev *dev)
2495 {
2496 	if (!dev)
2497 		return;
2498 
2499 	clean_opal_dev(dev);
2500 	kfree(dev->resp);
2501 	kfree(dev->cmd);
2502 	kfree(dev);
2503 }
2504 EXPORT_SYMBOL(free_opal_dev);
2505 
2506 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2507 {
2508 	struct opal_dev *dev;
2509 
2510 	dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2511 	if (!dev)
2512 		return NULL;
2513 
2514 	/*
2515 	 * Presumably DMA-able buffers must be cache-aligned. Kmalloc makes
2516 	 * sure the allocated buffer is DMA-safe in that regard.
2517 	 */
2518 	dev->cmd = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2519 	if (!dev->cmd)
2520 		goto err_free_dev;
2521 
2522 	dev->resp = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2523 	if (!dev->resp)
2524 		goto err_free_cmd;
2525 
2526 	INIT_LIST_HEAD(&dev->unlk_lst);
2527 	mutex_init(&dev->dev_lock);
2528 	dev->flags = 0;
2529 	dev->data = data;
2530 	dev->send_recv = send_recv;
2531 	if (check_opal_support(dev) != 0) {
2532 		pr_debug("Opal is not supported on this device\n");
2533 		goto err_free_resp;
2534 	}
2535 
2536 	return dev;
2537 
2538 err_free_resp:
2539 	kfree(dev->resp);
2540 
2541 err_free_cmd:
2542 	kfree(dev->cmd);
2543 
2544 err_free_dev:
2545 	kfree(dev);
2546 
2547 	return NULL;
2548 }
2549 EXPORT_SYMBOL(init_opal_dev);
2550 
2551 static int opal_secure_erase_locking_range(struct opal_dev *dev,
2552 					   struct opal_session_info *opal_session)
2553 {
2554 	const struct opal_step erase_steps[] = {
2555 		{ start_auth_opal_session, opal_session },
2556 		{ get_active_key, &opal_session->opal_key.lr },
2557 		{ gen_key, },
2558 		{ end_opal_session, }
2559 	};
2560 	int ret;
2561 
2562 	ret = opal_get_key(dev, &opal_session->opal_key);
2563 	if (ret)
2564 		return ret;
2565 	mutex_lock(&dev->dev_lock);
2566 	setup_opal_dev(dev);
2567 	ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2568 	mutex_unlock(&dev->dev_lock);
2569 
2570 	return ret;
2571 }
2572 
2573 static int opal_get_discv(struct opal_dev *dev, struct opal_discovery *discv)
2574 {
2575 	const struct opal_step discovery0_step = {
2576 		opal_discovery0, discv
2577 	};
2578 	int ret = 0;
2579 
2580 	mutex_lock(&dev->dev_lock);
2581 	setup_opal_dev(dev);
2582 	ret = execute_step(dev, &discovery0_step, 0);
2583 	mutex_unlock(&dev->dev_lock);
2584 	if (ret)
2585 		return ret;
2586 	return discv->size; /* modified to actual length of data */
2587 }
2588 
2589 static int opal_revertlsp(struct opal_dev *dev, struct opal_revert_lsp *rev)
2590 {
2591 	/* controller will terminate session */
2592 	const struct opal_step steps[] = {
2593 		{ start_admin1LSP_opal_session, &rev->key },
2594 		{ revert_lsp, rev }
2595 	};
2596 	int ret;
2597 
2598 	ret = opal_get_key(dev, &rev->key);
2599 	if (ret)
2600 		return ret;
2601 	mutex_lock(&dev->dev_lock);
2602 	setup_opal_dev(dev);
2603 	ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2604 	mutex_unlock(&dev->dev_lock);
2605 
2606 	return ret;
2607 }
2608 
2609 static int opal_erase_locking_range(struct opal_dev *dev,
2610 				    struct opal_session_info *opal_session)
2611 {
2612 	const struct opal_step erase_steps[] = {
2613 		{ start_auth_opal_session, opal_session },
2614 		{ erase_locking_range, opal_session },
2615 		{ end_opal_session, }
2616 	};
2617 	int ret;
2618 
2619 	ret = opal_get_key(dev, &opal_session->opal_key);
2620 	if (ret)
2621 		return ret;
2622 	mutex_lock(&dev->dev_lock);
2623 	setup_opal_dev(dev);
2624 	ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2625 	mutex_unlock(&dev->dev_lock);
2626 
2627 	return ret;
2628 }
2629 
2630 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2631 					  struct opal_mbr_data *opal_mbr)
2632 {
2633 	u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ?
2634 		OPAL_TRUE : OPAL_FALSE;
2635 
2636 	const struct opal_step mbr_steps[] = {
2637 		{ start_admin1LSP_opal_session, &opal_mbr->key },
2638 		{ set_mbr_done, &enable_disable },
2639 		{ end_opal_session, },
2640 		{ start_admin1LSP_opal_session, &opal_mbr->key },
2641 		{ set_mbr_enable_disable, &enable_disable },
2642 		{ end_opal_session, }
2643 	};
2644 	int ret;
2645 
2646 	if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2647 	    opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2648 		return -EINVAL;
2649 
2650 	ret = opal_get_key(dev, &opal_mbr->key);
2651 	if (ret)
2652 		return ret;
2653 	mutex_lock(&dev->dev_lock);
2654 	setup_opal_dev(dev);
2655 	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2656 	mutex_unlock(&dev->dev_lock);
2657 
2658 	return ret;
2659 }
2660 
2661 static int opal_set_mbr_done(struct opal_dev *dev,
2662 			     struct opal_mbr_done *mbr_done)
2663 {
2664 	u8 mbr_done_tf = mbr_done->done_flag == OPAL_MBR_DONE ?
2665 		OPAL_TRUE : OPAL_FALSE;
2666 
2667 	const struct opal_step mbr_steps[] = {
2668 		{ start_admin1LSP_opal_session, &mbr_done->key },
2669 		{ set_mbr_done, &mbr_done_tf },
2670 		{ end_opal_session, }
2671 	};
2672 	int ret;
2673 
2674 	if (mbr_done->done_flag != OPAL_MBR_DONE &&
2675 	    mbr_done->done_flag != OPAL_MBR_NOT_DONE)
2676 		return -EINVAL;
2677 
2678 	ret = opal_get_key(dev, &mbr_done->key);
2679 	if (ret)
2680 		return ret;
2681 	mutex_lock(&dev->dev_lock);
2682 	setup_opal_dev(dev);
2683 	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2684 	mutex_unlock(&dev->dev_lock);
2685 
2686 	return ret;
2687 }
2688 
2689 static int opal_write_shadow_mbr(struct opal_dev *dev,
2690 				 struct opal_shadow_mbr *info)
2691 {
2692 	const struct opal_step mbr_steps[] = {
2693 		{ start_admin1LSP_opal_session, &info->key },
2694 		{ write_shadow_mbr, info },
2695 		{ end_opal_session, }
2696 	};
2697 	int ret;
2698 
2699 	if (info->size == 0)
2700 		return 0;
2701 
2702 	ret = opal_get_key(dev, &info->key);
2703 	if (ret)
2704 		return ret;
2705 	mutex_lock(&dev->dev_lock);
2706 	setup_opal_dev(dev);
2707 	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2708 	mutex_unlock(&dev->dev_lock);
2709 
2710 	return ret;
2711 }
2712 
2713 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2714 {
2715 	struct opal_suspend_data *suspend;
2716 
2717 	suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2718 	if (!suspend)
2719 		return -ENOMEM;
2720 
2721 	suspend->unlk = *lk_unlk;
2722 	suspend->lr = lk_unlk->session.opal_key.lr;
2723 
2724 	mutex_lock(&dev->dev_lock);
2725 	setup_opal_dev(dev);
2726 	add_suspend_info(dev, suspend);
2727 	mutex_unlock(&dev->dev_lock);
2728 
2729 	return 0;
2730 }
2731 
2732 static int opal_add_user_to_lr(struct opal_dev *dev,
2733 			       struct opal_lock_unlock *lk_unlk)
2734 {
2735 	const struct opal_step steps[] = {
2736 		{ start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2737 		{ add_user_to_lr, lk_unlk },
2738 		{ add_user_to_lr_ace, lk_unlk },
2739 		{ end_opal_session, }
2740 	};
2741 	int ret;
2742 
2743 	if (lk_unlk->l_state != OPAL_RO &&
2744 	    lk_unlk->l_state != OPAL_RW) {
2745 		pr_debug("Locking state was not RO or RW\n");
2746 		return -EINVAL;
2747 	}
2748 
2749 	if (lk_unlk->session.who < OPAL_USER1 ||
2750 	    lk_unlk->session.who > OPAL_USER9) {
2751 		pr_debug("Authority was not within the range of users: %d\n",
2752 			 lk_unlk->session.who);
2753 		return -EINVAL;
2754 	}
2755 
2756 	if (lk_unlk->session.sum) {
2757 		pr_debug("%s not supported in sum. Use setup locking range\n",
2758 			 __func__);
2759 		return -EINVAL;
2760 	}
2761 
2762 	ret = opal_get_key(dev, &lk_unlk->session.opal_key);
2763 	if (ret)
2764 		return ret;
2765 	mutex_lock(&dev->dev_lock);
2766 	setup_opal_dev(dev);
2767 	ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2768 	mutex_unlock(&dev->dev_lock);
2769 
2770 	return ret;
2771 }
2772 
2773 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psid)
2774 {
2775 	/* controller will terminate session */
2776 	const struct opal_step revert_steps[] = {
2777 		{ start_SIDASP_opal_session, opal },
2778 		{ revert_tper, }
2779 	};
2780 	const struct opal_step psid_revert_steps[] = {
2781 		{ start_PSID_opal_session, opal },
2782 		{ revert_tper, }
2783 	};
2784 
2785 	int ret;
2786 
2787 	ret = opal_get_key(dev, opal);
2788 
2789 	if (ret)
2790 		return ret;
2791 	mutex_lock(&dev->dev_lock);
2792 	setup_opal_dev(dev);
2793 	if (psid)
2794 		ret = execute_steps(dev, psid_revert_steps,
2795 				    ARRAY_SIZE(psid_revert_steps));
2796 	else
2797 		ret = execute_steps(dev, revert_steps,
2798 				    ARRAY_SIZE(revert_steps));
2799 	mutex_unlock(&dev->dev_lock);
2800 
2801 	/*
2802 	 * If we successfully reverted lets clean
2803 	 * any saved locking ranges.
2804 	 */
2805 	if (!ret)
2806 		clean_opal_dev(dev);
2807 
2808 	return ret;
2809 }
2810 
2811 static int __opal_lock_unlock(struct opal_dev *dev,
2812 			      struct opal_lock_unlock *lk_unlk)
2813 {
2814 	const struct opal_step unlock_steps[] = {
2815 		{ start_auth_opal_session, &lk_unlk->session },
2816 		{ lock_unlock_locking_range, lk_unlk },
2817 		{ end_opal_session, }
2818 	};
2819 	const struct opal_step unlock_sum_steps[] = {
2820 		{ start_auth_opal_session, &lk_unlk->session },
2821 		{ lock_unlock_locking_range_sum, lk_unlk },
2822 		{ end_opal_session, }
2823 	};
2824 
2825 	if (lk_unlk->session.sum)
2826 		return execute_steps(dev, unlock_sum_steps,
2827 				     ARRAY_SIZE(unlock_sum_steps));
2828 	else
2829 		return execute_steps(dev, unlock_steps,
2830 				     ARRAY_SIZE(unlock_steps));
2831 }
2832 
2833 static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2834 {
2835 	u8 mbr_done_tf = OPAL_TRUE;
2836 	const struct opal_step mbrdone_step[] = {
2837 		{ start_admin1LSP_opal_session, key },
2838 		{ set_mbr_done, &mbr_done_tf },
2839 		{ end_opal_session, }
2840 	};
2841 
2842 	return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step));
2843 }
2844 
2845 static void opal_lock_check_for_saved_key(struct opal_dev *dev,
2846 			    struct opal_lock_unlock *lk_unlk)
2847 {
2848 	struct opal_suspend_data *iter;
2849 
2850 	if (lk_unlk->l_state != OPAL_LK ||
2851 			lk_unlk->session.opal_key.key_len > 0)
2852 		return;
2853 
2854 	/*
2855 	 * Usually when closing a crypto device (eg: dm-crypt with LUKS) the
2856 	 * volume key is not required, as it requires root privileges anyway,
2857 	 * and root can deny access to a disk in many ways regardless.
2858 	 * Requiring the volume key to lock the device is a peculiarity of the
2859 	 * OPAL specification. Given we might already have saved the key if
2860 	 * the user requested it via the 'IOC_OPAL_SAVE' ioctl, we can use
2861 	 * that key to lock the device if no key was provided here, the
2862 	 * locking range matches and the appropriate flag was passed with
2863 	 * 'IOC_OPAL_SAVE'.
2864 	 * This allows integrating OPAL with tools and libraries that are used
2865 	 * to the common behaviour and do not ask for the volume key when
2866 	 * closing a device.
2867 	 */
2868 	setup_opal_dev(dev);
2869 	list_for_each_entry(iter, &dev->unlk_lst, node) {
2870 		if ((iter->unlk.flags & OPAL_SAVE_FOR_LOCK) &&
2871 				iter->lr == lk_unlk->session.opal_key.lr &&
2872 				iter->unlk.session.opal_key.key_len > 0) {
2873 			lk_unlk->session.opal_key.key_len =
2874 				iter->unlk.session.opal_key.key_len;
2875 			memcpy(lk_unlk->session.opal_key.key,
2876 				iter->unlk.session.opal_key.key,
2877 				iter->unlk.session.opal_key.key_len);
2878 			break;
2879 		}
2880 	}
2881 }
2882 
2883 static int opal_lock_unlock(struct opal_dev *dev,
2884 			    struct opal_lock_unlock *lk_unlk)
2885 {
2886 	int ret;
2887 
2888 	if (lk_unlk->session.who > OPAL_USER9)
2889 		return -EINVAL;
2890 
2891 	mutex_lock(&dev->dev_lock);
2892 	opal_lock_check_for_saved_key(dev, lk_unlk);
2893 	ret = opal_get_key(dev, &lk_unlk->session.opal_key);
2894 	if (!ret)
2895 		ret = __opal_lock_unlock(dev, lk_unlk);
2896 	mutex_unlock(&dev->dev_lock);
2897 
2898 	return ret;
2899 }
2900 
2901 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2902 {
2903 	const struct opal_step owner_steps[] = {
2904 		{ start_anybodyASP_opal_session, },
2905 		{ get_msid_cpin_pin, },
2906 		{ end_opal_session, },
2907 		{ start_SIDASP_opal_session, opal },
2908 		{ set_sid_cpin_pin, opal },
2909 		{ end_opal_session, }
2910 	};
2911 	int ret;
2912 
2913 	if (!dev)
2914 		return -ENODEV;
2915 
2916 	ret = opal_get_key(dev, opal);
2917 	if (ret)
2918 		return ret;
2919 	mutex_lock(&dev->dev_lock);
2920 	setup_opal_dev(dev);
2921 	ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
2922 	mutex_unlock(&dev->dev_lock);
2923 
2924 	return ret;
2925 }
2926 
2927 static int opal_activate_lsp(struct opal_dev *dev,
2928 			     struct opal_lr_act *opal_lr_act)
2929 {
2930 	const struct opal_step active_steps[] = {
2931 		{ start_SIDASP_opal_session, &opal_lr_act->key },
2932 		{ get_lsp_lifecycle, },
2933 		{ activate_lsp, opal_lr_act },
2934 		{ end_opal_session, }
2935 	};
2936 	int ret;
2937 
2938 	if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2939 		return -EINVAL;
2940 
2941 	ret = opal_get_key(dev, &opal_lr_act->key);
2942 	if (ret)
2943 		return ret;
2944 	mutex_lock(&dev->dev_lock);
2945 	setup_opal_dev(dev);
2946 	ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
2947 	mutex_unlock(&dev->dev_lock);
2948 
2949 	return ret;
2950 }
2951 
2952 static int opal_setup_locking_range(struct opal_dev *dev,
2953 				    struct opal_user_lr_setup *opal_lrs)
2954 {
2955 	const struct opal_step lr_steps[] = {
2956 		{ start_auth_opal_session, &opal_lrs->session },
2957 		{ setup_locking_range, opal_lrs },
2958 		{ end_opal_session, }
2959 	};
2960 	int ret;
2961 
2962 	ret = opal_get_key(dev, &opal_lrs->session.opal_key);
2963 	if (ret)
2964 		return ret;
2965 	mutex_lock(&dev->dev_lock);
2966 	setup_opal_dev(dev);
2967 	ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2968 	mutex_unlock(&dev->dev_lock);
2969 
2970 	return ret;
2971 }
2972 
2973 static int opal_locking_range_status(struct opal_dev *dev,
2974 			  struct opal_lr_status *opal_lrst,
2975 			  void __user *data)
2976 {
2977 	const struct opal_step lr_steps[] = {
2978 		{ start_auth_opal_session, &opal_lrst->session },
2979 		{ locking_range_status, opal_lrst },
2980 		{ end_opal_session, }
2981 	};
2982 	int ret;
2983 
2984 	mutex_lock(&dev->dev_lock);
2985 	setup_opal_dev(dev);
2986 	ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2987 	mutex_unlock(&dev->dev_lock);
2988 
2989 	/* skip session info when copying back to uspace */
2990 	if (!ret && copy_to_user(data + offsetof(struct opal_lr_status, range_start),
2991 				(void *)opal_lrst + offsetof(struct opal_lr_status, range_start),
2992 				sizeof(*opal_lrst) - offsetof(struct opal_lr_status, range_start))) {
2993 		pr_debug("Error copying status to userspace\n");
2994 		return -EFAULT;
2995 	}
2996 
2997 	return ret;
2998 }
2999 
3000 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
3001 {
3002 	const struct opal_step pw_steps[] = {
3003 		{ start_auth_opal_session, &opal_pw->session },
3004 		{ set_new_pw, &opal_pw->new_user_pw },
3005 		{ end_opal_session, }
3006 	};
3007 	int ret;
3008 
3009 	if (opal_pw->session.who > OPAL_USER9  ||
3010 	    opal_pw->new_user_pw.who > OPAL_USER9)
3011 		return -EINVAL;
3012 
3013 	mutex_lock(&dev->dev_lock);
3014 	setup_opal_dev(dev);
3015 	ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
3016 	mutex_unlock(&dev->dev_lock);
3017 
3018 	if (ret)
3019 		return ret;
3020 
3021 	/* update keyring with new password */
3022 	ret = update_sed_opal_key(OPAL_AUTH_KEY,
3023 				  opal_pw->new_user_pw.opal_key.key,
3024 				  opal_pw->new_user_pw.opal_key.key_len);
3025 
3026 	return ret;
3027 }
3028 
3029 static int opal_activate_user(struct opal_dev *dev,
3030 			      struct opal_session_info *opal_session)
3031 {
3032 	const struct opal_step act_steps[] = {
3033 		{ start_admin1LSP_opal_session, &opal_session->opal_key },
3034 		{ internal_activate_user, opal_session },
3035 		{ end_opal_session, }
3036 	};
3037 	int ret;
3038 
3039 	/* We can't activate Admin1 it's active as manufactured */
3040 	if (opal_session->who < OPAL_USER1 ||
3041 	    opal_session->who > OPAL_USER9) {
3042 		pr_debug("Who was not a valid user: %d\n", opal_session->who);
3043 		return -EINVAL;
3044 	}
3045 
3046 	ret = opal_get_key(dev, &opal_session->opal_key);
3047 	if (ret)
3048 		return ret;
3049 	mutex_lock(&dev->dev_lock);
3050 	setup_opal_dev(dev);
3051 	ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
3052 	mutex_unlock(&dev->dev_lock);
3053 
3054 	return ret;
3055 }
3056 
3057 bool opal_unlock_from_suspend(struct opal_dev *dev)
3058 {
3059 	struct opal_suspend_data *suspend;
3060 	bool was_failure = false;
3061 	int ret = 0;
3062 
3063 	if (!dev)
3064 		return false;
3065 
3066 	if (!(dev->flags & OPAL_FL_SUPPORTED))
3067 		return false;
3068 
3069 	mutex_lock(&dev->dev_lock);
3070 	setup_opal_dev(dev);
3071 
3072 	list_for_each_entry(suspend, &dev->unlk_lst, node) {
3073 		dev->tsn = 0;
3074 		dev->hsn = 0;
3075 
3076 		ret = __opal_lock_unlock(dev, &suspend->unlk);
3077 		if (ret) {
3078 			pr_debug("Failed to unlock LR %hhu with sum %d\n",
3079 				 suspend->unlk.session.opal_key.lr,
3080 				 suspend->unlk.session.sum);
3081 			was_failure = true;
3082 		}
3083 
3084 		if (dev->flags & OPAL_FL_MBR_ENABLED) {
3085 			ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
3086 			if (ret)
3087 				pr_debug("Failed to set MBR Done in S3 resume\n");
3088 		}
3089 	}
3090 	mutex_unlock(&dev->dev_lock);
3091 
3092 	return was_failure;
3093 }
3094 EXPORT_SYMBOL(opal_unlock_from_suspend);
3095 
3096 static int opal_read_table(struct opal_dev *dev,
3097 			   struct opal_read_write_table *rw_tbl)
3098 {
3099 	const struct opal_step read_table_steps[] = {
3100 		{ start_admin1LSP_opal_session, &rw_tbl->key },
3101 		{ read_table_data, rw_tbl },
3102 		{ end_opal_session, }
3103 	};
3104 	int ret = 0;
3105 
3106 	if (!rw_tbl->size)
3107 		return ret;
3108 
3109 	return execute_steps(dev, read_table_steps,
3110 			     ARRAY_SIZE(read_table_steps));
3111 }
3112 
3113 static int opal_write_table(struct opal_dev *dev,
3114 			    struct opal_read_write_table *rw_tbl)
3115 {
3116 	const struct opal_step write_table_steps[] = {
3117 		{ start_admin1LSP_opal_session, &rw_tbl->key },
3118 		{ write_table_data, rw_tbl },
3119 		{ end_opal_session, }
3120 	};
3121 	int ret = 0;
3122 
3123 	if (!rw_tbl->size)
3124 		return ret;
3125 
3126 	return execute_steps(dev, write_table_steps,
3127 			     ARRAY_SIZE(write_table_steps));
3128 }
3129 
3130 static int opal_generic_read_write_table(struct opal_dev *dev,
3131 					 struct opal_read_write_table *rw_tbl)
3132 {
3133 	int ret, bit_set;
3134 
3135 	ret = opal_get_key(dev, &rw_tbl->key);
3136 	if (ret)
3137 		return ret;
3138 	mutex_lock(&dev->dev_lock);
3139 	setup_opal_dev(dev);
3140 
3141 	bit_set = fls64(rw_tbl->flags) - 1;
3142 	switch (bit_set) {
3143 	case OPAL_READ_TABLE:
3144 		ret = opal_read_table(dev, rw_tbl);
3145 		break;
3146 	case OPAL_WRITE_TABLE:
3147 		ret = opal_write_table(dev, rw_tbl);
3148 		break;
3149 	default:
3150 		pr_debug("Invalid bit set in the flag (%016llx).\n",
3151 			 rw_tbl->flags);
3152 		ret = -EINVAL;
3153 		break;
3154 	}
3155 
3156 	mutex_unlock(&dev->dev_lock);
3157 
3158 	return ret;
3159 }
3160 
3161 static int opal_get_status(struct opal_dev *dev, void __user *data)
3162 {
3163 	struct opal_status sts = {0};
3164 
3165 	/*
3166 	 * check_opal_support() error is not fatal,
3167 	 * !dev->supported is a valid condition
3168 	 */
3169 	if (!check_opal_support(dev))
3170 		sts.flags = dev->flags;
3171 	if (copy_to_user(data, &sts, sizeof(sts))) {
3172 		pr_debug("Error copying status to userspace\n");
3173 		return -EFAULT;
3174 	}
3175 	return 0;
3176 }
3177 
3178 static int opal_get_geometry(struct opal_dev *dev, void __user *data)
3179 {
3180 	struct opal_geometry geo = {0};
3181 
3182 	if (check_opal_support(dev))
3183 		return -EINVAL;
3184 
3185 	geo.align = dev->align_required;
3186 	geo.logical_block_size = dev->logical_block_size;
3187 	geo.alignment_granularity =  dev->align;
3188 	geo.lowest_aligned_lba = dev->lowest_lba;
3189 
3190 	if (copy_to_user(data, &geo, sizeof(geo))) {
3191 		pr_debug("Error copying geometry data to userspace\n");
3192 		return -EFAULT;
3193 	}
3194 
3195 	return 0;
3196 }
3197 
3198 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
3199 {
3200 	void *p;
3201 	int ret = -ENOTTY;
3202 
3203 	if (!capable(CAP_SYS_ADMIN))
3204 		return -EACCES;
3205 	if (!dev)
3206 		return -EOPNOTSUPP;
3207 	if (!(dev->flags & OPAL_FL_SUPPORTED))
3208 		return -EOPNOTSUPP;
3209 
3210 	if (cmd & IOC_IN) {
3211 		p = memdup_user(arg, _IOC_SIZE(cmd));
3212 		if (IS_ERR(p))
3213 			return PTR_ERR(p);
3214 	}
3215 
3216 	switch (cmd) {
3217 	case IOC_OPAL_SAVE:
3218 		ret = opal_save(dev, p);
3219 		break;
3220 	case IOC_OPAL_LOCK_UNLOCK:
3221 		ret = opal_lock_unlock(dev, p);
3222 		break;
3223 	case IOC_OPAL_TAKE_OWNERSHIP:
3224 		ret = opal_take_ownership(dev, p);
3225 		break;
3226 	case IOC_OPAL_ACTIVATE_LSP:
3227 		ret = opal_activate_lsp(dev, p);
3228 		break;
3229 	case IOC_OPAL_SET_PW:
3230 		ret = opal_set_new_pw(dev, p);
3231 		break;
3232 	case IOC_OPAL_ACTIVATE_USR:
3233 		ret = opal_activate_user(dev, p);
3234 		break;
3235 	case IOC_OPAL_REVERT_TPR:
3236 		ret = opal_reverttper(dev, p, false);
3237 		break;
3238 	case IOC_OPAL_LR_SETUP:
3239 		ret = opal_setup_locking_range(dev, p);
3240 		break;
3241 	case IOC_OPAL_ADD_USR_TO_LR:
3242 		ret = opal_add_user_to_lr(dev, p);
3243 		break;
3244 	case IOC_OPAL_ENABLE_DISABLE_MBR:
3245 		ret = opal_enable_disable_shadow_mbr(dev, p);
3246 		break;
3247 	case IOC_OPAL_MBR_DONE:
3248 		ret = opal_set_mbr_done(dev, p);
3249 		break;
3250 	case IOC_OPAL_WRITE_SHADOW_MBR:
3251 		ret = opal_write_shadow_mbr(dev, p);
3252 		break;
3253 	case IOC_OPAL_ERASE_LR:
3254 		ret = opal_erase_locking_range(dev, p);
3255 		break;
3256 	case IOC_OPAL_SECURE_ERASE_LR:
3257 		ret = opal_secure_erase_locking_range(dev, p);
3258 		break;
3259 	case IOC_OPAL_PSID_REVERT_TPR:
3260 		ret = opal_reverttper(dev, p, true);
3261 		break;
3262 	case IOC_OPAL_GENERIC_TABLE_RW:
3263 		ret = opal_generic_read_write_table(dev, p);
3264 		break;
3265 	case IOC_OPAL_GET_STATUS:
3266 		ret = opal_get_status(dev, arg);
3267 		break;
3268 	case IOC_OPAL_GET_LR_STATUS:
3269 		ret = opal_locking_range_status(dev, p, arg);
3270 		break;
3271 	case IOC_OPAL_GET_GEOMETRY:
3272 		ret = opal_get_geometry(dev, arg);
3273 		break;
3274 	case IOC_OPAL_REVERT_LSP:
3275 		ret = opal_revertlsp(dev, p);
3276 		break;
3277 	case IOC_OPAL_DISCOVERY:
3278 		ret = opal_get_discv(dev, p);
3279 		break;
3280 
3281 	default:
3282 		break;
3283 	}
3284 
3285 	if (cmd & IOC_IN)
3286 		kfree(p);
3287 	return ret;
3288 }
3289 EXPORT_SYMBOL_GPL(sed_ioctl);
3290 
3291 static int __init sed_opal_init(void)
3292 {
3293 	struct key *kr;
3294 
3295 	kr = keyring_alloc(".sed_opal",
3296 			   GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
3297 			   (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW |
3298 			   KEY_USR_READ | KEY_USR_SEARCH | KEY_USR_WRITE,
3299 			   KEY_ALLOC_NOT_IN_QUOTA,
3300 			   NULL, NULL);
3301 	if (IS_ERR(kr))
3302 		return PTR_ERR(kr);
3303 
3304 	sed_opal_keyring = kr;
3305 
3306 	return 0;
3307 }
3308 late_initcall(sed_opal_init);
3309