xref: /openbmc/linux/block/sed-opal.c (revision 4a075bd4)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright © 2016 Intel Corporation
4  *
5  * Authors:
6  *    Scott  Bauer      <scott.bauer@intel.com>
7  *    Rafael Antognolli <rafael.antognolli@intel.com>
8  */
9 
10 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
11 
12 #include <linux/delay.h>
13 #include <linux/device.h>
14 #include <linux/kernel.h>
15 #include <linux/list.h>
16 #include <linux/genhd.h>
17 #include <linux/slab.h>
18 #include <linux/uaccess.h>
19 #include <uapi/linux/sed-opal.h>
20 #include <linux/sed-opal.h>
21 #include <linux/string.h>
22 #include <linux/kdev_t.h>
23 
24 #include "opal_proto.h"
25 
26 #define IO_BUFFER_LENGTH 2048
27 #define MAX_TOKS 64
28 
29 struct opal_step {
30 	int (*fn)(struct opal_dev *dev, void *data);
31 	void *data;
32 };
33 typedef int (cont_fn)(struct opal_dev *dev);
34 
35 enum opal_atom_width {
36 	OPAL_WIDTH_TINY,
37 	OPAL_WIDTH_SHORT,
38 	OPAL_WIDTH_MEDIUM,
39 	OPAL_WIDTH_LONG,
40 	OPAL_WIDTH_TOKEN
41 };
42 
43 /*
44  * On the parsed response, we don't store again the toks that are already
45  * stored in the response buffer. Instead, for each token, we just store a
46  * pointer to the position in the buffer where the token starts, and the size
47  * of the token in bytes.
48  */
49 struct opal_resp_tok {
50 	const u8 *pos;
51 	size_t len;
52 	enum opal_response_token type;
53 	enum opal_atom_width width;
54 	union {
55 		u64 u;
56 		s64 s;
57 	} stored;
58 };
59 
60 /*
61  * From the response header it's not possible to know how many tokens there are
62  * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
63  * if we start dealing with messages that have more than that, we can increase
64  * this number. This is done to avoid having to make two passes through the
65  * response, the first one counting how many tokens we have and the second one
66  * actually storing the positions.
67  */
68 struct parsed_resp {
69 	int num;
70 	struct opal_resp_tok toks[MAX_TOKS];
71 };
72 
73 struct opal_dev {
74 	bool supported;
75 	bool mbr_enabled;
76 
77 	void *data;
78 	sec_send_recv *send_recv;
79 
80 	struct mutex dev_lock;
81 	u16 comid;
82 	u32 hsn;
83 	u32 tsn;
84 	u64 align;
85 	u64 lowest_lba;
86 
87 	size_t pos;
88 	u8 cmd[IO_BUFFER_LENGTH];
89 	u8 resp[IO_BUFFER_LENGTH];
90 
91 	struct parsed_resp parsed;
92 	size_t prev_d_len;
93 	void *prev_data;
94 
95 	struct list_head unlk_lst;
96 };
97 
98 
99 static const u8 opaluid[][OPAL_UID_LENGTH] = {
100 	/* users */
101 	[OPAL_SMUID_UID] =
102 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
103 	[OPAL_THISSP_UID] =
104 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
105 	[OPAL_ADMINSP_UID] =
106 		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
107 	[OPAL_LOCKINGSP_UID] =
108 		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
109 	[OPAL_ENTERPRISE_LOCKINGSP_UID] =
110 		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
111 	[OPAL_ANYBODY_UID] =
112 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
113 	[OPAL_SID_UID] =
114 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
115 	[OPAL_ADMIN1_UID] =
116 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
117 	[OPAL_USER1_UID] =
118 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
119 	[OPAL_USER2_UID] =
120 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
121 	[OPAL_PSID_UID] =
122 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
123 	[OPAL_ENTERPRISE_BANDMASTER0_UID] =
124 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
125 	[OPAL_ENTERPRISE_ERASEMASTER_UID] =
126 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
127 
128 	/* tables */
129 
130 	[OPAL_LOCKINGRANGE_GLOBAL] =
131 		{ 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
132 	[OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
133 		{ 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
134 	[OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
135 		{ 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
136 	[OPAL_MBRCONTROL] =
137 		{ 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
138 	[OPAL_MBR] =
139 		{ 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
140 	[OPAL_AUTHORITY_TABLE] =
141 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
142 	[OPAL_C_PIN_TABLE] =
143 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
144 	[OPAL_LOCKING_INFO_TABLE] =
145 		{ 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
146 	[OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
147 		{ 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
148 
149 	/* C_PIN_TABLE object ID's */
150 
151 	[OPAL_C_PIN_MSID] =
152 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
153 	[OPAL_C_PIN_SID] =
154 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
155 	[OPAL_C_PIN_ADMIN1] =
156 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
157 
158 	/* half UID's (only first 4 bytes used) */
159 
160 	[OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
161 		{ 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
162 	[OPAL_HALF_UID_BOOLEAN_ACE] =
163 		{ 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
164 
165 	/* special value for omitted optional parameter */
166 	[OPAL_UID_HEXFF] =
167 		{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
168 };
169 
170 /*
171  * TCG Storage SSC Methods.
172  * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
173  * Section: 6.3 Assigned UIDs
174  */
175 static const u8 opalmethod[][OPAL_METHOD_LENGTH] = {
176 	[OPAL_PROPERTIES] =
177 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
178 	[OPAL_STARTSESSION] =
179 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
180 	[OPAL_REVERT] =
181 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
182 	[OPAL_ACTIVATE] =
183 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
184 	[OPAL_EGET] =
185 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
186 	[OPAL_ESET] =
187 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
188 	[OPAL_NEXT] =
189 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
190 	[OPAL_EAUTHENTICATE] =
191 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
192 	[OPAL_GETACL] =
193 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
194 	[OPAL_GENKEY] =
195 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
196 	[OPAL_REVERTSP] =
197 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
198 	[OPAL_GET] =
199 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
200 	[OPAL_SET] =
201 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
202 	[OPAL_AUTHENTICATE] =
203 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
204 	[OPAL_RANDOM] =
205 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
206 	[OPAL_ERASE] =
207 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
208 };
209 
210 static int end_opal_session_error(struct opal_dev *dev);
211 static int opal_discovery0_step(struct opal_dev *dev);
212 
213 struct opal_suspend_data {
214 	struct opal_lock_unlock unlk;
215 	u8 lr;
216 	struct list_head node;
217 };
218 
219 /*
220  * Derived from:
221  * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
222  * Section: 5.1.5 Method Status Codes
223  */
224 static const char * const opal_errors[] = {
225 	"Success",
226 	"Not Authorized",
227 	"Unknown Error",
228 	"SP Busy",
229 	"SP Failed",
230 	"SP Disabled",
231 	"SP Frozen",
232 	"No Sessions Available",
233 	"Uniqueness Conflict",
234 	"Insufficient Space",
235 	"Insufficient Rows",
236 	"Invalid Function",
237 	"Invalid Parameter",
238 	"Invalid Reference",
239 	"Unknown Error",
240 	"TPER Malfunction",
241 	"Transaction Failure",
242 	"Response Overflow",
243 	"Authority Locked Out",
244 };
245 
246 static const char *opal_error_to_human(int error)
247 {
248 	if (error == 0x3f)
249 		return "Failed";
250 
251 	if (error >= ARRAY_SIZE(opal_errors) || error < 0)
252 		return "Unknown Error";
253 
254 	return opal_errors[error];
255 }
256 
257 static void print_buffer(const u8 *ptr, u32 length)
258 {
259 #ifdef DEBUG
260 	print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
261 	pr_debug("\n");
262 #endif
263 }
264 
265 static bool check_tper(const void *data)
266 {
267 	const struct d0_tper_features *tper = data;
268 	u8 flags = tper->supported_features;
269 
270 	if (!(flags & TPER_SYNC_SUPPORTED)) {
271 		pr_debug("TPer sync not supported. flags = %d\n",
272 			 tper->supported_features);
273 		return false;
274 	}
275 
276 	return true;
277 }
278 
279 static bool check_mbrenabled(const void *data)
280 {
281 	const struct d0_locking_features *lfeat = data;
282 	u8 sup_feat = lfeat->supported_features;
283 
284 	return !!(sup_feat & MBR_ENABLED_MASK);
285 }
286 
287 static bool check_sum(const void *data)
288 {
289 	const struct d0_single_user_mode *sum = data;
290 	u32 nlo = be32_to_cpu(sum->num_locking_objects);
291 
292 	if (nlo == 0) {
293 		pr_debug("Need at least one locking object.\n");
294 		return false;
295 	}
296 
297 	pr_debug("Number of locking objects: %d\n", nlo);
298 
299 	return true;
300 }
301 
302 static u16 get_comid_v100(const void *data)
303 {
304 	const struct d0_opal_v100 *v100 = data;
305 
306 	return be16_to_cpu(v100->baseComID);
307 }
308 
309 static u16 get_comid_v200(const void *data)
310 {
311 	const struct d0_opal_v200 *v200 = data;
312 
313 	return be16_to_cpu(v200->baseComID);
314 }
315 
316 static int opal_send_cmd(struct opal_dev *dev)
317 {
318 	return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
319 			      dev->cmd, IO_BUFFER_LENGTH,
320 			      true);
321 }
322 
323 static int opal_recv_cmd(struct opal_dev *dev)
324 {
325 	return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
326 			      dev->resp, IO_BUFFER_LENGTH,
327 			      false);
328 }
329 
330 static int opal_recv_check(struct opal_dev *dev)
331 {
332 	size_t buflen = IO_BUFFER_LENGTH;
333 	void *buffer = dev->resp;
334 	struct opal_header *hdr = buffer;
335 	int ret;
336 
337 	do {
338 		pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
339 			 hdr->cp.outstandingData,
340 			 hdr->cp.minTransfer);
341 
342 		if (hdr->cp.outstandingData == 0 ||
343 		    hdr->cp.minTransfer != 0)
344 			return 0;
345 
346 		memset(buffer, 0, buflen);
347 		ret = opal_recv_cmd(dev);
348 	} while (!ret);
349 
350 	return ret;
351 }
352 
353 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
354 {
355 	int ret;
356 
357 	ret = opal_send_cmd(dev);
358 	if (ret)
359 		return ret;
360 	ret = opal_recv_cmd(dev);
361 	if (ret)
362 		return ret;
363 	ret = opal_recv_check(dev);
364 	if (ret)
365 		return ret;
366 	return cont(dev);
367 }
368 
369 static void check_geometry(struct opal_dev *dev, const void *data)
370 {
371 	const struct d0_geometry_features *geo = data;
372 
373 	dev->align = geo->alignment_granularity;
374 	dev->lowest_lba = geo->lowest_aligned_lba;
375 }
376 
377 static int execute_step(struct opal_dev *dev,
378 			const struct opal_step *step, size_t stepIndex)
379 {
380 	int error = step->fn(dev, step->data);
381 
382 	if (error) {
383 		pr_debug("Step %zu (%pS) failed with error %d: %s\n",
384 			 stepIndex, step->fn, error,
385 			 opal_error_to_human(error));
386 	}
387 
388 	return error;
389 }
390 
391 static int execute_steps(struct opal_dev *dev,
392 			 const struct opal_step *steps, size_t n_steps)
393 {
394 	size_t state = 0;
395 	int error;
396 
397 	/* first do a discovery0 */
398 	error = opal_discovery0_step(dev);
399 	if (error)
400 		return error;
401 
402 	for (state = 0; state < n_steps; state++) {
403 		error = execute_step(dev, &steps[state], state);
404 		if (error)
405 			goto out_error;
406 	}
407 
408 	return 0;
409 
410 out_error:
411 	/*
412 	 * For each OPAL command the first step in steps starts some sort of
413 	 * session. If an error occurred in the initial discovery0 or if an
414 	 * error occurred in the first step (and thus stopping the loop with
415 	 * state == 0) then there was an error before or during the attempt to
416 	 * start a session. Therefore we shouldn't attempt to terminate a
417 	 * session, as one has not yet been created.
418 	 */
419 	if (state > 0)
420 		end_opal_session_error(dev);
421 
422 	return error;
423 }
424 
425 static int opal_discovery0_end(struct opal_dev *dev)
426 {
427 	bool found_com_id = false, supported = true, single_user = false;
428 	const struct d0_header *hdr = (struct d0_header *)dev->resp;
429 	const u8 *epos = dev->resp, *cpos = dev->resp;
430 	u16 comid = 0;
431 	u32 hlen = be32_to_cpu(hdr->length);
432 
433 	print_buffer(dev->resp, hlen);
434 	dev->mbr_enabled = false;
435 
436 	if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
437 		pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
438 			 sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
439 		return -EFAULT;
440 	}
441 
442 	epos += hlen; /* end of buffer */
443 	cpos += sizeof(*hdr); /* current position on buffer */
444 
445 	while (cpos < epos && supported) {
446 		const struct d0_features *body =
447 			(const struct d0_features *)cpos;
448 
449 		switch (be16_to_cpu(body->code)) {
450 		case FC_TPER:
451 			supported = check_tper(body->features);
452 			break;
453 		case FC_SINGLEUSER:
454 			single_user = check_sum(body->features);
455 			break;
456 		case FC_GEOMETRY:
457 			check_geometry(dev, body);
458 			break;
459 		case FC_LOCKING:
460 			dev->mbr_enabled = check_mbrenabled(body->features);
461 			break;
462 		case FC_ENTERPRISE:
463 		case FC_DATASTORE:
464 			/* some ignored properties */
465 			pr_debug("Found OPAL feature description: %d\n",
466 				 be16_to_cpu(body->code));
467 			break;
468 		case FC_OPALV100:
469 			comid = get_comid_v100(body->features);
470 			found_com_id = true;
471 			break;
472 		case FC_OPALV200:
473 			comid = get_comid_v200(body->features);
474 			found_com_id = true;
475 			break;
476 		case 0xbfff ... 0xffff:
477 			/* vendor specific, just ignore */
478 			break;
479 		default:
480 			pr_debug("OPAL Unknown feature: %d\n",
481 				 be16_to_cpu(body->code));
482 
483 		}
484 		cpos += body->length + 4;
485 	}
486 
487 	if (!supported) {
488 		pr_debug("This device is not Opal enabled. Not Supported!\n");
489 		return -EOPNOTSUPP;
490 	}
491 
492 	if (!single_user)
493 		pr_debug("Device doesn't support single user mode\n");
494 
495 
496 	if (!found_com_id) {
497 		pr_debug("Could not find OPAL comid for device. Returning early\n");
498 		return -EOPNOTSUPP;
499 	}
500 
501 	dev->comid = comid;
502 
503 	return 0;
504 }
505 
506 static int opal_discovery0(struct opal_dev *dev, void *data)
507 {
508 	int ret;
509 
510 	memset(dev->resp, 0, IO_BUFFER_LENGTH);
511 	dev->comid = OPAL_DISCOVERY_COMID;
512 	ret = opal_recv_cmd(dev);
513 	if (ret)
514 		return ret;
515 	return opal_discovery0_end(dev);
516 }
517 
518 static int opal_discovery0_step(struct opal_dev *dev)
519 {
520 	const struct opal_step discovery0_step = {
521 		opal_discovery0,
522 	};
523 	return execute_step(dev, &discovery0_step, 0);
524 }
525 
526 static bool can_add(int *err, struct opal_dev *cmd, size_t len)
527 {
528 	if (*err)
529 		return false;
530 
531 	if (len > IO_BUFFER_LENGTH || cmd->pos > IO_BUFFER_LENGTH - len) {
532 		pr_debug("Error adding %zu bytes: end of buffer.\n", len);
533 		*err = -ERANGE;
534 		return false;
535 	}
536 
537 	return true;
538 }
539 
540 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
541 {
542 	if (!can_add(err, cmd, 1))
543 		return;
544 	cmd->cmd[cmd->pos++] = tok;
545 }
546 
547 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
548 				  bool has_sign, int len)
549 {
550 	u8 atom;
551 	int err = 0;
552 
553 	atom = SHORT_ATOM_ID;
554 	atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
555 	atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
556 	atom |= len & SHORT_ATOM_LEN_MASK;
557 
558 	add_token_u8(&err, cmd, atom);
559 }
560 
561 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
562 				   bool has_sign, int len)
563 {
564 	u8 header0;
565 
566 	header0 = MEDIUM_ATOM_ID;
567 	header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
568 	header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
569 	header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
570 	cmd->cmd[cmd->pos++] = header0;
571 	cmd->cmd[cmd->pos++] = len;
572 }
573 
574 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
575 {
576 	size_t len;
577 	int msb;
578 
579 	if (!(number & ~TINY_ATOM_DATA_MASK)) {
580 		add_token_u8(err, cmd, number);
581 		return;
582 	}
583 
584 	msb = fls64(number);
585 	len = DIV_ROUND_UP(msb, 8);
586 
587 	if (!can_add(err, cmd, len + 1)) {
588 		pr_debug("Error adding u64: end of buffer.\n");
589 		return;
590 	}
591 	add_short_atom_header(cmd, false, false, len);
592 	while (len--)
593 		add_token_u8(err, cmd, number >> (len * 8));
594 }
595 
596 static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len)
597 {
598 	size_t header_len = 1;
599 	bool is_short_atom = true;
600 
601 	if (len & ~SHORT_ATOM_LEN_MASK) {
602 		header_len = 2;
603 		is_short_atom = false;
604 	}
605 
606 	if (!can_add(err, cmd, header_len + len)) {
607 		pr_debug("Error adding bytestring: end of buffer.\n");
608 		return NULL;
609 	}
610 
611 	if (is_short_atom)
612 		add_short_atom_header(cmd, true, false, len);
613 	else
614 		add_medium_atom_header(cmd, true, false, len);
615 
616 	return &cmd->cmd[cmd->pos];
617 }
618 
619 static void add_token_bytestring(int *err, struct opal_dev *cmd,
620 				 const u8 *bytestring, size_t len)
621 {
622 	u8 *start;
623 
624 	start = add_bytestring_header(err, cmd, len);
625 	if (!start)
626 		return;
627 	memcpy(start, bytestring, len);
628 	cmd->pos += len;
629 }
630 
631 static int build_locking_range(u8 *buffer, size_t length, u8 lr)
632 {
633 	if (length > OPAL_UID_LENGTH) {
634 		pr_debug("Can't build locking range. Length OOB\n");
635 		return -ERANGE;
636 	}
637 
638 	memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
639 
640 	if (lr == 0)
641 		return 0;
642 	buffer[5] = LOCKING_RANGE_NON_GLOBAL;
643 	buffer[7] = lr;
644 
645 	return 0;
646 }
647 
648 static int build_locking_user(u8 *buffer, size_t length, u8 lr)
649 {
650 	if (length > OPAL_UID_LENGTH) {
651 		pr_debug("Can't build locking range user. Length OOB\n");
652 		return -ERANGE;
653 	}
654 
655 	memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
656 
657 	buffer[7] = lr + 1;
658 
659 	return 0;
660 }
661 
662 static void set_comid(struct opal_dev *cmd, u16 comid)
663 {
664 	struct opal_header *hdr = (struct opal_header *)cmd->cmd;
665 
666 	hdr->cp.extendedComID[0] = comid >> 8;
667 	hdr->cp.extendedComID[1] = comid;
668 	hdr->cp.extendedComID[2] = 0;
669 	hdr->cp.extendedComID[3] = 0;
670 }
671 
672 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
673 {
674 	struct opal_header *hdr;
675 	int err = 0;
676 
677 	/* close the parameter list opened from cmd_start */
678 	add_token_u8(&err, cmd, OPAL_ENDLIST);
679 
680 	add_token_u8(&err, cmd, OPAL_ENDOFDATA);
681 	add_token_u8(&err, cmd, OPAL_STARTLIST);
682 	add_token_u8(&err, cmd, 0);
683 	add_token_u8(&err, cmd, 0);
684 	add_token_u8(&err, cmd, 0);
685 	add_token_u8(&err, cmd, OPAL_ENDLIST);
686 
687 	if (err) {
688 		pr_debug("Error finalizing command.\n");
689 		return -EFAULT;
690 	}
691 
692 	hdr = (struct opal_header *) cmd->cmd;
693 
694 	hdr->pkt.tsn = cpu_to_be32(tsn);
695 	hdr->pkt.hsn = cpu_to_be32(hsn);
696 
697 	hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
698 	while (cmd->pos % 4) {
699 		if (cmd->pos >= IO_BUFFER_LENGTH) {
700 			pr_debug("Error: Buffer overrun\n");
701 			return -ERANGE;
702 		}
703 		cmd->cmd[cmd->pos++] = 0;
704 	}
705 	hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
706 				      sizeof(hdr->pkt));
707 	hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
708 
709 	return 0;
710 }
711 
712 static const struct opal_resp_tok *response_get_token(
713 				const struct parsed_resp *resp,
714 				int n)
715 {
716 	const struct opal_resp_tok *tok;
717 
718 	if (!resp) {
719 		pr_debug("Response is NULL\n");
720 		return ERR_PTR(-EINVAL);
721 	}
722 
723 	if (n >= resp->num) {
724 		pr_debug("Token number doesn't exist: %d, resp: %d\n",
725 			 n, resp->num);
726 		return ERR_PTR(-EINVAL);
727 	}
728 
729 	tok = &resp->toks[n];
730 	if (tok->len == 0) {
731 		pr_debug("Token length must be non-zero\n");
732 		return ERR_PTR(-EINVAL);
733 	}
734 
735 	return tok;
736 }
737 
738 static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
739 				   const u8 *pos)
740 {
741 	tok->pos = pos;
742 	tok->len = 1;
743 	tok->width = OPAL_WIDTH_TINY;
744 
745 	if (pos[0] & TINY_ATOM_SIGNED) {
746 		tok->type = OPAL_DTA_TOKENID_SINT;
747 	} else {
748 		tok->type = OPAL_DTA_TOKENID_UINT;
749 		tok->stored.u = pos[0] & 0x3f;
750 	}
751 
752 	return tok->len;
753 }
754 
755 static ssize_t response_parse_short(struct opal_resp_tok *tok,
756 				    const u8 *pos)
757 {
758 	tok->pos = pos;
759 	tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
760 	tok->width = OPAL_WIDTH_SHORT;
761 
762 	if (pos[0] & SHORT_ATOM_BYTESTRING) {
763 		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
764 	} else if (pos[0] & SHORT_ATOM_SIGNED) {
765 		tok->type = OPAL_DTA_TOKENID_SINT;
766 	} else {
767 		u64 u_integer = 0;
768 		ssize_t i, b = 0;
769 
770 		tok->type = OPAL_DTA_TOKENID_UINT;
771 		if (tok->len > 9) {
772 			pr_debug("uint64 with more than 8 bytes\n");
773 			return -EINVAL;
774 		}
775 		for (i = tok->len - 1; i > 0; i--) {
776 			u_integer |= ((u64)pos[i] << (8 * b));
777 			b++;
778 		}
779 		tok->stored.u = u_integer;
780 	}
781 
782 	return tok->len;
783 }
784 
785 static ssize_t response_parse_medium(struct opal_resp_tok *tok,
786 				     const u8 *pos)
787 {
788 	tok->pos = pos;
789 	tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
790 	tok->width = OPAL_WIDTH_MEDIUM;
791 
792 	if (pos[0] & MEDIUM_ATOM_BYTESTRING)
793 		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
794 	else if (pos[0] & MEDIUM_ATOM_SIGNED)
795 		tok->type = OPAL_DTA_TOKENID_SINT;
796 	else
797 		tok->type = OPAL_DTA_TOKENID_UINT;
798 
799 	return tok->len;
800 }
801 
802 static ssize_t response_parse_long(struct opal_resp_tok *tok,
803 				   const u8 *pos)
804 {
805 	tok->pos = pos;
806 	tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
807 	tok->width = OPAL_WIDTH_LONG;
808 
809 	if (pos[0] & LONG_ATOM_BYTESTRING)
810 		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
811 	else if (pos[0] & LONG_ATOM_SIGNED)
812 		tok->type = OPAL_DTA_TOKENID_SINT;
813 	else
814 		tok->type = OPAL_DTA_TOKENID_UINT;
815 
816 	return tok->len;
817 }
818 
819 static ssize_t response_parse_token(struct opal_resp_tok *tok,
820 				    const u8 *pos)
821 {
822 	tok->pos = pos;
823 	tok->len = 1;
824 	tok->type = OPAL_DTA_TOKENID_TOKEN;
825 	tok->width = OPAL_WIDTH_TOKEN;
826 
827 	return tok->len;
828 }
829 
830 static int response_parse(const u8 *buf, size_t length,
831 			  struct parsed_resp *resp)
832 {
833 	const struct opal_header *hdr;
834 	struct opal_resp_tok *iter;
835 	int num_entries = 0;
836 	int total;
837 	ssize_t token_length;
838 	const u8 *pos;
839 	u32 clen, plen, slen;
840 
841 	if (!buf)
842 		return -EFAULT;
843 
844 	if (!resp)
845 		return -EFAULT;
846 
847 	hdr = (struct opal_header *)buf;
848 	pos = buf;
849 	pos += sizeof(*hdr);
850 
851 	clen = be32_to_cpu(hdr->cp.length);
852 	plen = be32_to_cpu(hdr->pkt.length);
853 	slen = be32_to_cpu(hdr->subpkt.length);
854 	pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
855 		 clen, plen, slen);
856 
857 	if (clen == 0 || plen == 0 || slen == 0 ||
858 	    slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
859 		pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
860 			 clen, plen, slen);
861 		print_buffer(pos, sizeof(*hdr));
862 		return -EINVAL;
863 	}
864 
865 	if (pos > buf + length)
866 		return -EFAULT;
867 
868 	iter = resp->toks;
869 	total = slen;
870 	print_buffer(pos, total);
871 	while (total > 0) {
872 		if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
873 			token_length = response_parse_tiny(iter, pos);
874 		else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
875 			token_length = response_parse_short(iter, pos);
876 		else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
877 			token_length = response_parse_medium(iter, pos);
878 		else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
879 			token_length = response_parse_long(iter, pos);
880 		else /* TOKEN */
881 			token_length = response_parse_token(iter, pos);
882 
883 		if (token_length < 0)
884 			return token_length;
885 
886 		pos += token_length;
887 		total -= token_length;
888 		iter++;
889 		num_entries++;
890 	}
891 
892 	if (num_entries == 0) {
893 		pr_debug("Couldn't parse response.\n");
894 		return -EINVAL;
895 	}
896 	resp->num = num_entries;
897 
898 	return 0;
899 }
900 
901 static size_t response_get_string(const struct parsed_resp *resp, int n,
902 				  const char **store)
903 {
904 	u8 skip;
905 	const struct opal_resp_tok *tok;
906 
907 	*store = NULL;
908 	tok = response_get_token(resp, n);
909 	if (IS_ERR(tok))
910 		return 0;
911 
912 	if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) {
913 		pr_debug("Token is not a byte string!\n");
914 		return 0;
915 	}
916 
917 	switch (tok->width) {
918 	case OPAL_WIDTH_TINY:
919 	case OPAL_WIDTH_SHORT:
920 		skip = 1;
921 		break;
922 	case OPAL_WIDTH_MEDIUM:
923 		skip = 2;
924 		break;
925 	case OPAL_WIDTH_LONG:
926 		skip = 4;
927 		break;
928 	default:
929 		pr_debug("Token has invalid width!\n");
930 		return 0;
931 	}
932 
933 	*store = tok->pos + skip;
934 	return tok->len - skip;
935 }
936 
937 static u64 response_get_u64(const struct parsed_resp *resp, int n)
938 {
939 	const struct opal_resp_tok *tok;
940 
941 	tok = response_get_token(resp, n);
942 	if (IS_ERR(tok))
943 		return 0;
944 
945 	if (tok->type != OPAL_DTA_TOKENID_UINT) {
946 		pr_debug("Token is not unsigned int: %d\n", tok->type);
947 		return 0;
948 	}
949 
950 	if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) {
951 		pr_debug("Atom is not short or tiny: %d\n", tok->width);
952 		return 0;
953 	}
954 
955 	return tok->stored.u;
956 }
957 
958 static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
959 {
960 	if (IS_ERR(token) ||
961 	    token->type != OPAL_DTA_TOKENID_TOKEN ||
962 	    token->pos[0] != match)
963 		return false;
964 	return true;
965 }
966 
967 static u8 response_status(const struct parsed_resp *resp)
968 {
969 	const struct opal_resp_tok *tok;
970 
971 	tok = response_get_token(resp, 0);
972 	if (response_token_matches(tok, OPAL_ENDOFSESSION))
973 		return 0;
974 
975 	if (resp->num < 5)
976 		return DTAERROR_NO_METHOD_STATUS;
977 
978 	tok = response_get_token(resp, resp->num - 5);
979 	if (!response_token_matches(tok, OPAL_STARTLIST))
980 		return DTAERROR_NO_METHOD_STATUS;
981 
982 	tok = response_get_token(resp, resp->num - 1);
983 	if (!response_token_matches(tok, OPAL_ENDLIST))
984 		return DTAERROR_NO_METHOD_STATUS;
985 
986 	return response_get_u64(resp, resp->num - 4);
987 }
988 
989 /* Parses and checks for errors */
990 static int parse_and_check_status(struct opal_dev *dev)
991 {
992 	int error;
993 
994 	print_buffer(dev->cmd, dev->pos);
995 
996 	error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
997 	if (error) {
998 		pr_debug("Couldn't parse response.\n");
999 		return error;
1000 	}
1001 
1002 	return response_status(&dev->parsed);
1003 }
1004 
1005 static void clear_opal_cmd(struct opal_dev *dev)
1006 {
1007 	dev->pos = sizeof(struct opal_header);
1008 	memset(dev->cmd, 0, IO_BUFFER_LENGTH);
1009 }
1010 
1011 static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method)
1012 {
1013 	int err = 0;
1014 
1015 	clear_opal_cmd(dev);
1016 	set_comid(dev, dev->comid);
1017 
1018 	add_token_u8(&err, dev, OPAL_CALL);
1019 	add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1020 	add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH);
1021 
1022 	/*
1023 	 * Every method call is followed by its parameters enclosed within
1024 	 * OPAL_STARTLIST and OPAL_ENDLIST tokens. We automatically open the
1025 	 * parameter list here and close it later in cmd_finalize.
1026 	 */
1027 	add_token_u8(&err, dev, OPAL_STARTLIST);
1028 
1029 	return err;
1030 }
1031 
1032 static int start_opal_session_cont(struct opal_dev *dev)
1033 {
1034 	u32 hsn, tsn;
1035 	int error = 0;
1036 
1037 	error = parse_and_check_status(dev);
1038 	if (error)
1039 		return error;
1040 
1041 	hsn = response_get_u64(&dev->parsed, 4);
1042 	tsn = response_get_u64(&dev->parsed, 5);
1043 
1044 	if (hsn == 0 && tsn == 0) {
1045 		pr_debug("Couldn't authenticate session\n");
1046 		return -EPERM;
1047 	}
1048 
1049 	dev->hsn = hsn;
1050 	dev->tsn = tsn;
1051 	return 0;
1052 }
1053 
1054 static void add_suspend_info(struct opal_dev *dev,
1055 			     struct opal_suspend_data *sus)
1056 {
1057 	struct opal_suspend_data *iter;
1058 
1059 	list_for_each_entry(iter, &dev->unlk_lst, node) {
1060 		if (iter->lr == sus->lr) {
1061 			list_del(&iter->node);
1062 			kfree(iter);
1063 			break;
1064 		}
1065 	}
1066 	list_add_tail(&sus->node, &dev->unlk_lst);
1067 }
1068 
1069 static int end_session_cont(struct opal_dev *dev)
1070 {
1071 	dev->hsn = 0;
1072 	dev->tsn = 0;
1073 	return parse_and_check_status(dev);
1074 }
1075 
1076 static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1077 {
1078 	int ret;
1079 
1080 	ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1081 	if (ret) {
1082 		pr_debug("Error finalizing command buffer: %d\n", ret);
1083 		return ret;
1084 	}
1085 
1086 	print_buffer(dev->cmd, dev->pos);
1087 
1088 	return opal_send_recv(dev, cont);
1089 }
1090 
1091 /*
1092  * request @column from table @table on device @dev. On success, the column
1093  * data will be available in dev->resp->tok[4]
1094  */
1095 static int generic_get_column(struct opal_dev *dev, const u8 *table,
1096 			      u64 column)
1097 {
1098 	int err;
1099 
1100 	err = cmd_start(dev, table, opalmethod[OPAL_GET]);
1101 
1102 	add_token_u8(&err, dev, OPAL_STARTLIST);
1103 
1104 	add_token_u8(&err, dev, OPAL_STARTNAME);
1105 	add_token_u8(&err, dev, OPAL_STARTCOLUMN);
1106 	add_token_u64(&err, dev, column);
1107 	add_token_u8(&err, dev, OPAL_ENDNAME);
1108 
1109 	add_token_u8(&err, dev, OPAL_STARTNAME);
1110 	add_token_u8(&err, dev, OPAL_ENDCOLUMN);
1111 	add_token_u64(&err, dev, column);
1112 	add_token_u8(&err, dev, OPAL_ENDNAME);
1113 
1114 	add_token_u8(&err, dev, OPAL_ENDLIST);
1115 
1116 	if (err)
1117 		return err;
1118 
1119 	return finalize_and_send(dev, parse_and_check_status);
1120 }
1121 
1122 static int gen_key(struct opal_dev *dev, void *data)
1123 {
1124 	u8 uid[OPAL_UID_LENGTH];
1125 	int err;
1126 
1127 	memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1128 	kfree(dev->prev_data);
1129 	dev->prev_data = NULL;
1130 
1131 	err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]);
1132 
1133 	if (err) {
1134 		pr_debug("Error building gen key command\n");
1135 		return err;
1136 
1137 	}
1138 	return finalize_and_send(dev, parse_and_check_status);
1139 }
1140 
1141 static int get_active_key_cont(struct opal_dev *dev)
1142 {
1143 	const char *activekey;
1144 	size_t keylen;
1145 	int error = 0;
1146 
1147 	error = parse_and_check_status(dev);
1148 	if (error)
1149 		return error;
1150 	keylen = response_get_string(&dev->parsed, 4, &activekey);
1151 	if (!activekey) {
1152 		pr_debug("%s: Couldn't extract the Activekey from the response\n",
1153 			 __func__);
1154 		return OPAL_INVAL_PARAM;
1155 	}
1156 	dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1157 
1158 	if (!dev->prev_data)
1159 		return -ENOMEM;
1160 
1161 	dev->prev_d_len = keylen;
1162 
1163 	return 0;
1164 }
1165 
1166 static int get_active_key(struct opal_dev *dev, void *data)
1167 {
1168 	u8 uid[OPAL_UID_LENGTH];
1169 	int err;
1170 	u8 *lr = data;
1171 
1172 	err = build_locking_range(uid, sizeof(uid), *lr);
1173 	if (err)
1174 		return err;
1175 
1176 	err = generic_get_column(dev, uid, OPAL_ACTIVEKEY);
1177 	if (err)
1178 		return err;
1179 
1180 	return get_active_key_cont(dev);
1181 }
1182 
1183 static int generic_lr_enable_disable(struct opal_dev *dev,
1184 				     u8 *uid, bool rle, bool wle,
1185 				     bool rl, bool wl)
1186 {
1187 	int err;
1188 
1189 	err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1190 
1191 	add_token_u8(&err, dev, OPAL_STARTNAME);
1192 	add_token_u8(&err, dev, OPAL_VALUES);
1193 	add_token_u8(&err, dev, OPAL_STARTLIST);
1194 
1195 	add_token_u8(&err, dev, OPAL_STARTNAME);
1196 	add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1197 	add_token_u8(&err, dev, rle);
1198 	add_token_u8(&err, dev, OPAL_ENDNAME);
1199 
1200 	add_token_u8(&err, dev, OPAL_STARTNAME);
1201 	add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1202 	add_token_u8(&err, dev, wle);
1203 	add_token_u8(&err, dev, OPAL_ENDNAME);
1204 
1205 	add_token_u8(&err, dev, OPAL_STARTNAME);
1206 	add_token_u8(&err, dev, OPAL_READLOCKED);
1207 	add_token_u8(&err, dev, rl);
1208 	add_token_u8(&err, dev, OPAL_ENDNAME);
1209 
1210 	add_token_u8(&err, dev, OPAL_STARTNAME);
1211 	add_token_u8(&err, dev, OPAL_WRITELOCKED);
1212 	add_token_u8(&err, dev, wl);
1213 	add_token_u8(&err, dev, OPAL_ENDNAME);
1214 
1215 	add_token_u8(&err, dev, OPAL_ENDLIST);
1216 	add_token_u8(&err, dev, OPAL_ENDNAME);
1217 	return err;
1218 }
1219 
1220 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1221 				   struct opal_user_lr_setup *setup)
1222 {
1223 	int err;
1224 
1225 	err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1226 					0, 0);
1227 	if (err)
1228 		pr_debug("Failed to create enable global lr command\n");
1229 	return err;
1230 }
1231 
1232 static int setup_locking_range(struct opal_dev *dev, void *data)
1233 {
1234 	u8 uid[OPAL_UID_LENGTH];
1235 	struct opal_user_lr_setup *setup = data;
1236 	u8 lr;
1237 	int err;
1238 
1239 	lr = setup->session.opal_key.lr;
1240 	err = build_locking_range(uid, sizeof(uid), lr);
1241 	if (err)
1242 		return err;
1243 
1244 	if (lr == 0)
1245 		err = enable_global_lr(dev, uid, setup);
1246 	else {
1247 		err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1248 
1249 		add_token_u8(&err, dev, OPAL_STARTNAME);
1250 		add_token_u8(&err, dev, OPAL_VALUES);
1251 		add_token_u8(&err, dev, OPAL_STARTLIST);
1252 
1253 		add_token_u8(&err, dev, OPAL_STARTNAME);
1254 		add_token_u8(&err, dev, OPAL_RANGESTART);
1255 		add_token_u64(&err, dev, setup->range_start);
1256 		add_token_u8(&err, dev, OPAL_ENDNAME);
1257 
1258 		add_token_u8(&err, dev, OPAL_STARTNAME);
1259 		add_token_u8(&err, dev, OPAL_RANGELENGTH);
1260 		add_token_u64(&err, dev, setup->range_length);
1261 		add_token_u8(&err, dev, OPAL_ENDNAME);
1262 
1263 		add_token_u8(&err, dev, OPAL_STARTNAME);
1264 		add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1265 		add_token_u64(&err, dev, !!setup->RLE);
1266 		add_token_u8(&err, dev, OPAL_ENDNAME);
1267 
1268 		add_token_u8(&err, dev, OPAL_STARTNAME);
1269 		add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1270 		add_token_u64(&err, dev, !!setup->WLE);
1271 		add_token_u8(&err, dev, OPAL_ENDNAME);
1272 
1273 		add_token_u8(&err, dev, OPAL_ENDLIST);
1274 		add_token_u8(&err, dev, OPAL_ENDNAME);
1275 	}
1276 	if (err) {
1277 		pr_debug("Error building Setup Locking range command.\n");
1278 		return err;
1279 
1280 	}
1281 
1282 	return finalize_and_send(dev, parse_and_check_status);
1283 }
1284 
1285 static int start_generic_opal_session(struct opal_dev *dev,
1286 				      enum opal_uid auth,
1287 				      enum opal_uid sp_type,
1288 				      const char *key,
1289 				      u8 key_len)
1290 {
1291 	u32 hsn;
1292 	int err;
1293 
1294 	if (key == NULL && auth != OPAL_ANYBODY_UID)
1295 		return OPAL_INVAL_PARAM;
1296 
1297 	hsn = GENERIC_HOST_SESSION_NUM;
1298 	err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1299 			opalmethod[OPAL_STARTSESSION]);
1300 
1301 	add_token_u64(&err, dev, hsn);
1302 	add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1303 	add_token_u8(&err, dev, 1);
1304 
1305 	switch (auth) {
1306 	case OPAL_ANYBODY_UID:
1307 		break;
1308 	case OPAL_ADMIN1_UID:
1309 	case OPAL_SID_UID:
1310 		add_token_u8(&err, dev, OPAL_STARTNAME);
1311 		add_token_u8(&err, dev, 0); /* HostChallenge */
1312 		add_token_bytestring(&err, dev, key, key_len);
1313 		add_token_u8(&err, dev, OPAL_ENDNAME);
1314 		add_token_u8(&err, dev, OPAL_STARTNAME);
1315 		add_token_u8(&err, dev, 3); /* HostSignAuth */
1316 		add_token_bytestring(&err, dev, opaluid[auth],
1317 				     OPAL_UID_LENGTH);
1318 		add_token_u8(&err, dev, OPAL_ENDNAME);
1319 		break;
1320 	default:
1321 		pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1322 		return OPAL_INVAL_PARAM;
1323 	}
1324 
1325 	if (err) {
1326 		pr_debug("Error building start adminsp session command.\n");
1327 		return err;
1328 	}
1329 
1330 	return finalize_and_send(dev, start_opal_session_cont);
1331 }
1332 
1333 static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1334 {
1335 	return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1336 					  OPAL_ADMINSP_UID, NULL, 0);
1337 }
1338 
1339 static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1340 {
1341 	int ret;
1342 	const u8 *key = dev->prev_data;
1343 
1344 	if (!key) {
1345 		const struct opal_key *okey = data;
1346 
1347 		ret = start_generic_opal_session(dev, OPAL_SID_UID,
1348 						 OPAL_ADMINSP_UID,
1349 						 okey->key,
1350 						 okey->key_len);
1351 	} else {
1352 		ret = start_generic_opal_session(dev, OPAL_SID_UID,
1353 						 OPAL_ADMINSP_UID,
1354 						 key, dev->prev_d_len);
1355 		kfree(key);
1356 		dev->prev_data = NULL;
1357 	}
1358 	return ret;
1359 }
1360 
1361 static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1362 {
1363 	struct opal_key *key = data;
1364 
1365 	return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1366 					  OPAL_LOCKINGSP_UID,
1367 					  key->key, key->key_len);
1368 }
1369 
1370 static int start_auth_opal_session(struct opal_dev *dev, void *data)
1371 {
1372 	struct opal_session_info *session = data;
1373 	u8 lk_ul_user[OPAL_UID_LENGTH];
1374 	size_t keylen = session->opal_key.key_len;
1375 	int err = 0;
1376 
1377 	u8 *key = session->opal_key.key;
1378 	u32 hsn = GENERIC_HOST_SESSION_NUM;
1379 
1380 	if (session->sum)
1381 		err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1382 					 session->opal_key.lr);
1383 	else if (session->who != OPAL_ADMIN1 && !session->sum)
1384 		err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1385 					 session->who - 1);
1386 	else
1387 		memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1388 
1389 	if (err)
1390 		return err;
1391 
1392 	err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1393 			opalmethod[OPAL_STARTSESSION]);
1394 
1395 	add_token_u64(&err, dev, hsn);
1396 	add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1397 			     OPAL_UID_LENGTH);
1398 	add_token_u8(&err, dev, 1);
1399 	add_token_u8(&err, dev, OPAL_STARTNAME);
1400 	add_token_u8(&err, dev, 0);
1401 	add_token_bytestring(&err, dev, key, keylen);
1402 	add_token_u8(&err, dev, OPAL_ENDNAME);
1403 	add_token_u8(&err, dev, OPAL_STARTNAME);
1404 	add_token_u8(&err, dev, 3);
1405 	add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1406 	add_token_u8(&err, dev, OPAL_ENDNAME);
1407 
1408 	if (err) {
1409 		pr_debug("Error building STARTSESSION command.\n");
1410 		return err;
1411 	}
1412 
1413 	return finalize_and_send(dev, start_opal_session_cont);
1414 }
1415 
1416 static int revert_tper(struct opal_dev *dev, void *data)
1417 {
1418 	int err;
1419 
1420 	err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID],
1421 			opalmethod[OPAL_REVERT]);
1422 	if (err) {
1423 		pr_debug("Error building REVERT TPER command.\n");
1424 		return err;
1425 	}
1426 
1427 	return finalize_and_send(dev, parse_and_check_status);
1428 }
1429 
1430 static int internal_activate_user(struct opal_dev *dev, void *data)
1431 {
1432 	struct opal_session_info *session = data;
1433 	u8 uid[OPAL_UID_LENGTH];
1434 	int err;
1435 
1436 	memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1437 	uid[7] = session->who;
1438 
1439 	err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1440 	add_token_u8(&err, dev, OPAL_STARTNAME);
1441 	add_token_u8(&err, dev, OPAL_VALUES);
1442 	add_token_u8(&err, dev, OPAL_STARTLIST);
1443 	add_token_u8(&err, dev, OPAL_STARTNAME);
1444 	add_token_u8(&err, dev, 5); /* Enabled */
1445 	add_token_u8(&err, dev, OPAL_TRUE);
1446 	add_token_u8(&err, dev, OPAL_ENDNAME);
1447 	add_token_u8(&err, dev, OPAL_ENDLIST);
1448 	add_token_u8(&err, dev, OPAL_ENDNAME);
1449 
1450 	if (err) {
1451 		pr_debug("Error building Activate UserN command.\n");
1452 		return err;
1453 	}
1454 
1455 	return finalize_and_send(dev, parse_and_check_status);
1456 }
1457 
1458 static int erase_locking_range(struct opal_dev *dev, void *data)
1459 {
1460 	struct opal_session_info *session = data;
1461 	u8 uid[OPAL_UID_LENGTH];
1462 	int err;
1463 
1464 	if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1465 		return -ERANGE;
1466 
1467 	err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]);
1468 
1469 	if (err) {
1470 		pr_debug("Error building Erase Locking Range Command.\n");
1471 		return err;
1472 	}
1473 	return finalize_and_send(dev, parse_and_check_status);
1474 }
1475 
1476 static int set_mbr_done(struct opal_dev *dev, void *data)
1477 {
1478 	u8 *mbr_done_tf = data;
1479 	int err;
1480 
1481 	err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1482 			opalmethod[OPAL_SET]);
1483 
1484 	add_token_u8(&err, dev, OPAL_STARTNAME);
1485 	add_token_u8(&err, dev, OPAL_VALUES);
1486 	add_token_u8(&err, dev, OPAL_STARTLIST);
1487 	add_token_u8(&err, dev, OPAL_STARTNAME);
1488 	add_token_u8(&err, dev, OPAL_MBRDONE);
1489 	add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */
1490 	add_token_u8(&err, dev, OPAL_ENDNAME);
1491 	add_token_u8(&err, dev, OPAL_ENDLIST);
1492 	add_token_u8(&err, dev, OPAL_ENDNAME);
1493 
1494 	if (err) {
1495 		pr_debug("Error Building set MBR Done command\n");
1496 		return err;
1497 	}
1498 
1499 	return finalize_and_send(dev, parse_and_check_status);
1500 }
1501 
1502 static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1503 {
1504 	u8 *mbr_en_dis = data;
1505 	int err;
1506 
1507 	err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1508 			opalmethod[OPAL_SET]);
1509 
1510 	add_token_u8(&err, dev, OPAL_STARTNAME);
1511 	add_token_u8(&err, dev, OPAL_VALUES);
1512 	add_token_u8(&err, dev, OPAL_STARTLIST);
1513 	add_token_u8(&err, dev, OPAL_STARTNAME);
1514 	add_token_u8(&err, dev, OPAL_MBRENABLE);
1515 	add_token_u8(&err, dev, *mbr_en_dis);
1516 	add_token_u8(&err, dev, OPAL_ENDNAME);
1517 	add_token_u8(&err, dev, OPAL_ENDLIST);
1518 	add_token_u8(&err, dev, OPAL_ENDNAME);
1519 
1520 	if (err) {
1521 		pr_debug("Error Building set MBR done command\n");
1522 		return err;
1523 	}
1524 
1525 	return finalize_and_send(dev, parse_and_check_status);
1526 }
1527 
1528 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1529 			  struct opal_dev *dev)
1530 {
1531 	int err;
1532 
1533 	err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]);
1534 
1535 	add_token_u8(&err, dev, OPAL_STARTNAME);
1536 	add_token_u8(&err, dev, OPAL_VALUES);
1537 	add_token_u8(&err, dev, OPAL_STARTLIST);
1538 	add_token_u8(&err, dev, OPAL_STARTNAME);
1539 	add_token_u8(&err, dev, OPAL_PIN);
1540 	add_token_bytestring(&err, dev, key, key_len);
1541 	add_token_u8(&err, dev, OPAL_ENDNAME);
1542 	add_token_u8(&err, dev, OPAL_ENDLIST);
1543 	add_token_u8(&err, dev, OPAL_ENDNAME);
1544 
1545 	return err;
1546 }
1547 
1548 static int set_new_pw(struct opal_dev *dev, void *data)
1549 {
1550 	u8 cpin_uid[OPAL_UID_LENGTH];
1551 	struct opal_session_info *usr = data;
1552 
1553 	memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1554 
1555 	if (usr->who != OPAL_ADMIN1) {
1556 		cpin_uid[5] = 0x03;
1557 		if (usr->sum)
1558 			cpin_uid[7] = usr->opal_key.lr + 1;
1559 		else
1560 			cpin_uid[7] = usr->who;
1561 	}
1562 
1563 	if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
1564 			   cpin_uid, dev)) {
1565 		pr_debug("Error building set password command.\n");
1566 		return -ERANGE;
1567 	}
1568 
1569 	return finalize_and_send(dev, parse_and_check_status);
1570 }
1571 
1572 static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
1573 {
1574 	u8 cpin_uid[OPAL_UID_LENGTH];
1575 	struct opal_key *key = data;
1576 
1577 	memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
1578 
1579 	if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
1580 		pr_debug("Error building Set SID cpin\n");
1581 		return -ERANGE;
1582 	}
1583 	return finalize_and_send(dev, parse_and_check_status);
1584 }
1585 
1586 static int add_user_to_lr(struct opal_dev *dev, void *data)
1587 {
1588 	u8 lr_buffer[OPAL_UID_LENGTH];
1589 	u8 user_uid[OPAL_UID_LENGTH];
1590 	struct opal_lock_unlock *lkul = data;
1591 	int err;
1592 
1593 	memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_RDLOCKED],
1594 	       OPAL_UID_LENGTH);
1595 
1596 	if (lkul->l_state == OPAL_RW)
1597 		memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_WRLOCKED],
1598 		       OPAL_UID_LENGTH);
1599 
1600 	lr_buffer[7] = lkul->session.opal_key.lr;
1601 
1602 	memcpy(user_uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1603 
1604 	user_uid[7] = lkul->session.who;
1605 
1606 	err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1607 
1608 	add_token_u8(&err, dev, OPAL_STARTNAME);
1609 	add_token_u8(&err, dev, OPAL_VALUES);
1610 
1611 	add_token_u8(&err, dev, OPAL_STARTLIST);
1612 	add_token_u8(&err, dev, OPAL_STARTNAME);
1613 	add_token_u8(&err, dev, 3);
1614 
1615 	add_token_u8(&err, dev, OPAL_STARTLIST);
1616 
1617 
1618 	add_token_u8(&err, dev, OPAL_STARTNAME);
1619 	add_token_bytestring(&err, dev,
1620 			     opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1621 			     OPAL_UID_LENGTH/2);
1622 	add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1623 	add_token_u8(&err, dev, OPAL_ENDNAME);
1624 
1625 
1626 	add_token_u8(&err, dev, OPAL_STARTNAME);
1627 	add_token_bytestring(&err, dev,
1628 			     opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1629 			     OPAL_UID_LENGTH/2);
1630 	add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1631 	add_token_u8(&err, dev, OPAL_ENDNAME);
1632 
1633 
1634 	add_token_u8(&err, dev, OPAL_STARTNAME);
1635 	add_token_bytestring(&err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
1636 			     OPAL_UID_LENGTH/2);
1637 	add_token_u8(&err, dev, 1);
1638 	add_token_u8(&err, dev, OPAL_ENDNAME);
1639 
1640 
1641 	add_token_u8(&err, dev, OPAL_ENDLIST);
1642 	add_token_u8(&err, dev, OPAL_ENDNAME);
1643 	add_token_u8(&err, dev, OPAL_ENDLIST);
1644 	add_token_u8(&err, dev, OPAL_ENDNAME);
1645 
1646 	if (err) {
1647 		pr_debug("Error building add user to locking range command.\n");
1648 		return err;
1649 	}
1650 
1651 	return finalize_and_send(dev, parse_and_check_status);
1652 }
1653 
1654 static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
1655 {
1656 	u8 lr_buffer[OPAL_UID_LENGTH];
1657 	struct opal_lock_unlock *lkul = data;
1658 	u8 read_locked = 1, write_locked = 1;
1659 	int err = 0;
1660 
1661 	if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1662 				lkul->session.opal_key.lr) < 0)
1663 		return -ERANGE;
1664 
1665 	switch (lkul->l_state) {
1666 	case OPAL_RO:
1667 		read_locked = 0;
1668 		write_locked = 1;
1669 		break;
1670 	case OPAL_RW:
1671 		read_locked = 0;
1672 		write_locked = 0;
1673 		break;
1674 	case OPAL_LK:
1675 		/* vars are initialized to locked */
1676 		break;
1677 	default:
1678 		pr_debug("Tried to set an invalid locking state... returning to uland\n");
1679 		return OPAL_INVAL_PARAM;
1680 	}
1681 
1682 	err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1683 
1684 	add_token_u8(&err, dev, OPAL_STARTNAME);
1685 	add_token_u8(&err, dev, OPAL_VALUES);
1686 	add_token_u8(&err, dev, OPAL_STARTLIST);
1687 
1688 	add_token_u8(&err, dev, OPAL_STARTNAME);
1689 	add_token_u8(&err, dev, OPAL_READLOCKED);
1690 	add_token_u8(&err, dev, read_locked);
1691 	add_token_u8(&err, dev, OPAL_ENDNAME);
1692 
1693 	add_token_u8(&err, dev, OPAL_STARTNAME);
1694 	add_token_u8(&err, dev, OPAL_WRITELOCKED);
1695 	add_token_u8(&err, dev, write_locked);
1696 	add_token_u8(&err, dev, OPAL_ENDNAME);
1697 
1698 	add_token_u8(&err, dev, OPAL_ENDLIST);
1699 	add_token_u8(&err, dev, OPAL_ENDNAME);
1700 
1701 	if (err) {
1702 		pr_debug("Error building SET command.\n");
1703 		return err;
1704 	}
1705 	return finalize_and_send(dev, parse_and_check_status);
1706 }
1707 
1708 
1709 static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
1710 {
1711 	u8 lr_buffer[OPAL_UID_LENGTH];
1712 	u8 read_locked = 1, write_locked = 1;
1713 	struct opal_lock_unlock *lkul = data;
1714 	int ret;
1715 
1716 	clear_opal_cmd(dev);
1717 	set_comid(dev, dev->comid);
1718 
1719 	if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1720 				lkul->session.opal_key.lr) < 0)
1721 		return -ERANGE;
1722 
1723 	switch (lkul->l_state) {
1724 	case OPAL_RO:
1725 		read_locked = 0;
1726 		write_locked = 1;
1727 		break;
1728 	case OPAL_RW:
1729 		read_locked = 0;
1730 		write_locked = 0;
1731 		break;
1732 	case OPAL_LK:
1733 		/* vars are initialized to locked */
1734 		break;
1735 	default:
1736 		pr_debug("Tried to set an invalid locking state.\n");
1737 		return OPAL_INVAL_PARAM;
1738 	}
1739 	ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
1740 					read_locked, write_locked);
1741 
1742 	if (ret < 0) {
1743 		pr_debug("Error building SET command.\n");
1744 		return ret;
1745 	}
1746 	return finalize_and_send(dev, parse_and_check_status);
1747 }
1748 
1749 static int activate_lsp(struct opal_dev *dev, void *data)
1750 {
1751 	struct opal_lr_act *opal_act = data;
1752 	u8 user_lr[OPAL_UID_LENGTH];
1753 	u8 uint_3 = 0x83;
1754 	int err, i;
1755 
1756 	err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID],
1757 			opalmethod[OPAL_ACTIVATE]);
1758 
1759 	if (opal_act->sum) {
1760 		err = build_locking_range(user_lr, sizeof(user_lr),
1761 					  opal_act->lr[0]);
1762 		if (err)
1763 			return err;
1764 
1765 		add_token_u8(&err, dev, OPAL_STARTNAME);
1766 		add_token_u8(&err, dev, uint_3);
1767 		add_token_u8(&err, dev, 6);
1768 		add_token_u8(&err, dev, 0);
1769 		add_token_u8(&err, dev, 0);
1770 
1771 		add_token_u8(&err, dev, OPAL_STARTLIST);
1772 		add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1773 		for (i = 1; i < opal_act->num_lrs; i++) {
1774 			user_lr[7] = opal_act->lr[i];
1775 			add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1776 		}
1777 		add_token_u8(&err, dev, OPAL_ENDLIST);
1778 		add_token_u8(&err, dev, OPAL_ENDNAME);
1779 	}
1780 
1781 	if (err) {
1782 		pr_debug("Error building Activate LockingSP command.\n");
1783 		return err;
1784 	}
1785 
1786 	return finalize_and_send(dev, parse_and_check_status);
1787 }
1788 
1789 /* Determine if we're in the Manufactured Inactive or Active state */
1790 static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
1791 {
1792 	u8 lc_status;
1793 	int err;
1794 
1795 	err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID],
1796 				 OPAL_LIFECYCLE);
1797 	if (err)
1798 		return err;
1799 
1800 	lc_status = response_get_u64(&dev->parsed, 4);
1801 	/* 0x08 is Manufactured Inactive */
1802 	/* 0x09 is Manufactured */
1803 	if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
1804 		pr_debug("Couldn't determine the status of the Lifecycle state\n");
1805 		return -ENODEV;
1806 	}
1807 
1808 	return 0;
1809 }
1810 
1811 static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
1812 {
1813 	const char *msid_pin;
1814 	size_t strlen;
1815 	int err;
1816 
1817 	err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN);
1818 	if (err)
1819 		return err;
1820 
1821 	strlen = response_get_string(&dev->parsed, 4, &msid_pin);
1822 	if (!msid_pin) {
1823 		pr_debug("Couldn't extract MSID_CPIN from response\n");
1824 		return OPAL_INVAL_PARAM;
1825 	}
1826 
1827 	dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
1828 	if (!dev->prev_data)
1829 		return -ENOMEM;
1830 
1831 	dev->prev_d_len = strlen;
1832 
1833 	return 0;
1834 }
1835 
1836 static int end_opal_session(struct opal_dev *dev, void *data)
1837 {
1838 	int err = 0;
1839 
1840 	clear_opal_cmd(dev);
1841 	set_comid(dev, dev->comid);
1842 	add_token_u8(&err, dev, OPAL_ENDOFSESSION);
1843 
1844 	if (err < 0)
1845 		return err;
1846 	return finalize_and_send(dev, end_session_cont);
1847 }
1848 
1849 static int end_opal_session_error(struct opal_dev *dev)
1850 {
1851 	const struct opal_step error_end_session = {
1852 		end_opal_session,
1853 	};
1854 	return execute_step(dev, &error_end_session, 0);
1855 }
1856 
1857 static inline void setup_opal_dev(struct opal_dev *dev)
1858 {
1859 	dev->tsn = 0;
1860 	dev->hsn = 0;
1861 	dev->prev_data = NULL;
1862 }
1863 
1864 static int check_opal_support(struct opal_dev *dev)
1865 {
1866 	int ret;
1867 
1868 	mutex_lock(&dev->dev_lock);
1869 	setup_opal_dev(dev);
1870 	ret = opal_discovery0_step(dev);
1871 	dev->supported = !ret;
1872 	mutex_unlock(&dev->dev_lock);
1873 	return ret;
1874 }
1875 
1876 static void clean_opal_dev(struct opal_dev *dev)
1877 {
1878 
1879 	struct opal_suspend_data *suspend, *next;
1880 
1881 	mutex_lock(&dev->dev_lock);
1882 	list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
1883 		list_del(&suspend->node);
1884 		kfree(suspend);
1885 	}
1886 	mutex_unlock(&dev->dev_lock);
1887 }
1888 
1889 void free_opal_dev(struct opal_dev *dev)
1890 {
1891 	if (!dev)
1892 		return;
1893 	clean_opal_dev(dev);
1894 	kfree(dev);
1895 }
1896 EXPORT_SYMBOL(free_opal_dev);
1897 
1898 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
1899 {
1900 	struct opal_dev *dev;
1901 
1902 	dev = kmalloc(sizeof(*dev), GFP_KERNEL);
1903 	if (!dev)
1904 		return NULL;
1905 
1906 	INIT_LIST_HEAD(&dev->unlk_lst);
1907 	mutex_init(&dev->dev_lock);
1908 	dev->data = data;
1909 	dev->send_recv = send_recv;
1910 	if (check_opal_support(dev) != 0) {
1911 		pr_debug("Opal is not supported on this device\n");
1912 		kfree(dev);
1913 		return NULL;
1914 	}
1915 	return dev;
1916 }
1917 EXPORT_SYMBOL(init_opal_dev);
1918 
1919 static int opal_secure_erase_locking_range(struct opal_dev *dev,
1920 					   struct opal_session_info *opal_session)
1921 {
1922 	const struct opal_step erase_steps[] = {
1923 		{ start_auth_opal_session, opal_session },
1924 		{ get_active_key, &opal_session->opal_key.lr },
1925 		{ gen_key, },
1926 		{ end_opal_session, }
1927 	};
1928 	int ret;
1929 
1930 	mutex_lock(&dev->dev_lock);
1931 	setup_opal_dev(dev);
1932 	ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
1933 	mutex_unlock(&dev->dev_lock);
1934 	return ret;
1935 }
1936 
1937 static int opal_erase_locking_range(struct opal_dev *dev,
1938 				    struct opal_session_info *opal_session)
1939 {
1940 	const struct opal_step erase_steps[] = {
1941 		{ start_auth_opal_session, opal_session },
1942 		{ erase_locking_range, opal_session },
1943 		{ end_opal_session, }
1944 	};
1945 	int ret;
1946 
1947 	mutex_lock(&dev->dev_lock);
1948 	setup_opal_dev(dev);
1949 	ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
1950 	mutex_unlock(&dev->dev_lock);
1951 	return ret;
1952 }
1953 
1954 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
1955 					  struct opal_mbr_data *opal_mbr)
1956 {
1957 	u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ?
1958 		OPAL_TRUE : OPAL_FALSE;
1959 
1960 	const struct opal_step mbr_steps[] = {
1961 		{ start_admin1LSP_opal_session, &opal_mbr->key },
1962 		{ set_mbr_done, &enable_disable },
1963 		{ end_opal_session, },
1964 		{ start_admin1LSP_opal_session, &opal_mbr->key },
1965 		{ set_mbr_enable_disable, &enable_disable },
1966 		{ end_opal_session, }
1967 	};
1968 	int ret;
1969 
1970 	if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
1971 	    opal_mbr->enable_disable != OPAL_MBR_DISABLE)
1972 		return -EINVAL;
1973 
1974 	mutex_lock(&dev->dev_lock);
1975 	setup_opal_dev(dev);
1976 	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
1977 	mutex_unlock(&dev->dev_lock);
1978 	return ret;
1979 }
1980 
1981 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
1982 {
1983 	struct opal_suspend_data *suspend;
1984 
1985 	suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
1986 	if (!suspend)
1987 		return -ENOMEM;
1988 
1989 	suspend->unlk = *lk_unlk;
1990 	suspend->lr = lk_unlk->session.opal_key.lr;
1991 
1992 	mutex_lock(&dev->dev_lock);
1993 	setup_opal_dev(dev);
1994 	add_suspend_info(dev, suspend);
1995 	mutex_unlock(&dev->dev_lock);
1996 	return 0;
1997 }
1998 
1999 static int opal_add_user_to_lr(struct opal_dev *dev,
2000 			       struct opal_lock_unlock *lk_unlk)
2001 {
2002 	const struct opal_step steps[] = {
2003 		{ start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2004 		{ add_user_to_lr, lk_unlk },
2005 		{ end_opal_session, }
2006 	};
2007 	int ret;
2008 
2009 	if (lk_unlk->l_state != OPAL_RO &&
2010 	    lk_unlk->l_state != OPAL_RW) {
2011 		pr_debug("Locking state was not RO or RW\n");
2012 		return -EINVAL;
2013 	}
2014 	if (lk_unlk->session.who < OPAL_USER1 ||
2015 	    lk_unlk->session.who > OPAL_USER9) {
2016 		pr_debug("Authority was not within the range of users: %d\n",
2017 			 lk_unlk->session.who);
2018 		return -EINVAL;
2019 	}
2020 	if (lk_unlk->session.sum) {
2021 		pr_debug("%s not supported in sum. Use setup locking range\n",
2022 			 __func__);
2023 		return -EINVAL;
2024 	}
2025 
2026 	mutex_lock(&dev->dev_lock);
2027 	setup_opal_dev(dev);
2028 	ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2029 	mutex_unlock(&dev->dev_lock);
2030 	return ret;
2031 }
2032 
2033 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal)
2034 {
2035 	const struct opal_step revert_steps[] = {
2036 		{ start_SIDASP_opal_session, opal },
2037 		{ revert_tper, } /* controller will terminate session */
2038 	};
2039 	int ret;
2040 
2041 	mutex_lock(&dev->dev_lock);
2042 	setup_opal_dev(dev);
2043 	ret = execute_steps(dev, revert_steps, ARRAY_SIZE(revert_steps));
2044 	mutex_unlock(&dev->dev_lock);
2045 
2046 	/*
2047 	 * If we successfully reverted lets clean
2048 	 * any saved locking ranges.
2049 	 */
2050 	if (!ret)
2051 		clean_opal_dev(dev);
2052 
2053 	return ret;
2054 }
2055 
2056 static int __opal_lock_unlock(struct opal_dev *dev,
2057 			      struct opal_lock_unlock *lk_unlk)
2058 {
2059 	const struct opal_step unlock_steps[] = {
2060 		{ start_auth_opal_session, &lk_unlk->session },
2061 		{ lock_unlock_locking_range, lk_unlk },
2062 		{ end_opal_session, }
2063 	};
2064 	const struct opal_step unlock_sum_steps[] = {
2065 		{ start_auth_opal_session, &lk_unlk->session },
2066 		{ lock_unlock_locking_range_sum, lk_unlk },
2067 		{ end_opal_session, }
2068 	};
2069 
2070 	if (lk_unlk->session.sum)
2071 		return execute_steps(dev, unlock_sum_steps,
2072 				     ARRAY_SIZE(unlock_sum_steps));
2073 	else
2074 		return execute_steps(dev, unlock_steps,
2075 				     ARRAY_SIZE(unlock_steps));
2076 }
2077 
2078 static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2079 {
2080 	u8 mbr_done_tf = OPAL_TRUE;
2081 	const struct opal_step mbrdone_step[] = {
2082 		{ start_admin1LSP_opal_session, key },
2083 		{ set_mbr_done, &mbr_done_tf },
2084 		{ end_opal_session, }
2085 	};
2086 
2087 	return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step));
2088 }
2089 
2090 static int opal_lock_unlock(struct opal_dev *dev,
2091 			    struct opal_lock_unlock *lk_unlk)
2092 {
2093 	int ret;
2094 
2095 	if (lk_unlk->session.who < OPAL_ADMIN1 ||
2096 	    lk_unlk->session.who > OPAL_USER9)
2097 		return -EINVAL;
2098 
2099 	mutex_lock(&dev->dev_lock);
2100 	ret = __opal_lock_unlock(dev, lk_unlk);
2101 	mutex_unlock(&dev->dev_lock);
2102 	return ret;
2103 }
2104 
2105 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2106 {
2107 	const struct opal_step owner_steps[] = {
2108 		{ start_anybodyASP_opal_session, },
2109 		{ get_msid_cpin_pin, },
2110 		{ end_opal_session, },
2111 		{ start_SIDASP_opal_session, opal },
2112 		{ set_sid_cpin_pin, opal },
2113 		{ end_opal_session, }
2114 	};
2115 	int ret;
2116 
2117 	if (!dev)
2118 		return -ENODEV;
2119 
2120 	mutex_lock(&dev->dev_lock);
2121 	setup_opal_dev(dev);
2122 	ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
2123 	mutex_unlock(&dev->dev_lock);
2124 	return ret;
2125 }
2126 
2127 static int opal_activate_lsp(struct opal_dev *dev,
2128 			     struct opal_lr_act *opal_lr_act)
2129 {
2130 	const struct opal_step active_steps[] = {
2131 		{ start_SIDASP_opal_session, &opal_lr_act->key },
2132 		{ get_lsp_lifecycle, },
2133 		{ activate_lsp, opal_lr_act },
2134 		{ end_opal_session, }
2135 	};
2136 	int ret;
2137 
2138 	if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2139 		return -EINVAL;
2140 
2141 	mutex_lock(&dev->dev_lock);
2142 	setup_opal_dev(dev);
2143 	ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
2144 	mutex_unlock(&dev->dev_lock);
2145 	return ret;
2146 }
2147 
2148 static int opal_setup_locking_range(struct opal_dev *dev,
2149 				    struct opal_user_lr_setup *opal_lrs)
2150 {
2151 	const struct opal_step lr_steps[] = {
2152 		{ start_auth_opal_session, &opal_lrs->session },
2153 		{ setup_locking_range, opal_lrs },
2154 		{ end_opal_session, }
2155 	};
2156 	int ret;
2157 
2158 	mutex_lock(&dev->dev_lock);
2159 	setup_opal_dev(dev);
2160 	ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2161 	mutex_unlock(&dev->dev_lock);
2162 	return ret;
2163 }
2164 
2165 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
2166 {
2167 	const struct opal_step pw_steps[] = {
2168 		{ start_auth_opal_session, &opal_pw->session },
2169 		{ set_new_pw, &opal_pw->new_user_pw },
2170 		{ end_opal_session, }
2171 	};
2172 	int ret;
2173 
2174 	if (opal_pw->session.who < OPAL_ADMIN1 ||
2175 	    opal_pw->session.who > OPAL_USER9  ||
2176 	    opal_pw->new_user_pw.who < OPAL_ADMIN1 ||
2177 	    opal_pw->new_user_pw.who > OPAL_USER9)
2178 		return -EINVAL;
2179 
2180 	mutex_lock(&dev->dev_lock);
2181 	setup_opal_dev(dev);
2182 	ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
2183 	mutex_unlock(&dev->dev_lock);
2184 	return ret;
2185 }
2186 
2187 static int opal_activate_user(struct opal_dev *dev,
2188 			      struct opal_session_info *opal_session)
2189 {
2190 	const struct opal_step act_steps[] = {
2191 		{ start_admin1LSP_opal_session, &opal_session->opal_key },
2192 		{ internal_activate_user, opal_session },
2193 		{ end_opal_session, }
2194 	};
2195 	int ret;
2196 
2197 	/* We can't activate Admin1 it's active as manufactured */
2198 	if (opal_session->who < OPAL_USER1 ||
2199 	    opal_session->who > OPAL_USER9) {
2200 		pr_debug("Who was not a valid user: %d\n", opal_session->who);
2201 		return -EINVAL;
2202 	}
2203 
2204 	mutex_lock(&dev->dev_lock);
2205 	setup_opal_dev(dev);
2206 	ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
2207 	mutex_unlock(&dev->dev_lock);
2208 	return ret;
2209 }
2210 
2211 bool opal_unlock_from_suspend(struct opal_dev *dev)
2212 {
2213 	struct opal_suspend_data *suspend;
2214 	bool was_failure = false;
2215 	int ret = 0;
2216 
2217 	if (!dev)
2218 		return false;
2219 	if (!dev->supported)
2220 		return false;
2221 
2222 	mutex_lock(&dev->dev_lock);
2223 	setup_opal_dev(dev);
2224 
2225 	list_for_each_entry(suspend, &dev->unlk_lst, node) {
2226 		dev->tsn = 0;
2227 		dev->hsn = 0;
2228 
2229 		ret = __opal_lock_unlock(dev, &suspend->unlk);
2230 		if (ret) {
2231 			pr_debug("Failed to unlock LR %hhu with sum %d\n",
2232 				 suspend->unlk.session.opal_key.lr,
2233 				 suspend->unlk.session.sum);
2234 			was_failure = true;
2235 		}
2236 		if (dev->mbr_enabled) {
2237 			ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
2238 			if (ret)
2239 				pr_debug("Failed to set MBR Done in S3 resume\n");
2240 		}
2241 	}
2242 	mutex_unlock(&dev->dev_lock);
2243 	return was_failure;
2244 }
2245 EXPORT_SYMBOL(opal_unlock_from_suspend);
2246 
2247 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
2248 {
2249 	void *p;
2250 	int ret = -ENOTTY;
2251 
2252 	if (!capable(CAP_SYS_ADMIN))
2253 		return -EACCES;
2254 	if (!dev)
2255 		return -ENOTSUPP;
2256 	if (!dev->supported)
2257 		return -ENOTSUPP;
2258 
2259 	p = memdup_user(arg, _IOC_SIZE(cmd));
2260 	if (IS_ERR(p))
2261 		return PTR_ERR(p);
2262 
2263 	switch (cmd) {
2264 	case IOC_OPAL_SAVE:
2265 		ret = opal_save(dev, p);
2266 		break;
2267 	case IOC_OPAL_LOCK_UNLOCK:
2268 		ret = opal_lock_unlock(dev, p);
2269 		break;
2270 	case IOC_OPAL_TAKE_OWNERSHIP:
2271 		ret = opal_take_ownership(dev, p);
2272 		break;
2273 	case IOC_OPAL_ACTIVATE_LSP:
2274 		ret = opal_activate_lsp(dev, p);
2275 		break;
2276 	case IOC_OPAL_SET_PW:
2277 		ret = opal_set_new_pw(dev, p);
2278 		break;
2279 	case IOC_OPAL_ACTIVATE_USR:
2280 		ret = opal_activate_user(dev, p);
2281 		break;
2282 	case IOC_OPAL_REVERT_TPR:
2283 		ret = opal_reverttper(dev, p);
2284 		break;
2285 	case IOC_OPAL_LR_SETUP:
2286 		ret = opal_setup_locking_range(dev, p);
2287 		break;
2288 	case IOC_OPAL_ADD_USR_TO_LR:
2289 		ret = opal_add_user_to_lr(dev, p);
2290 		break;
2291 	case IOC_OPAL_ENABLE_DISABLE_MBR:
2292 		ret = opal_enable_disable_shadow_mbr(dev, p);
2293 		break;
2294 	case IOC_OPAL_ERASE_LR:
2295 		ret = opal_erase_locking_range(dev, p);
2296 		break;
2297 	case IOC_OPAL_SECURE_ERASE_LR:
2298 		ret = opal_secure_erase_locking_range(dev, p);
2299 		break;
2300 	default:
2301 		break;
2302 	}
2303 
2304 	kfree(p);
2305 	return ret;
2306 }
2307 EXPORT_SYMBOL_GPL(sed_ioctl);
2308