xref: /openbmc/linux/block/sed-opal.c (revision 99fee508)
1 /*
2  * Copyright © 2016 Intel Corporation
3  *
4  * Authors:
5  *    Scott  Bauer      <scott.bauer@intel.com>
6  *    Rafael Antognolli <rafael.antognolli@intel.com>
7  *
8  * This program is free software; you can redistribute it and/or modify it
9  * under the terms and conditions of the GNU General Public License,
10  * version 2, as published by the Free Software Foundation.
11  *
12  * This program is distributed in the hope it will be useful, but WITHOUT
13  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
15  * more details.
16  */
17 
18 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
19 
20 #include <linux/delay.h>
21 #include <linux/device.h>
22 #include <linux/kernel.h>
23 #include <linux/list.h>
24 #include <linux/genhd.h>
25 #include <linux/slab.h>
26 #include <linux/uaccess.h>
27 #include <uapi/linux/sed-opal.h>
28 #include <linux/sed-opal.h>
29 #include <linux/string.h>
30 #include <linux/kdev_t.h>
31 
32 #include "opal_proto.h"
33 
34 #define IO_BUFFER_LENGTH 2048
35 #define MAX_TOKS 64
36 
37 struct opal_step {
38 	int (*fn)(struct opal_dev *dev, void *data);
39 	void *data;
40 };
41 typedef int (cont_fn)(struct opal_dev *dev);
42 
43 enum opal_atom_width {
44 	OPAL_WIDTH_TINY,
45 	OPAL_WIDTH_SHORT,
46 	OPAL_WIDTH_MEDIUM,
47 	OPAL_WIDTH_LONG,
48 	OPAL_WIDTH_TOKEN
49 };
50 
51 /*
52  * On the parsed response, we don't store again the toks that are already
53  * stored in the response buffer. Instead, for each token, we just store a
54  * pointer to the position in the buffer where the token starts, and the size
55  * of the token in bytes.
56  */
57 struct opal_resp_tok {
58 	const u8 *pos;
59 	size_t len;
60 	enum opal_response_token type;
61 	enum opal_atom_width width;
62 	union {
63 		u64 u;
64 		s64 s;
65 	} stored;
66 };
67 
68 /*
69  * From the response header it's not possible to know how many tokens there are
70  * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
71  * if we start dealing with messages that have more than that, we can increase
72  * this number. This is done to avoid having to make two passes through the
73  * response, the first one counting how many tokens we have and the second one
74  * actually storing the positions.
75  */
76 struct parsed_resp {
77 	int num;
78 	struct opal_resp_tok toks[MAX_TOKS];
79 };
80 
81 struct opal_dev {
82 	bool supported;
83 	bool mbr_enabled;
84 
85 	void *data;
86 	sec_send_recv *send_recv;
87 
88 	const struct opal_step *steps;
89 	struct mutex dev_lock;
90 	u16 comid;
91 	u32 hsn;
92 	u32 tsn;
93 	u64 align;
94 	u64 lowest_lba;
95 
96 	size_t pos;
97 	u8 cmd[IO_BUFFER_LENGTH];
98 	u8 resp[IO_BUFFER_LENGTH];
99 
100 	struct parsed_resp parsed;
101 	size_t prev_d_len;
102 	void *prev_data;
103 
104 	struct list_head unlk_lst;
105 };
106 
107 
108 static const u8 opaluid[][OPAL_UID_LENGTH] = {
109 	/* users */
110 	[OPAL_SMUID_UID] =
111 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
112 	[OPAL_THISSP_UID] =
113 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
114 	[OPAL_ADMINSP_UID] =
115 		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
116 	[OPAL_LOCKINGSP_UID] =
117 		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
118 	[OPAL_ENTERPRISE_LOCKINGSP_UID] =
119 		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
120 	[OPAL_ANYBODY_UID] =
121 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
122 	[OPAL_SID_UID] =
123 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
124 	[OPAL_ADMIN1_UID] =
125 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
126 	[OPAL_USER1_UID] =
127 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
128 	[OPAL_USER2_UID] =
129 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
130 	[OPAL_PSID_UID] =
131 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
132 	[OPAL_ENTERPRISE_BANDMASTER0_UID] =
133 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
134 	[OPAL_ENTERPRISE_ERASEMASTER_UID] =
135 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
136 
137 	/* tables */
138 
139 	[OPAL_LOCKINGRANGE_GLOBAL] =
140 		{ 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
141 	[OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
142 		{ 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
143 	[OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
144 		{ 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
145 	[OPAL_MBRCONTROL] =
146 		{ 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
147 	[OPAL_MBR] =
148 		{ 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
149 	[OPAL_AUTHORITY_TABLE] =
150 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
151 	[OPAL_C_PIN_TABLE] =
152 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
153 	[OPAL_LOCKING_INFO_TABLE] =
154 		{ 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
155 	[OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
156 		{ 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
157 
158 	/* C_PIN_TABLE object ID's */
159 
160         [OPAL_C_PIN_MSID] =
161 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
162 	[OPAL_C_PIN_SID] =
163 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
164 	[OPAL_C_PIN_ADMIN1] =
165 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
166 
167 	/* half UID's (only first 4 bytes used) */
168 
169 	[OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
170 		{ 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
171 	[OPAL_HALF_UID_BOOLEAN_ACE] =
172 		{ 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
173 
174 	/* special value for omitted optional parameter */
175 	[OPAL_UID_HEXFF] =
176 		{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
177 };
178 
179 /*
180  * TCG Storage SSC Methods.
181  * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
182  * Section: 6.3 Assigned UIDs
183  */
184 static const u8 opalmethod[][OPAL_UID_LENGTH] = {
185 	[OPAL_PROPERTIES] =
186 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
187 	[OPAL_STARTSESSION] =
188 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
189 	[OPAL_REVERT] =
190 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
191 	[OPAL_ACTIVATE] =
192 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
193 	[OPAL_EGET] =
194 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
195 	[OPAL_ESET] =
196 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
197 	[OPAL_NEXT] =
198 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
199 	[OPAL_EAUTHENTICATE] =
200 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
201 	[OPAL_GETACL] =
202 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
203 	[OPAL_GENKEY] =
204 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
205 	[OPAL_REVERTSP] =
206 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
207 	[OPAL_GET] =
208 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
209 	[OPAL_SET] =
210 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
211 	[OPAL_AUTHENTICATE] =
212 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
213 	[OPAL_RANDOM] =
214 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
215 	[OPAL_ERASE] =
216 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
217 };
218 
219 static int end_opal_session_error(struct opal_dev *dev);
220 
221 struct opal_suspend_data {
222 	struct opal_lock_unlock unlk;
223 	u8 lr;
224 	struct list_head node;
225 };
226 
227 /*
228  * Derived from:
229  * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
230  * Section: 5.1.5 Method Status Codes
231  */
232 static const char * const opal_errors[] = {
233 	"Success",
234 	"Not Authorized",
235 	"Unknown Error",
236 	"SP Busy",
237 	"SP Failed",
238 	"SP Disabled",
239 	"SP Frozen",
240 	"No Sessions Available",
241 	"Uniqueness Conflict",
242 	"Insufficient Space",
243 	"Insufficient Rows",
244 	"Invalid Function",
245 	"Invalid Parameter",
246 	"Invalid Reference",
247 	"Unknown Error",
248 	"TPER Malfunction",
249 	"Transaction Failure",
250 	"Response Overflow",
251 	"Authority Locked Out",
252 };
253 
254 static const char *opal_error_to_human(int error)
255 {
256 	if (error == 0x3f)
257 		return "Failed";
258 
259 	if (error >= ARRAY_SIZE(opal_errors) || error < 0)
260 		return "Unknown Error";
261 
262 	return opal_errors[error];
263 }
264 
265 static void print_buffer(const u8 *ptr, u32 length)
266 {
267 #ifdef DEBUG
268 	print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
269 	pr_debug("\n");
270 #endif
271 }
272 
273 static bool check_tper(const void *data)
274 {
275 	const struct d0_tper_features *tper = data;
276 	u8 flags = tper->supported_features;
277 
278 	if (!(flags & TPER_SYNC_SUPPORTED)) {
279 		pr_debug("TPer sync not supported. flags = %d\n",
280 			 tper->supported_features);
281 		return false;
282 	}
283 
284 	return true;
285 }
286 
287 static bool check_mbrenabled(const void *data)
288 {
289 	const struct d0_locking_features *lfeat = data;
290 	u8 sup_feat = lfeat->supported_features;
291 
292 	return !!(sup_feat & MBR_ENABLED_MASK);
293 }
294 
295 static bool check_sum(const void *data)
296 {
297 	const struct d0_single_user_mode *sum = data;
298 	u32 nlo = be32_to_cpu(sum->num_locking_objects);
299 
300 	if (nlo == 0) {
301 		pr_debug("Need at least one locking object.\n");
302 		return false;
303 	}
304 
305 	pr_debug("Number of locking objects: %d\n", nlo);
306 
307 	return true;
308 }
309 
310 static u16 get_comid_v100(const void *data)
311 {
312 	const struct d0_opal_v100 *v100 = data;
313 
314 	return be16_to_cpu(v100->baseComID);
315 }
316 
317 static u16 get_comid_v200(const void *data)
318 {
319 	const struct d0_opal_v200 *v200 = data;
320 
321 	return be16_to_cpu(v200->baseComID);
322 }
323 
324 static int opal_send_cmd(struct opal_dev *dev)
325 {
326 	return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
327 			      dev->cmd, IO_BUFFER_LENGTH,
328 			      true);
329 }
330 
331 static int opal_recv_cmd(struct opal_dev *dev)
332 {
333 	return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
334 			      dev->resp, IO_BUFFER_LENGTH,
335 			      false);
336 }
337 
338 static int opal_recv_check(struct opal_dev *dev)
339 {
340 	size_t buflen = IO_BUFFER_LENGTH;
341 	void *buffer = dev->resp;
342 	struct opal_header *hdr = buffer;
343 	int ret;
344 
345 	do {
346 		pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
347 			 hdr->cp.outstandingData,
348 			 hdr->cp.minTransfer);
349 
350 		if (hdr->cp.outstandingData == 0 ||
351 		    hdr->cp.minTransfer != 0)
352 			return 0;
353 
354 		memset(buffer, 0, buflen);
355 		ret = opal_recv_cmd(dev);
356 	} while (!ret);
357 
358 	return ret;
359 }
360 
361 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
362 {
363 	int ret;
364 
365 	ret = opal_send_cmd(dev);
366 	if (ret)
367 		return ret;
368 	ret = opal_recv_cmd(dev);
369 	if (ret)
370 		return ret;
371 	ret = opal_recv_check(dev);
372 	if (ret)
373 		return ret;
374 	return cont(dev);
375 }
376 
377 static void check_geometry(struct opal_dev *dev, const void *data)
378 {
379 	const struct d0_geometry_features *geo = data;
380 
381 	dev->align = geo->alignment_granularity;
382 	dev->lowest_lba = geo->lowest_aligned_lba;
383 }
384 
385 static int next(struct opal_dev *dev)
386 {
387 	const struct opal_step *step;
388 	int state = 0, error = 0;
389 
390 	do {
391 		step = &dev->steps[state];
392 		if (!step->fn)
393 			break;
394 
395 		error = step->fn(dev, step->data);
396 		if (error) {
397 			pr_debug("Error on step function: %d with error %d: %s\n",
398 				 state, error,
399 				 opal_error_to_human(error));
400 
401 			/* For each OPAL command we do a discovery0 then we
402 			 * start some sort of session.
403 			 * If we haven't passed state 1 then there was an error
404 			 * on discovery0 or during the attempt to start a
405 			 * session. Therefore we shouldn't attempt to terminate
406 			 * a session, as one has not yet been created.
407 			 */
408 			if (state > 1) {
409 				end_opal_session_error(dev);
410 				return error;
411 			}
412 
413 		}
414 		state++;
415 	} while (!error);
416 
417 	return error;
418 }
419 
420 static int opal_discovery0_end(struct opal_dev *dev)
421 {
422 	bool found_com_id = false, supported = true, single_user = false;
423 	const struct d0_header *hdr = (struct d0_header *)dev->resp;
424 	const u8 *epos = dev->resp, *cpos = dev->resp;
425 	u16 comid = 0;
426 	u32 hlen = be32_to_cpu(hdr->length);
427 
428 	print_buffer(dev->resp, hlen);
429 	dev->mbr_enabled = false;
430 
431 	if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
432 		pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
433 			 sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
434 		return -EFAULT;
435 	}
436 
437 	epos += hlen; /* end of buffer */
438 	cpos += sizeof(*hdr); /* current position on buffer */
439 
440 	while (cpos < epos && supported) {
441 		const struct d0_features *body =
442 			(const struct d0_features *)cpos;
443 
444 		switch (be16_to_cpu(body->code)) {
445 		case FC_TPER:
446 			supported = check_tper(body->features);
447 			break;
448 		case FC_SINGLEUSER:
449 			single_user = check_sum(body->features);
450 			break;
451 		case FC_GEOMETRY:
452 			check_geometry(dev, body);
453 			break;
454 		case FC_LOCKING:
455 			dev->mbr_enabled = check_mbrenabled(body->features);
456 			break;
457 		case FC_ENTERPRISE:
458 		case FC_DATASTORE:
459 			/* some ignored properties */
460 			pr_debug("Found OPAL feature description: %d\n",
461 				 be16_to_cpu(body->code));
462 			break;
463 		case FC_OPALV100:
464 			comid = get_comid_v100(body->features);
465 			found_com_id = true;
466 			break;
467 		case FC_OPALV200:
468 			comid = get_comid_v200(body->features);
469 			found_com_id = true;
470 			break;
471 		case 0xbfff ... 0xffff:
472 			/* vendor specific, just ignore */
473 			break;
474 		default:
475 			pr_debug("OPAL Unknown feature: %d\n",
476 				 be16_to_cpu(body->code));
477 
478 		}
479 		cpos += body->length + 4;
480 	}
481 
482 	if (!supported) {
483 		pr_debug("This device is not Opal enabled. Not Supported!\n");
484 		return -EOPNOTSUPP;
485 	}
486 
487 	if (!single_user)
488 		pr_debug("Device doesn't support single user mode\n");
489 
490 
491 	if (!found_com_id) {
492 		pr_debug("Could not find OPAL comid for device. Returning early\n");
493 		return -EOPNOTSUPP;;
494 	}
495 
496 	dev->comid = comid;
497 
498 	return 0;
499 }
500 
501 static int opal_discovery0(struct opal_dev *dev, void *data)
502 {
503 	int ret;
504 
505 	memset(dev->resp, 0, IO_BUFFER_LENGTH);
506 	dev->comid = OPAL_DISCOVERY_COMID;
507 	ret = opal_recv_cmd(dev);
508 	if (ret)
509 		return ret;
510 	return opal_discovery0_end(dev);
511 }
512 
513 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
514 {
515 	if (*err)
516 		return;
517 	if (cmd->pos >= IO_BUFFER_LENGTH - 1) {
518 		pr_debug("Error adding u8: end of buffer.\n");
519 		*err = -ERANGE;
520 		return;
521 	}
522 	cmd->cmd[cmd->pos++] = tok;
523 }
524 
525 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
526 				  bool has_sign, int len)
527 {
528 	u8 atom;
529 	int err = 0;
530 
531 	atom = SHORT_ATOM_ID;
532 	atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
533 	atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
534 	atom |= len & SHORT_ATOM_LEN_MASK;
535 
536 	add_token_u8(&err, cmd, atom);
537 }
538 
539 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
540 				   bool has_sign, int len)
541 {
542 	u8 header0;
543 
544 	header0 = MEDIUM_ATOM_ID;
545 	header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
546 	header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
547 	header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
548 	cmd->cmd[cmd->pos++] = header0;
549 	cmd->cmd[cmd->pos++] = len;
550 }
551 
552 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
553 {
554 
555 	size_t len;
556 	int msb;
557 	u8 n;
558 
559 	if (!(number & ~TINY_ATOM_DATA_MASK)) {
560 		add_token_u8(err, cmd, number);
561 		return;
562 	}
563 
564 	msb = fls(number);
565 	len = DIV_ROUND_UP(msb, 4);
566 
567 	if (cmd->pos >= IO_BUFFER_LENGTH - len - 1) {
568 		pr_debug("Error adding u64: end of buffer.\n");
569 		*err = -ERANGE;
570 		return;
571 	}
572 	add_short_atom_header(cmd, false, false, len);
573 	while (len--) {
574 		n = number >> (len * 8);
575 		add_token_u8(err, cmd, n);
576 	}
577 }
578 
579 static void add_token_bytestring(int *err, struct opal_dev *cmd,
580 				 const u8 *bytestring, size_t len)
581 {
582 	size_t header_len = 1;
583 	bool is_short_atom = true;
584 
585 	if (*err)
586 		return;
587 
588 	if (len & ~SHORT_ATOM_LEN_MASK) {
589 		header_len = 2;
590 		is_short_atom = false;
591 	}
592 
593 	if (len >= IO_BUFFER_LENGTH - cmd->pos - header_len) {
594 		pr_debug("Error adding bytestring: end of buffer.\n");
595 		*err = -ERANGE;
596 		return;
597 	}
598 
599 	if (is_short_atom)
600 		add_short_atom_header(cmd, true, false, len);
601 	else
602 		add_medium_atom_header(cmd, true, false, len);
603 
604 	memcpy(&cmd->cmd[cmd->pos], bytestring, len);
605 	cmd->pos += len;
606 
607 }
608 
609 static int build_locking_range(u8 *buffer, size_t length, u8 lr)
610 {
611 	if (length > OPAL_UID_LENGTH) {
612 		pr_debug("Can't build locking range. Length OOB\n");
613 		return -ERANGE;
614 	}
615 
616 	memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
617 
618 	if (lr == 0)
619 		return 0;
620 	buffer[5] = LOCKING_RANGE_NON_GLOBAL;
621 	buffer[7] = lr;
622 
623 	return 0;
624 }
625 
626 static int build_locking_user(u8 *buffer, size_t length, u8 lr)
627 {
628 	if (length > OPAL_UID_LENGTH) {
629 		pr_debug("Can't build locking range user, Length OOB\n");
630 		return -ERANGE;
631 	}
632 
633 	memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
634 
635 	buffer[7] = lr + 1;
636 
637 	return 0;
638 }
639 
640 static void set_comid(struct opal_dev *cmd, u16 comid)
641 {
642 	struct opal_header *hdr = (struct opal_header *)cmd->cmd;
643 
644 	hdr->cp.extendedComID[0] = comid >> 8;
645 	hdr->cp.extendedComID[1] = comid;
646 	hdr->cp.extendedComID[2] = 0;
647 	hdr->cp.extendedComID[3] = 0;
648 }
649 
650 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
651 {
652 	struct opal_header *hdr;
653 	int err = 0;
654 
655 	add_token_u8(&err, cmd, OPAL_ENDOFDATA);
656 	add_token_u8(&err, cmd, OPAL_STARTLIST);
657 	add_token_u8(&err, cmd, 0);
658 	add_token_u8(&err, cmd, 0);
659 	add_token_u8(&err, cmd, 0);
660 	add_token_u8(&err, cmd, OPAL_ENDLIST);
661 
662 	if (err) {
663 		pr_debug("Error finalizing command.\n");
664 		return -EFAULT;
665 	}
666 
667 	hdr = (struct opal_header *) cmd->cmd;
668 
669 	hdr->pkt.tsn = cpu_to_be32(tsn);
670 	hdr->pkt.hsn = cpu_to_be32(hsn);
671 
672 	hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
673 	while (cmd->pos % 4) {
674 		if (cmd->pos >= IO_BUFFER_LENGTH) {
675 			pr_debug("Error: Buffer overrun\n");
676 			return -ERANGE;
677 		}
678 		cmd->cmd[cmd->pos++] = 0;
679 	}
680 	hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
681 				      sizeof(hdr->pkt));
682 	hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
683 
684 	return 0;
685 }
686 
687 static const struct opal_resp_tok *response_get_token(
688 				const struct parsed_resp *resp,
689 				int n)
690 {
691 	const struct opal_resp_tok *tok;
692 
693 	if (n >= resp->num) {
694 		pr_debug("Token number doesn't exist: %d, resp: %d\n",
695 			 n, resp->num);
696 		return ERR_PTR(-EINVAL);
697 	}
698 
699 	tok = &resp->toks[n];
700 	if (tok->len == 0) {
701 		pr_debug("Token length must be non-zero\n");
702 		return ERR_PTR(-EINVAL);
703 	}
704 
705 	return tok;
706 }
707 
708 static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
709 				   const u8 *pos)
710 {
711 	tok->pos = pos;
712 	tok->len = 1;
713 	tok->width = OPAL_WIDTH_TINY;
714 
715 	if (pos[0] & TINY_ATOM_SIGNED) {
716 		tok->type = OPAL_DTA_TOKENID_SINT;
717 	} else {
718 		tok->type = OPAL_DTA_TOKENID_UINT;
719 		tok->stored.u = pos[0] & 0x3f;
720 	}
721 
722 	return tok->len;
723 }
724 
725 static ssize_t response_parse_short(struct opal_resp_tok *tok,
726 				    const u8 *pos)
727 {
728 	tok->pos = pos;
729 	tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
730 	tok->width = OPAL_WIDTH_SHORT;
731 
732 	if (pos[0] & SHORT_ATOM_BYTESTRING) {
733 		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
734 	} else if (pos[0] & SHORT_ATOM_SIGNED) {
735 		tok->type = OPAL_DTA_TOKENID_SINT;
736 	} else {
737 		u64 u_integer = 0;
738 		ssize_t i, b = 0;
739 
740 		tok->type = OPAL_DTA_TOKENID_UINT;
741 		if (tok->len > 9) {
742 			pr_debug("uint64 with more than 8 bytes\n");
743 			return -EINVAL;
744 		}
745 		for (i = tok->len - 1; i > 0; i--) {
746 			u_integer |= ((u64)pos[i] << (8 * b));
747 			b++;
748 		}
749 		tok->stored.u = u_integer;
750 	}
751 
752 	return tok->len;
753 }
754 
755 static ssize_t response_parse_medium(struct opal_resp_tok *tok,
756 				     const u8 *pos)
757 {
758 	tok->pos = pos;
759 	tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
760 	tok->width = OPAL_WIDTH_MEDIUM;
761 
762 	if (pos[0] & MEDIUM_ATOM_BYTESTRING)
763 		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
764 	else if (pos[0] & MEDIUM_ATOM_SIGNED)
765 		tok->type = OPAL_DTA_TOKENID_SINT;
766 	else
767 		tok->type = OPAL_DTA_TOKENID_UINT;
768 
769 	return tok->len;
770 }
771 
772 static ssize_t response_parse_long(struct opal_resp_tok *tok,
773 				   const u8 *pos)
774 {
775 	tok->pos = pos;
776 	tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
777 	tok->width = OPAL_WIDTH_LONG;
778 
779 	if (pos[0] & LONG_ATOM_BYTESTRING)
780 		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
781 	else if (pos[0] & LONG_ATOM_SIGNED)
782 		tok->type = OPAL_DTA_TOKENID_SINT;
783 	else
784 		tok->type = OPAL_DTA_TOKENID_UINT;
785 
786 	return tok->len;
787 }
788 
789 static ssize_t response_parse_token(struct opal_resp_tok *tok,
790 				    const u8 *pos)
791 {
792 	tok->pos = pos;
793 	tok->len = 1;
794 	tok->type = OPAL_DTA_TOKENID_TOKEN;
795 	tok->width = OPAL_WIDTH_TOKEN;
796 
797 	return tok->len;
798 }
799 
800 static int response_parse(const u8 *buf, size_t length,
801 			  struct parsed_resp *resp)
802 {
803 	const struct opal_header *hdr;
804 	struct opal_resp_tok *iter;
805 	int num_entries = 0;
806 	int total;
807 	ssize_t token_length;
808 	const u8 *pos;
809 	u32 clen, plen, slen;
810 
811 	if (!buf)
812 		return -EFAULT;
813 
814 	if (!resp)
815 		return -EFAULT;
816 
817 	hdr = (struct opal_header *)buf;
818 	pos = buf;
819 	pos += sizeof(*hdr);
820 
821 	clen = be32_to_cpu(hdr->cp.length);
822 	plen = be32_to_cpu(hdr->pkt.length);
823 	slen = be32_to_cpu(hdr->subpkt.length);
824 	pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
825 		 clen, plen, slen);
826 
827 	if (clen == 0 || plen == 0 || slen == 0 ||
828 	    slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
829 		pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
830 			 clen, plen, slen);
831 		print_buffer(pos, sizeof(*hdr));
832 		return -EINVAL;
833 	}
834 
835 	if (pos > buf + length)
836 		return -EFAULT;
837 
838 	iter = resp->toks;
839 	total = slen;
840 	print_buffer(pos, total);
841 	while (total > 0) {
842 		if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
843 			token_length = response_parse_tiny(iter, pos);
844 		else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
845 			token_length = response_parse_short(iter, pos);
846 		else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
847 			token_length = response_parse_medium(iter, pos);
848 		else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
849 			token_length = response_parse_long(iter, pos);
850 		else /* TOKEN */
851 			token_length = response_parse_token(iter, pos);
852 
853 		if (token_length < 0)
854 			return token_length;
855 
856 		pos += token_length;
857 		total -= token_length;
858 		iter++;
859 		num_entries++;
860 	}
861 
862 	if (num_entries == 0) {
863 		pr_debug("Couldn't parse response.\n");
864 		return -EINVAL;
865 	}
866 	resp->num = num_entries;
867 
868 	return 0;
869 }
870 
871 static size_t response_get_string(const struct parsed_resp *resp, int n,
872 				  const char **store)
873 {
874 	*store = NULL;
875 	if (!resp) {
876 		pr_debug("Response is NULL\n");
877 		return 0;
878 	}
879 
880 	if (n > resp->num) {
881 		pr_debug("Response has %d tokens. Can't access %d\n",
882 			 resp->num, n);
883 		return 0;
884 	}
885 
886 	if (resp->toks[n].type != OPAL_DTA_TOKENID_BYTESTRING) {
887 		pr_debug("Token is not a byte string!\n");
888 		return 0;
889 	}
890 
891 	*store = resp->toks[n].pos + 1;
892 	return resp->toks[n].len - 1;
893 }
894 
895 static u64 response_get_u64(const struct parsed_resp *resp, int n)
896 {
897 	if (!resp) {
898 		pr_debug("Response is NULL\n");
899 		return 0;
900 	}
901 
902 	if (n > resp->num) {
903 		pr_debug("Response has %d tokens. Can't access %d\n",
904 			 resp->num, n);
905 		return 0;
906 	}
907 
908 	if (resp->toks[n].type != OPAL_DTA_TOKENID_UINT) {
909 		pr_debug("Token is not unsigned it: %d\n",
910 			 resp->toks[n].type);
911 		return 0;
912 	}
913 
914 	if (!(resp->toks[n].width == OPAL_WIDTH_TINY ||
915 	      resp->toks[n].width == OPAL_WIDTH_SHORT)) {
916 		pr_debug("Atom is not short or tiny: %d\n",
917 			 resp->toks[n].width);
918 		return 0;
919 	}
920 
921 	return resp->toks[n].stored.u;
922 }
923 
924 static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
925 {
926 	if (IS_ERR(token) ||
927 	    token->type != OPAL_DTA_TOKENID_TOKEN ||
928 	    token->pos[0] != match)
929 		return false;
930 	return true;
931 }
932 
933 static u8 response_status(const struct parsed_resp *resp)
934 {
935 	const struct opal_resp_tok *tok;
936 
937 	tok = response_get_token(resp, 0);
938 	if (response_token_matches(tok, OPAL_ENDOFSESSION))
939 		return 0;
940 
941 	if (resp->num < 5)
942 		return DTAERROR_NO_METHOD_STATUS;
943 
944 	tok = response_get_token(resp, resp->num - 5);
945 	if (!response_token_matches(tok, OPAL_STARTLIST))
946 		return DTAERROR_NO_METHOD_STATUS;
947 
948 	tok = response_get_token(resp, resp->num - 1);
949 	if (!response_token_matches(tok, OPAL_ENDLIST))
950 		return DTAERROR_NO_METHOD_STATUS;
951 
952 	return response_get_u64(resp, resp->num - 4);
953 }
954 
955 /* Parses and checks for errors */
956 static int parse_and_check_status(struct opal_dev *dev)
957 {
958 	int error;
959 
960 	print_buffer(dev->cmd, dev->pos);
961 
962 	error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
963 	if (error) {
964 		pr_debug("Couldn't parse response.\n");
965 		return error;
966 	}
967 
968 	return response_status(&dev->parsed);
969 }
970 
971 static void clear_opal_cmd(struct opal_dev *dev)
972 {
973 	dev->pos = sizeof(struct opal_header);
974 	memset(dev->cmd, 0, IO_BUFFER_LENGTH);
975 }
976 
977 static int start_opal_session_cont(struct opal_dev *dev)
978 {
979 	u32 hsn, tsn;
980 	int error = 0;
981 
982 	error = parse_and_check_status(dev);
983 	if (error)
984 		return error;
985 
986 	hsn = response_get_u64(&dev->parsed, 4);
987 	tsn = response_get_u64(&dev->parsed, 5);
988 
989 	if (hsn == 0 && tsn == 0) {
990 		pr_debug("Couldn't authenticate session\n");
991 		return -EPERM;
992 	}
993 
994 	dev->hsn = hsn;
995 	dev->tsn = tsn;
996 	return 0;
997 }
998 
999 static void add_suspend_info(struct opal_dev *dev,
1000 			     struct opal_suspend_data *sus)
1001 {
1002 	struct opal_suspend_data *iter;
1003 
1004 	list_for_each_entry(iter, &dev->unlk_lst, node) {
1005 		if (iter->lr == sus->lr) {
1006 			list_del(&iter->node);
1007 			kfree(iter);
1008 			break;
1009 		}
1010 	}
1011 	list_add_tail(&sus->node, &dev->unlk_lst);
1012 }
1013 
1014 static int end_session_cont(struct opal_dev *dev)
1015 {
1016 	dev->hsn = 0;
1017 	dev->tsn = 0;
1018 	return parse_and_check_status(dev);
1019 }
1020 
1021 static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1022 {
1023 	int ret;
1024 
1025 	ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1026 	if (ret) {
1027 		pr_debug("Error finalizing command buffer: %d\n", ret);
1028 		return ret;
1029 	}
1030 
1031 	print_buffer(dev->cmd, dev->pos);
1032 
1033 	return opal_send_recv(dev, cont);
1034 }
1035 
1036 static int gen_key(struct opal_dev *dev, void *data)
1037 {
1038 	u8 uid[OPAL_UID_LENGTH];
1039 	int err = 0;
1040 
1041 	clear_opal_cmd(dev);
1042 	set_comid(dev, dev->comid);
1043 
1044 	memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1045 	kfree(dev->prev_data);
1046 	dev->prev_data = NULL;
1047 
1048 	add_token_u8(&err, dev, OPAL_CALL);
1049 	add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1050 	add_token_bytestring(&err, dev, opalmethod[OPAL_GENKEY],
1051 			     OPAL_UID_LENGTH);
1052 	add_token_u8(&err, dev, OPAL_STARTLIST);
1053 	add_token_u8(&err, dev, OPAL_ENDLIST);
1054 
1055 	if (err) {
1056 		pr_debug("Error building gen key command\n");
1057 		return err;
1058 
1059 	}
1060 	return finalize_and_send(dev, parse_and_check_status);
1061 }
1062 
1063 static int get_active_key_cont(struct opal_dev *dev)
1064 {
1065 	const char *activekey;
1066 	size_t keylen;
1067 	int error = 0;
1068 
1069 	error = parse_and_check_status(dev);
1070 	if (error)
1071 		return error;
1072 	keylen = response_get_string(&dev->parsed, 4, &activekey);
1073 	if (!activekey) {
1074 		pr_debug("%s: Couldn't extract the Activekey from the response\n",
1075 			 __func__);
1076 		return OPAL_INVAL_PARAM;
1077 	}
1078 	dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1079 
1080 	if (!dev->prev_data)
1081 		return -ENOMEM;
1082 
1083 	dev->prev_d_len = keylen;
1084 
1085 	return 0;
1086 }
1087 
1088 static int get_active_key(struct opal_dev *dev, void *data)
1089 {
1090 	u8 uid[OPAL_UID_LENGTH];
1091 	int err = 0;
1092 	u8 *lr = data;
1093 
1094 	clear_opal_cmd(dev);
1095 	set_comid(dev, dev->comid);
1096 
1097 	err = build_locking_range(uid, sizeof(uid), *lr);
1098 	if (err)
1099 		return err;
1100 
1101 	err = 0;
1102 	add_token_u8(&err, dev, OPAL_CALL);
1103 	add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1104 	add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH);
1105 	add_token_u8(&err, dev, OPAL_STARTLIST);
1106 	add_token_u8(&err, dev, OPAL_STARTLIST);
1107 	add_token_u8(&err, dev, OPAL_STARTNAME);
1108 	add_token_u8(&err, dev, 3); /* startCloumn */
1109 	add_token_u8(&err, dev, 10); /* ActiveKey */
1110 	add_token_u8(&err, dev, OPAL_ENDNAME);
1111 	add_token_u8(&err, dev, OPAL_STARTNAME);
1112 	add_token_u8(&err, dev, 4); /* endColumn */
1113 	add_token_u8(&err, dev, 10); /* ActiveKey */
1114 	add_token_u8(&err, dev, OPAL_ENDNAME);
1115 	add_token_u8(&err, dev, OPAL_ENDLIST);
1116 	add_token_u8(&err, dev, OPAL_ENDLIST);
1117 	if (err) {
1118 		pr_debug("Error building get active key command\n");
1119 		return err;
1120 	}
1121 
1122 	return finalize_and_send(dev, get_active_key_cont);
1123 }
1124 
1125 static int generic_lr_enable_disable(struct opal_dev *dev,
1126 				     u8 *uid, bool rle, bool wle,
1127 				     bool rl, bool wl)
1128 {
1129 	int err = 0;
1130 
1131 	add_token_u8(&err, dev, OPAL_CALL);
1132 	add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1133 	add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1134 
1135 	add_token_u8(&err, dev, OPAL_STARTLIST);
1136 	add_token_u8(&err, dev, OPAL_STARTNAME);
1137 	add_token_u8(&err, dev, OPAL_VALUES);
1138 	add_token_u8(&err, dev, OPAL_STARTLIST);
1139 
1140 	add_token_u8(&err, dev, OPAL_STARTNAME);
1141 	add_token_u8(&err, dev, 5); /* ReadLockEnabled */
1142 	add_token_u8(&err, dev, rle);
1143 	add_token_u8(&err, dev, OPAL_ENDNAME);
1144 
1145 	add_token_u8(&err, dev, OPAL_STARTNAME);
1146 	add_token_u8(&err, dev, 6); /* WriteLockEnabled */
1147 	add_token_u8(&err, dev, wle);
1148 	add_token_u8(&err, dev, OPAL_ENDNAME);
1149 
1150 	add_token_u8(&err, dev, OPAL_STARTNAME);
1151 	add_token_u8(&err, dev, OPAL_READLOCKED);
1152 	add_token_u8(&err, dev, rl);
1153 	add_token_u8(&err, dev, OPAL_ENDNAME);
1154 
1155 	add_token_u8(&err, dev, OPAL_STARTNAME);
1156 	add_token_u8(&err, dev, OPAL_WRITELOCKED);
1157 	add_token_u8(&err, dev, wl);
1158 	add_token_u8(&err, dev, OPAL_ENDNAME);
1159 
1160 	add_token_u8(&err, dev, OPAL_ENDLIST);
1161 	add_token_u8(&err, dev, OPAL_ENDNAME);
1162 	add_token_u8(&err, dev, OPAL_ENDLIST);
1163 	return err;
1164 }
1165 
1166 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1167 				   struct opal_user_lr_setup *setup)
1168 {
1169 	int err;
1170 
1171 	err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1172 					0, 0);
1173 	if (err)
1174 		pr_debug("Failed to create enable global lr command\n");
1175 	return err;
1176 }
1177 
1178 static int setup_locking_range(struct opal_dev *dev, void *data)
1179 {
1180 	u8 uid[OPAL_UID_LENGTH];
1181 	struct opal_user_lr_setup *setup = data;
1182 	u8 lr;
1183 	int err = 0;
1184 
1185 	clear_opal_cmd(dev);
1186 	set_comid(dev, dev->comid);
1187 
1188 	lr = setup->session.opal_key.lr;
1189 	err = build_locking_range(uid, sizeof(uid), lr);
1190 	if (err)
1191 		return err;
1192 
1193 	if (lr == 0)
1194 		err = enable_global_lr(dev, uid, setup);
1195 	else {
1196 		add_token_u8(&err, dev, OPAL_CALL);
1197 		add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1198 		add_token_bytestring(&err, dev, opalmethod[OPAL_SET],
1199 				     OPAL_UID_LENGTH);
1200 
1201 		add_token_u8(&err, dev, OPAL_STARTLIST);
1202 		add_token_u8(&err, dev, OPAL_STARTNAME);
1203 		add_token_u8(&err, dev, OPAL_VALUES);
1204 		add_token_u8(&err, dev, OPAL_STARTLIST);
1205 
1206 		add_token_u8(&err, dev, OPAL_STARTNAME);
1207 		add_token_u8(&err, dev, 3); /* Ranges Start */
1208 		add_token_u64(&err, dev, setup->range_start);
1209 		add_token_u8(&err, dev, OPAL_ENDNAME);
1210 
1211 		add_token_u8(&err, dev, OPAL_STARTNAME);
1212 		add_token_u8(&err, dev, 4); /* Ranges length */
1213 		add_token_u64(&err, dev, setup->range_length);
1214 		add_token_u8(&err, dev, OPAL_ENDNAME);
1215 
1216 		add_token_u8(&err, dev, OPAL_STARTNAME);
1217 		add_token_u8(&err, dev, 5); /*ReadLockEnabled */
1218 		add_token_u64(&err, dev, !!setup->RLE);
1219 		add_token_u8(&err, dev, OPAL_ENDNAME);
1220 
1221 		add_token_u8(&err, dev, OPAL_STARTNAME);
1222 		add_token_u8(&err, dev, 6); /*WriteLockEnabled*/
1223 		add_token_u64(&err, dev, !!setup->WLE);
1224 		add_token_u8(&err, dev, OPAL_ENDNAME);
1225 
1226 		add_token_u8(&err, dev, OPAL_ENDLIST);
1227 		add_token_u8(&err, dev, OPAL_ENDNAME);
1228 		add_token_u8(&err, dev, OPAL_ENDLIST);
1229 
1230 	}
1231 	if (err) {
1232 		pr_debug("Error building Setup Locking range command.\n");
1233 		return err;
1234 
1235 	}
1236 
1237 	return finalize_and_send(dev, parse_and_check_status);
1238 }
1239 
1240 static int start_generic_opal_session(struct opal_dev *dev,
1241 				      enum opal_uid auth,
1242 				      enum opal_uid sp_type,
1243 				      const char *key,
1244 				      u8 key_len)
1245 {
1246 	u32 hsn;
1247 	int err = 0;
1248 
1249 	if (key == NULL && auth != OPAL_ANYBODY_UID)
1250 		return OPAL_INVAL_PARAM;
1251 
1252 	clear_opal_cmd(dev);
1253 
1254 	set_comid(dev, dev->comid);
1255 	hsn = GENERIC_HOST_SESSION_NUM;
1256 
1257 	add_token_u8(&err, dev, OPAL_CALL);
1258 	add_token_bytestring(&err, dev, opaluid[OPAL_SMUID_UID],
1259 			     OPAL_UID_LENGTH);
1260 	add_token_bytestring(&err, dev, opalmethod[OPAL_STARTSESSION],
1261 			     OPAL_UID_LENGTH);
1262 	add_token_u8(&err, dev, OPAL_STARTLIST);
1263 	add_token_u64(&err, dev, hsn);
1264 	add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1265 	add_token_u8(&err, dev, 1);
1266 
1267 	switch (auth) {
1268 	case OPAL_ANYBODY_UID:
1269 		add_token_u8(&err, dev, OPAL_ENDLIST);
1270 		break;
1271 	case OPAL_ADMIN1_UID:
1272 	case OPAL_SID_UID:
1273 		add_token_u8(&err, dev, OPAL_STARTNAME);
1274 		add_token_u8(&err, dev, 0); /* HostChallenge */
1275 		add_token_bytestring(&err, dev, key, key_len);
1276 		add_token_u8(&err, dev, OPAL_ENDNAME);
1277 		add_token_u8(&err, dev, OPAL_STARTNAME);
1278 		add_token_u8(&err, dev, 3); /* HostSignAuth */
1279 		add_token_bytestring(&err, dev, opaluid[auth],
1280 				     OPAL_UID_LENGTH);
1281 		add_token_u8(&err, dev, OPAL_ENDNAME);
1282 		add_token_u8(&err, dev, OPAL_ENDLIST);
1283 		break;
1284 	default:
1285 		pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1286 		return OPAL_INVAL_PARAM;
1287 	}
1288 
1289 	if (err) {
1290 		pr_debug("Error building start adminsp session command.\n");
1291 		return err;
1292 	}
1293 
1294 	return finalize_and_send(dev, start_opal_session_cont);
1295 }
1296 
1297 static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1298 {
1299 	return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1300 					  OPAL_ADMINSP_UID, NULL, 0);
1301 }
1302 
1303 static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1304 {
1305 	int ret;
1306 	const u8 *key = dev->prev_data;
1307 
1308 	if (!key) {
1309 		const struct opal_key *okey = data;
1310 		ret = start_generic_opal_session(dev, OPAL_SID_UID,
1311 						 OPAL_ADMINSP_UID,
1312 						 okey->key,
1313 						 okey->key_len);
1314 	} else {
1315 		ret = start_generic_opal_session(dev, OPAL_SID_UID,
1316 						 OPAL_ADMINSP_UID,
1317 						 key, dev->prev_d_len);
1318 		kfree(key);
1319 		dev->prev_data = NULL;
1320 	}
1321 	return ret;
1322 }
1323 
1324 static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1325 {
1326 	struct opal_key *key = data;
1327 	return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1328 					  OPAL_LOCKINGSP_UID,
1329 					  key->key, key->key_len);
1330 }
1331 
1332 static int start_auth_opal_session(struct opal_dev *dev, void *data)
1333 {
1334 	struct opal_session_info *session = data;
1335 	u8 lk_ul_user[OPAL_UID_LENGTH];
1336 	size_t keylen = session->opal_key.key_len;
1337 	int err = 0;
1338 
1339 	u8 *key = session->opal_key.key;
1340 	u32 hsn = GENERIC_HOST_SESSION_NUM;
1341 
1342 	clear_opal_cmd(dev);
1343 	set_comid(dev, dev->comid);
1344 
1345 	if (session->sum) {
1346 		err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1347 					 session->opal_key.lr);
1348 		if (err)
1349 			return err;
1350 
1351 	} else if (session->who != OPAL_ADMIN1 && !session->sum) {
1352 		err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1353 					 session->who - 1);
1354 		if (err)
1355 			return err;
1356 	} else
1357 		memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1358 
1359 	add_token_u8(&err, dev, OPAL_CALL);
1360 	add_token_bytestring(&err, dev, opaluid[OPAL_SMUID_UID],
1361 			     OPAL_UID_LENGTH);
1362 	add_token_bytestring(&err, dev, opalmethod[OPAL_STARTSESSION],
1363 			     OPAL_UID_LENGTH);
1364 
1365 	add_token_u8(&err, dev, OPAL_STARTLIST);
1366 	add_token_u64(&err, dev, hsn);
1367 	add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1368 			     OPAL_UID_LENGTH);
1369 	add_token_u8(&err, dev, 1);
1370 	add_token_u8(&err, dev, OPAL_STARTNAME);
1371 	add_token_u8(&err, dev, 0);
1372 	add_token_bytestring(&err, dev, key, keylen);
1373 	add_token_u8(&err, dev, OPAL_ENDNAME);
1374 	add_token_u8(&err, dev, OPAL_STARTNAME);
1375 	add_token_u8(&err, dev, 3);
1376 	add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1377 	add_token_u8(&err, dev, OPAL_ENDNAME);
1378 	add_token_u8(&err, dev, OPAL_ENDLIST);
1379 
1380 	if (err) {
1381 		pr_debug("Error building STARTSESSION command.\n");
1382 		return err;
1383 	}
1384 
1385 	return finalize_and_send(dev, start_opal_session_cont);
1386 }
1387 
1388 static int revert_tper(struct opal_dev *dev, void *data)
1389 {
1390 	int err = 0;
1391 
1392 	clear_opal_cmd(dev);
1393 	set_comid(dev, dev->comid);
1394 
1395 	add_token_u8(&err, dev, OPAL_CALL);
1396 	add_token_bytestring(&err, dev, opaluid[OPAL_ADMINSP_UID],
1397 			     OPAL_UID_LENGTH);
1398 	add_token_bytestring(&err, dev, opalmethod[OPAL_REVERT],
1399 			     OPAL_UID_LENGTH);
1400 	add_token_u8(&err, dev, OPAL_STARTLIST);
1401 	add_token_u8(&err, dev, OPAL_ENDLIST);
1402 	if (err) {
1403 		pr_debug("Error building REVERT TPER command.\n");
1404 		return err;
1405 	}
1406 
1407 	return finalize_and_send(dev, parse_and_check_status);
1408 }
1409 
1410 static int internal_activate_user(struct opal_dev *dev, void *data)
1411 {
1412 	struct opal_session_info *session = data;
1413 	u8 uid[OPAL_UID_LENGTH];
1414 	int err = 0;
1415 
1416 	clear_opal_cmd(dev);
1417 	set_comid(dev, dev->comid);
1418 
1419 	memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1420 	uid[7] = session->who;
1421 
1422 	add_token_u8(&err, dev, OPAL_CALL);
1423 	add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1424 	add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1425 	add_token_u8(&err, dev, OPAL_STARTLIST);
1426 	add_token_u8(&err, dev, OPAL_STARTNAME);
1427 	add_token_u8(&err, dev, OPAL_VALUES);
1428 	add_token_u8(&err, dev, OPAL_STARTLIST);
1429 	add_token_u8(&err, dev, OPAL_STARTNAME);
1430 	add_token_u8(&err, dev, 5); /* Enabled */
1431 	add_token_u8(&err, dev, OPAL_TRUE);
1432 	add_token_u8(&err, dev, OPAL_ENDNAME);
1433 	add_token_u8(&err, dev, OPAL_ENDLIST);
1434 	add_token_u8(&err, dev, OPAL_ENDNAME);
1435 	add_token_u8(&err, dev, OPAL_ENDLIST);
1436 
1437 	if (err) {
1438 		pr_debug("Error building Activate UserN command.\n");
1439 		return err;
1440 	}
1441 
1442 	return finalize_and_send(dev, parse_and_check_status);
1443 }
1444 
1445 static int erase_locking_range(struct opal_dev *dev, void *data)
1446 {
1447 	struct opal_session_info *session = data;
1448 	u8 uid[OPAL_UID_LENGTH];
1449 	int err = 0;
1450 
1451 	clear_opal_cmd(dev);
1452 	set_comid(dev, dev->comid);
1453 
1454 	if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1455 		return -ERANGE;
1456 
1457 	add_token_u8(&err, dev, OPAL_CALL);
1458 	add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1459 	add_token_bytestring(&err, dev, opalmethod[OPAL_ERASE],
1460 			     OPAL_UID_LENGTH);
1461 	add_token_u8(&err, dev, OPAL_STARTLIST);
1462 	add_token_u8(&err, dev, OPAL_ENDLIST);
1463 
1464 	if (err) {
1465 		pr_debug("Error building Erase Locking Range Command.\n");
1466 		return err;
1467 	}
1468 	return finalize_and_send(dev, parse_and_check_status);
1469 }
1470 
1471 static int set_mbr_done(struct opal_dev *dev, void *data)
1472 {
1473 	u8 *mbr_done_tf = data;
1474 	int err = 0;
1475 
1476 	clear_opal_cmd(dev);
1477 	set_comid(dev, dev->comid);
1478 
1479 	add_token_u8(&err, dev, OPAL_CALL);
1480 	add_token_bytestring(&err, dev, opaluid[OPAL_MBRCONTROL],
1481 			     OPAL_UID_LENGTH);
1482 	add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1483 	add_token_u8(&err, dev, OPAL_STARTLIST);
1484 	add_token_u8(&err, dev, OPAL_STARTNAME);
1485 	add_token_u8(&err, dev, OPAL_VALUES);
1486 	add_token_u8(&err, dev, OPAL_STARTLIST);
1487 	add_token_u8(&err, dev, OPAL_STARTNAME);
1488 	add_token_u8(&err, dev, 2); /* Done */
1489 	add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */
1490 	add_token_u8(&err, dev, OPAL_ENDNAME);
1491 	add_token_u8(&err, dev, OPAL_ENDLIST);
1492 	add_token_u8(&err, dev, OPAL_ENDNAME);
1493 	add_token_u8(&err, dev, OPAL_ENDLIST);
1494 
1495 	if (err) {
1496 		pr_debug("Error Building set MBR Done command\n");
1497 		return err;
1498 	}
1499 
1500 	return finalize_and_send(dev, parse_and_check_status);
1501 }
1502 
1503 static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1504 {
1505 	u8 *mbr_en_dis = data;
1506 	int err = 0;
1507 
1508 	clear_opal_cmd(dev);
1509 	set_comid(dev, dev->comid);
1510 
1511 	add_token_u8(&err, dev, OPAL_CALL);
1512 	add_token_bytestring(&err, dev, opaluid[OPAL_MBRCONTROL],
1513 			     OPAL_UID_LENGTH);
1514 	add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1515 	add_token_u8(&err, dev, OPAL_STARTLIST);
1516 	add_token_u8(&err, dev, OPAL_STARTNAME);
1517 	add_token_u8(&err, dev, OPAL_VALUES);
1518 	add_token_u8(&err, dev, OPAL_STARTLIST);
1519 	add_token_u8(&err, dev, OPAL_STARTNAME);
1520 	add_token_u8(&err, dev, 1);
1521 	add_token_u8(&err, dev, *mbr_en_dis);
1522 	add_token_u8(&err, dev, OPAL_ENDNAME);
1523 	add_token_u8(&err, dev, OPAL_ENDLIST);
1524 	add_token_u8(&err, dev, OPAL_ENDNAME);
1525 	add_token_u8(&err, dev, OPAL_ENDLIST);
1526 
1527 	if (err) {
1528 		pr_debug("Error Building set MBR done command\n");
1529 		return err;
1530 	}
1531 
1532 	return finalize_and_send(dev, parse_and_check_status);
1533 }
1534 
1535 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1536 			  struct opal_dev *dev)
1537 {
1538 	int err = 0;
1539 
1540 	clear_opal_cmd(dev);
1541 	set_comid(dev, dev->comid);
1542 
1543 	add_token_u8(&err, dev, OPAL_CALL);
1544 	add_token_bytestring(&err, dev, cpin_uid, OPAL_UID_LENGTH);
1545 	add_token_bytestring(&err, dev, opalmethod[OPAL_SET],
1546 			     OPAL_UID_LENGTH);
1547 	add_token_u8(&err, dev, OPAL_STARTLIST);
1548 	add_token_u8(&err, dev, OPAL_STARTNAME);
1549 	add_token_u8(&err, dev, OPAL_VALUES);
1550 	add_token_u8(&err, dev, OPAL_STARTLIST);
1551 	add_token_u8(&err, dev, OPAL_STARTNAME);
1552 	add_token_u8(&err, dev, 3); /* PIN */
1553 	add_token_bytestring(&err, dev, key, key_len);
1554 	add_token_u8(&err, dev, OPAL_ENDNAME);
1555 	add_token_u8(&err, dev, OPAL_ENDLIST);
1556 	add_token_u8(&err, dev, OPAL_ENDNAME);
1557 	add_token_u8(&err, dev, OPAL_ENDLIST);
1558 
1559 	return err;
1560 }
1561 
1562 static int set_new_pw(struct opal_dev *dev, void *data)
1563 {
1564 	u8 cpin_uid[OPAL_UID_LENGTH];
1565 	struct opal_session_info *usr = data;
1566 
1567 	memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1568 
1569 	if (usr->who != OPAL_ADMIN1) {
1570 		cpin_uid[5] = 0x03;
1571 		if (usr->sum)
1572 			cpin_uid[7] = usr->opal_key.lr + 1;
1573 		else
1574 			cpin_uid[7] = usr->who;
1575 	}
1576 
1577 	if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
1578 			   cpin_uid, dev)) {
1579 		pr_debug("Error building set password command.\n");
1580 		return -ERANGE;
1581 	}
1582 
1583 	return finalize_and_send(dev, parse_and_check_status);
1584 }
1585 
1586 static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
1587 {
1588 	u8 cpin_uid[OPAL_UID_LENGTH];
1589 	struct opal_key *key = data;
1590 
1591 	memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
1592 
1593 	if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
1594 		pr_debug("Error building Set SID cpin\n");
1595 		return -ERANGE;
1596 	}
1597 	return finalize_and_send(dev, parse_and_check_status);
1598 }
1599 
1600 static int add_user_to_lr(struct opal_dev *dev, void *data)
1601 {
1602 	u8 lr_buffer[OPAL_UID_LENGTH];
1603 	u8 user_uid[OPAL_UID_LENGTH];
1604 	struct opal_lock_unlock *lkul = data;
1605 	int err = 0;
1606 
1607 	clear_opal_cmd(dev);
1608 	set_comid(dev, dev->comid);
1609 
1610 	memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_RDLOCKED],
1611 	       OPAL_UID_LENGTH);
1612 
1613 	if (lkul->l_state == OPAL_RW)
1614 		memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_WRLOCKED],
1615 		       OPAL_UID_LENGTH);
1616 
1617 	lr_buffer[7] = lkul->session.opal_key.lr;
1618 
1619 	memcpy(user_uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1620 
1621 	user_uid[7] = lkul->session.who;
1622 
1623 	add_token_u8(&err, dev, OPAL_CALL);
1624 	add_token_bytestring(&err, dev, lr_buffer, OPAL_UID_LENGTH);
1625 	add_token_bytestring(&err, dev, opalmethod[OPAL_SET],
1626 			     OPAL_UID_LENGTH);
1627 
1628 	add_token_u8(&err, dev, OPAL_STARTLIST);
1629 	add_token_u8(&err, dev, OPAL_STARTNAME);
1630 	add_token_u8(&err, dev, OPAL_VALUES);
1631 
1632 	add_token_u8(&err, dev, OPAL_STARTLIST);
1633 	add_token_u8(&err, dev, OPAL_STARTNAME);
1634 	add_token_u8(&err, dev, 3);
1635 
1636 	add_token_u8(&err, dev, OPAL_STARTLIST);
1637 
1638 
1639 	add_token_u8(&err, dev, OPAL_STARTNAME);
1640 	add_token_bytestring(&err, dev,
1641 			     opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1642 			     OPAL_UID_LENGTH/2);
1643 	add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1644 	add_token_u8(&err, dev, OPAL_ENDNAME);
1645 
1646 
1647 	add_token_u8(&err, dev, OPAL_STARTNAME);
1648 	add_token_bytestring(&err, dev,
1649 			     opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1650 			     OPAL_UID_LENGTH/2);
1651 	add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1652 	add_token_u8(&err, dev, OPAL_ENDNAME);
1653 
1654 
1655 	add_token_u8(&err, dev, OPAL_STARTNAME);
1656 	add_token_bytestring(&err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
1657 			     OPAL_UID_LENGTH/2);
1658 	add_token_u8(&err, dev, 1);
1659 	add_token_u8(&err, dev, OPAL_ENDNAME);
1660 
1661 
1662 	add_token_u8(&err, dev, OPAL_ENDLIST);
1663 	add_token_u8(&err, dev, OPAL_ENDNAME);
1664 	add_token_u8(&err, dev, OPAL_ENDLIST);
1665 	add_token_u8(&err, dev, OPAL_ENDNAME);
1666 	add_token_u8(&err, dev, OPAL_ENDLIST);
1667 
1668 	if (err) {
1669 		pr_debug("Error building add user to locking range command.\n");
1670 		return err;
1671 	}
1672 
1673 	return finalize_and_send(dev, parse_and_check_status);
1674 }
1675 
1676 static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
1677 {
1678 	u8 lr_buffer[OPAL_UID_LENGTH];
1679 	struct opal_lock_unlock *lkul = data;
1680 	u8 read_locked = 1, write_locked = 1;
1681 	int err = 0;
1682 
1683 	clear_opal_cmd(dev);
1684 	set_comid(dev, dev->comid);
1685 
1686 	if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1687 				lkul->session.opal_key.lr) < 0)
1688 		return -ERANGE;
1689 
1690 	switch (lkul->l_state) {
1691 	case OPAL_RO:
1692 		read_locked = 0;
1693 		write_locked = 1;
1694 		break;
1695 	case OPAL_RW:
1696 		read_locked = 0;
1697 		write_locked = 0;
1698 		break;
1699 	case OPAL_LK:
1700 		/* vars are initalized to locked */
1701 		break;
1702 	default:
1703 		pr_debug("Tried to set an invalid locking state... returning to uland\n");
1704 		return OPAL_INVAL_PARAM;
1705 	}
1706 
1707 	add_token_u8(&err, dev, OPAL_CALL);
1708 	add_token_bytestring(&err, dev, lr_buffer, OPAL_UID_LENGTH);
1709 	add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1710 	add_token_u8(&err, dev, OPAL_STARTLIST);
1711 	add_token_u8(&err, dev, OPAL_STARTNAME);
1712 	add_token_u8(&err, dev, OPAL_VALUES);
1713 	add_token_u8(&err, dev, OPAL_STARTLIST);
1714 
1715 	add_token_u8(&err, dev, OPAL_STARTNAME);
1716 	add_token_u8(&err, dev, OPAL_READLOCKED);
1717 	add_token_u8(&err, dev, read_locked);
1718 	add_token_u8(&err, dev, OPAL_ENDNAME);
1719 
1720 	add_token_u8(&err, dev, OPAL_STARTNAME);
1721 	add_token_u8(&err, dev, OPAL_WRITELOCKED);
1722 	add_token_u8(&err, dev, write_locked);
1723 	add_token_u8(&err, dev, OPAL_ENDNAME);
1724 
1725 	add_token_u8(&err, dev, OPAL_ENDLIST);
1726 	add_token_u8(&err, dev, OPAL_ENDNAME);
1727 	add_token_u8(&err, dev, OPAL_ENDLIST);
1728 
1729 	if (err) {
1730 		pr_debug("Error building SET command.\n");
1731 		return err;
1732 	}
1733 	return finalize_and_send(dev, parse_and_check_status);
1734 }
1735 
1736 
1737 static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
1738 {
1739 	u8 lr_buffer[OPAL_UID_LENGTH];
1740 	u8 read_locked = 1, write_locked = 1;
1741 	struct opal_lock_unlock *lkul = data;
1742 	int ret;
1743 
1744 	clear_opal_cmd(dev);
1745 	set_comid(dev, dev->comid);
1746 
1747 	if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1748 				lkul->session.opal_key.lr) < 0)
1749 		return -ERANGE;
1750 
1751 	switch (lkul->l_state) {
1752 	case OPAL_RO:
1753 		read_locked = 0;
1754 		write_locked = 1;
1755 		break;
1756 	case OPAL_RW:
1757 		read_locked = 0;
1758 		write_locked = 0;
1759 		break;
1760 	case OPAL_LK:
1761 		/* vars are initalized to locked */
1762 		break;
1763 	default:
1764 		pr_debug("Tried to set an invalid locking state.\n");
1765 		return OPAL_INVAL_PARAM;
1766 	}
1767 	ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
1768 					read_locked, write_locked);
1769 
1770 	if (ret < 0) {
1771 		pr_debug("Error building SET command.\n");
1772 		return ret;
1773 	}
1774 	return finalize_and_send(dev, parse_and_check_status);
1775 }
1776 
1777 static int activate_lsp(struct opal_dev *dev, void *data)
1778 {
1779 	struct opal_lr_act *opal_act = data;
1780 	u8 user_lr[OPAL_UID_LENGTH];
1781 	u8 uint_3 = 0x83;
1782 	int err = 0, i;
1783 
1784 	clear_opal_cmd(dev);
1785 	set_comid(dev, dev->comid);
1786 
1787 	add_token_u8(&err, dev, OPAL_CALL);
1788 	add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1789 			     OPAL_UID_LENGTH);
1790 	add_token_bytestring(&err, dev, opalmethod[OPAL_ACTIVATE],
1791 			     OPAL_UID_LENGTH);
1792 
1793 
1794 	if (opal_act->sum) {
1795 		err = build_locking_range(user_lr, sizeof(user_lr),
1796 					  opal_act->lr[0]);
1797 		if (err)
1798 			return err;
1799 
1800 		add_token_u8(&err, dev, OPAL_STARTLIST);
1801 		add_token_u8(&err, dev, OPAL_STARTNAME);
1802 		add_token_u8(&err, dev, uint_3);
1803 		add_token_u8(&err, dev, 6);
1804 		add_token_u8(&err, dev, 0);
1805 		add_token_u8(&err, dev, 0);
1806 
1807 		add_token_u8(&err, dev, OPAL_STARTLIST);
1808 		add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1809 		for (i = 1; i < opal_act->num_lrs; i++) {
1810 			user_lr[7] = opal_act->lr[i];
1811 			add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1812 		}
1813 		add_token_u8(&err, dev, OPAL_ENDLIST);
1814 		add_token_u8(&err, dev, OPAL_ENDNAME);
1815 		add_token_u8(&err, dev, OPAL_ENDLIST);
1816 
1817 	} else {
1818 		add_token_u8(&err, dev, OPAL_STARTLIST);
1819 		add_token_u8(&err, dev, OPAL_ENDLIST);
1820 	}
1821 
1822 	if (err) {
1823 		pr_debug("Error building Activate LockingSP command.\n");
1824 		return err;
1825 	}
1826 
1827 	return finalize_and_send(dev, parse_and_check_status);
1828 }
1829 
1830 static int get_lsp_lifecycle_cont(struct opal_dev *dev)
1831 {
1832 	u8 lc_status;
1833 	int error = 0;
1834 
1835 	error = parse_and_check_status(dev);
1836 	if (error)
1837 		return error;
1838 
1839 	lc_status = response_get_u64(&dev->parsed, 4);
1840 	/* 0x08 is Manufacured Inactive */
1841 	/* 0x09 is Manufactured */
1842 	if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
1843 		pr_debug("Couldn't determine the status of the Lifecycle state\n");
1844 		return -ENODEV;
1845 	}
1846 
1847 	return 0;
1848 }
1849 
1850 /* Determine if we're in the Manufactured Inactive or Active state */
1851 static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
1852 {
1853 	int err = 0;
1854 
1855 	clear_opal_cmd(dev);
1856 	set_comid(dev, dev->comid);
1857 
1858 	add_token_u8(&err, dev, OPAL_CALL);
1859 	add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1860 			     OPAL_UID_LENGTH);
1861 	add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH);
1862 
1863 	add_token_u8(&err, dev, OPAL_STARTLIST);
1864 	add_token_u8(&err, dev, OPAL_STARTLIST);
1865 
1866 	add_token_u8(&err, dev, OPAL_STARTNAME);
1867 	add_token_u8(&err, dev, 3); /* Start Column */
1868 	add_token_u8(&err, dev, 6); /* Lifecycle Column */
1869 	add_token_u8(&err, dev, OPAL_ENDNAME);
1870 
1871 	add_token_u8(&err, dev, OPAL_STARTNAME);
1872 	add_token_u8(&err, dev, 4); /* End Column */
1873 	add_token_u8(&err, dev, 6); /* Lifecycle Column */
1874 	add_token_u8(&err, dev, OPAL_ENDNAME);
1875 
1876 	add_token_u8(&err, dev, OPAL_ENDLIST);
1877 	add_token_u8(&err, dev, OPAL_ENDLIST);
1878 
1879 	if (err) {
1880 		pr_debug("Error Building GET Lifecycle Status command\n");
1881 		return err;
1882 	}
1883 
1884 	return finalize_and_send(dev, get_lsp_lifecycle_cont);
1885 }
1886 
1887 static int get_msid_cpin_pin_cont(struct opal_dev *dev)
1888 {
1889 	const char *msid_pin;
1890 	size_t strlen;
1891 	int error = 0;
1892 
1893 	error = parse_and_check_status(dev);
1894 	if (error)
1895 		return error;
1896 
1897 	strlen = response_get_string(&dev->parsed, 4, &msid_pin);
1898 	if (!msid_pin) {
1899 		pr_debug("%s: Couldn't extract PIN from response\n", __func__);
1900 		return OPAL_INVAL_PARAM;
1901 	}
1902 
1903 	dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
1904 	if (!dev->prev_data)
1905 		return -ENOMEM;
1906 
1907 	dev->prev_d_len = strlen;
1908 
1909 	return 0;
1910 }
1911 
1912 static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
1913 {
1914 	int err = 0;
1915 
1916 	clear_opal_cmd(dev);
1917 	set_comid(dev, dev->comid);
1918 
1919 	add_token_u8(&err, dev, OPAL_CALL);
1920 	add_token_bytestring(&err, dev, opaluid[OPAL_C_PIN_MSID],
1921 			     OPAL_UID_LENGTH);
1922 	add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH);
1923 
1924 	add_token_u8(&err, dev, OPAL_STARTLIST);
1925 	add_token_u8(&err, dev, OPAL_STARTLIST);
1926 
1927 	add_token_u8(&err, dev, OPAL_STARTNAME);
1928 	add_token_u8(&err, dev, 3); /* Start Column */
1929 	add_token_u8(&err, dev, 3); /* PIN */
1930 	add_token_u8(&err, dev, OPAL_ENDNAME);
1931 
1932 	add_token_u8(&err, dev, OPAL_STARTNAME);
1933 	add_token_u8(&err, dev, 4); /* End Column */
1934 	add_token_u8(&err, dev, 3); /* Lifecycle Column */
1935 	add_token_u8(&err, dev, OPAL_ENDNAME);
1936 
1937 	add_token_u8(&err, dev, OPAL_ENDLIST);
1938 	add_token_u8(&err, dev, OPAL_ENDLIST);
1939 
1940 	if (err) {
1941 		pr_debug("Error building Get MSID CPIN PIN command.\n");
1942 		return err;
1943 	}
1944 
1945 	return finalize_and_send(dev, get_msid_cpin_pin_cont);
1946 }
1947 
1948 static int end_opal_session(struct opal_dev *dev, void *data)
1949 {
1950 	int err = 0;
1951 
1952 	clear_opal_cmd(dev);
1953 	set_comid(dev, dev->comid);
1954 	add_token_u8(&err, dev, OPAL_ENDOFSESSION);
1955 
1956 	if (err < 0)
1957 		return err;
1958 	return finalize_and_send(dev, end_session_cont);
1959 }
1960 
1961 static int end_opal_session_error(struct opal_dev *dev)
1962 {
1963 	const struct opal_step error_end_session[] = {
1964 		{ end_opal_session, },
1965 		{ NULL, }
1966 	};
1967 	dev->steps = error_end_session;
1968 	return next(dev);
1969 }
1970 
1971 static inline void setup_opal_dev(struct opal_dev *dev,
1972 				  const struct opal_step *steps)
1973 {
1974 	dev->steps = steps;
1975 	dev->tsn = 0;
1976 	dev->hsn = 0;
1977 	dev->prev_data = NULL;
1978 }
1979 
1980 static int check_opal_support(struct opal_dev *dev)
1981 {
1982 	const struct opal_step steps[] = {
1983 		{ opal_discovery0, },
1984 		{ NULL, }
1985 	};
1986 	int ret;
1987 
1988 	mutex_lock(&dev->dev_lock);
1989 	setup_opal_dev(dev, steps);
1990 	ret = next(dev);
1991 	dev->supported = !ret;
1992 	mutex_unlock(&dev->dev_lock);
1993 	return ret;
1994 }
1995 
1996 static void clean_opal_dev(struct opal_dev *dev)
1997 {
1998 
1999 	struct opal_suspend_data *suspend, *next;
2000 
2001 	mutex_lock(&dev->dev_lock);
2002 	list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
2003 		list_del(&suspend->node);
2004 		kfree(suspend);
2005 	}
2006 	mutex_unlock(&dev->dev_lock);
2007 }
2008 
2009 void free_opal_dev(struct opal_dev *dev)
2010 {
2011 	if (!dev)
2012 		return;
2013 	clean_opal_dev(dev);
2014 	kfree(dev);
2015 }
2016 EXPORT_SYMBOL(free_opal_dev);
2017 
2018 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2019 {
2020 	struct opal_dev *dev;
2021 
2022 	dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2023 	if (!dev)
2024 		return NULL;
2025 
2026 	INIT_LIST_HEAD(&dev->unlk_lst);
2027 	mutex_init(&dev->dev_lock);
2028 	dev->data = data;
2029 	dev->send_recv = send_recv;
2030 	if (check_opal_support(dev) != 0) {
2031 		pr_debug("Opal is not supported on this device\n");
2032 		kfree(dev);
2033 		return NULL;
2034 	}
2035 	return dev;
2036 }
2037 EXPORT_SYMBOL(init_opal_dev);
2038 
2039 static int opal_secure_erase_locking_range(struct opal_dev *dev,
2040 					   struct opal_session_info *opal_session)
2041 {
2042 	const struct opal_step erase_steps[] = {
2043 		{ opal_discovery0, },
2044 		{ start_auth_opal_session, opal_session },
2045 		{ get_active_key, &opal_session->opal_key.lr },
2046 		{ gen_key, },
2047 		{ end_opal_session, },
2048 		{ NULL, }
2049 	};
2050 	int ret;
2051 
2052 	mutex_lock(&dev->dev_lock);
2053 	setup_opal_dev(dev, erase_steps);
2054 	ret = next(dev);
2055 	mutex_unlock(&dev->dev_lock);
2056 	return ret;
2057 }
2058 
2059 static int opal_erase_locking_range(struct opal_dev *dev,
2060 				    struct opal_session_info *opal_session)
2061 {
2062 	const struct opal_step erase_steps[] = {
2063 		{ opal_discovery0, },
2064 		{ start_auth_opal_session, opal_session },
2065 		{ erase_locking_range, opal_session },
2066 		{ end_opal_session, },
2067 		{ NULL, }
2068 	};
2069 	int ret;
2070 
2071 	mutex_lock(&dev->dev_lock);
2072 	setup_opal_dev(dev, erase_steps);
2073 	ret = next(dev);
2074 	mutex_unlock(&dev->dev_lock);
2075 	return ret;
2076 }
2077 
2078 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2079 					  struct opal_mbr_data *opal_mbr)
2080 {
2081 	const struct opal_step mbr_steps[] = {
2082 		{ opal_discovery0, },
2083 		{ start_admin1LSP_opal_session, &opal_mbr->key },
2084 		{ set_mbr_done, &opal_mbr->enable_disable },
2085 		{ end_opal_session, },
2086 		{ start_admin1LSP_opal_session, &opal_mbr->key },
2087 		{ set_mbr_enable_disable, &opal_mbr->enable_disable },
2088 		{ end_opal_session, },
2089 		{ NULL, }
2090 	};
2091 	int ret;
2092 
2093 	if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2094 	    opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2095 		return -EINVAL;
2096 
2097 	mutex_lock(&dev->dev_lock);
2098 	setup_opal_dev(dev, mbr_steps);
2099 	ret = next(dev);
2100 	mutex_unlock(&dev->dev_lock);
2101 	return ret;
2102 }
2103 
2104 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2105 {
2106 	struct opal_suspend_data *suspend;
2107 
2108 	suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2109 	if (!suspend)
2110 		return -ENOMEM;
2111 
2112 	suspend->unlk = *lk_unlk;
2113 	suspend->lr = lk_unlk->session.opal_key.lr;
2114 
2115 	mutex_lock(&dev->dev_lock);
2116 	setup_opal_dev(dev, NULL);
2117 	add_suspend_info(dev, suspend);
2118 	mutex_unlock(&dev->dev_lock);
2119 	return 0;
2120 }
2121 
2122 static int opal_add_user_to_lr(struct opal_dev *dev,
2123 			       struct opal_lock_unlock *lk_unlk)
2124 {
2125 	const struct opal_step steps[] = {
2126 		{ opal_discovery0, },
2127 		{ start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2128 		{ add_user_to_lr, lk_unlk },
2129 		{ end_opal_session, },
2130 		{ NULL, }
2131 	};
2132 	int ret;
2133 
2134 	if (lk_unlk->l_state != OPAL_RO &&
2135 	    lk_unlk->l_state != OPAL_RW) {
2136 		pr_debug("Locking state was not RO or RW\n");
2137 		return -EINVAL;
2138 	}
2139 	if (lk_unlk->session.who < OPAL_USER1 ||
2140 	    lk_unlk->session.who > OPAL_USER9) {
2141 		pr_debug("Authority was not within the range of users: %d\n",
2142 			 lk_unlk->session.who);
2143 		return -EINVAL;
2144 	}
2145 	if (lk_unlk->session.sum) {
2146 		pr_debug("%s not supported in sum. Use setup locking range\n",
2147 			 __func__);
2148 		return -EINVAL;
2149 	}
2150 
2151 	mutex_lock(&dev->dev_lock);
2152 	setup_opal_dev(dev, steps);
2153 	ret = next(dev);
2154 	mutex_unlock(&dev->dev_lock);
2155 	return ret;
2156 }
2157 
2158 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal)
2159 {
2160 	const struct opal_step revert_steps[] = {
2161 		{ opal_discovery0, },
2162 		{ start_SIDASP_opal_session, opal },
2163 		{ revert_tper, }, /* controller will terminate session */
2164 		{ NULL, }
2165 	};
2166 	int ret;
2167 
2168 	mutex_lock(&dev->dev_lock);
2169 	setup_opal_dev(dev, revert_steps);
2170 	ret = next(dev);
2171 	mutex_unlock(&dev->dev_lock);
2172 
2173 	/*
2174 	 * If we successfully reverted lets clean
2175 	 * any saved locking ranges.
2176 	 */
2177 	if (!ret)
2178 		clean_opal_dev(dev);
2179 
2180 	return ret;
2181 }
2182 
2183 static int __opal_lock_unlock(struct opal_dev *dev,
2184 			      struct opal_lock_unlock *lk_unlk)
2185 {
2186 	const struct opal_step unlock_steps[] = {
2187 		{ opal_discovery0, },
2188 		{ start_auth_opal_session, &lk_unlk->session },
2189 		{ lock_unlock_locking_range, lk_unlk },
2190 		{ end_opal_session, },
2191 		{ NULL, }
2192 	};
2193 	const struct opal_step unlock_sum_steps[] = {
2194 		{ opal_discovery0, },
2195 		{ start_auth_opal_session, &lk_unlk->session },
2196 		{ lock_unlock_locking_range_sum, lk_unlk },
2197 		{ end_opal_session, },
2198 		{ NULL, }
2199 	};
2200 
2201 	dev->steps = lk_unlk->session.sum ? unlock_sum_steps : unlock_steps;
2202 	return next(dev);
2203 }
2204 
2205 static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2206 {
2207 	u8 mbr_done_tf = 1;
2208 	const struct opal_step mbrdone_step [] = {
2209 		{ opal_discovery0, },
2210 		{ start_admin1LSP_opal_session, key },
2211 		{ set_mbr_done, &mbr_done_tf },
2212 		{ end_opal_session, },
2213 		{ NULL, }
2214 	};
2215 
2216 	dev->steps = mbrdone_step;
2217 	return next(dev);
2218 }
2219 
2220 static int opal_lock_unlock(struct opal_dev *dev,
2221 			    struct opal_lock_unlock *lk_unlk)
2222 {
2223 	int ret;
2224 
2225 	if (lk_unlk->session.who < OPAL_ADMIN1 ||
2226 	    lk_unlk->session.who > OPAL_USER9)
2227 		return -EINVAL;
2228 
2229 	mutex_lock(&dev->dev_lock);
2230 	ret = __opal_lock_unlock(dev, lk_unlk);
2231 	mutex_unlock(&dev->dev_lock);
2232 	return ret;
2233 }
2234 
2235 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2236 {
2237 	const struct opal_step owner_steps[] = {
2238 		{ opal_discovery0, },
2239 		{ start_anybodyASP_opal_session, },
2240 		{ get_msid_cpin_pin, },
2241 		{ end_opal_session, },
2242 		{ start_SIDASP_opal_session, opal },
2243 		{ set_sid_cpin_pin, opal },
2244 		{ end_opal_session, },
2245 		{ NULL, }
2246 	};
2247 	int ret;
2248 
2249 	if (!dev)
2250 		return -ENODEV;
2251 
2252 	mutex_lock(&dev->dev_lock);
2253 	setup_opal_dev(dev, owner_steps);
2254 	ret = next(dev);
2255 	mutex_unlock(&dev->dev_lock);
2256 	return ret;
2257 }
2258 
2259 static int opal_activate_lsp(struct opal_dev *dev, struct opal_lr_act *opal_lr_act)
2260 {
2261 	const struct opal_step active_steps[] = {
2262 		{ opal_discovery0, },
2263 		{ start_SIDASP_opal_session, &opal_lr_act->key },
2264 		{ get_lsp_lifecycle, },
2265 		{ activate_lsp, opal_lr_act },
2266 		{ end_opal_session, },
2267 		{ NULL, }
2268 	};
2269 	int ret;
2270 
2271 	if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2272 		return -EINVAL;
2273 
2274 	mutex_lock(&dev->dev_lock);
2275 	setup_opal_dev(dev, active_steps);
2276 	ret = next(dev);
2277 	mutex_unlock(&dev->dev_lock);
2278 	return ret;
2279 }
2280 
2281 static int opal_setup_locking_range(struct opal_dev *dev,
2282 				    struct opal_user_lr_setup *opal_lrs)
2283 {
2284 	const struct opal_step lr_steps[] = {
2285 		{ opal_discovery0, },
2286 		{ start_auth_opal_session, &opal_lrs->session },
2287 		{ setup_locking_range, opal_lrs },
2288 		{ end_opal_session, },
2289 		{ NULL, }
2290 	};
2291 	int ret;
2292 
2293 	mutex_lock(&dev->dev_lock);
2294 	setup_opal_dev(dev, lr_steps);
2295 	ret = next(dev);
2296 	mutex_unlock(&dev->dev_lock);
2297 	return ret;
2298 }
2299 
2300 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
2301 {
2302 	const struct opal_step pw_steps[] = {
2303 		{ opal_discovery0, },
2304 		{ start_auth_opal_session, &opal_pw->session },
2305 		{ set_new_pw, &opal_pw->new_user_pw },
2306 		{ end_opal_session, },
2307 		{ NULL }
2308 	};
2309 	int ret;
2310 
2311 	if (opal_pw->session.who < OPAL_ADMIN1 ||
2312 	    opal_pw->session.who > OPAL_USER9  ||
2313 	    opal_pw->new_user_pw.who < OPAL_ADMIN1 ||
2314 	    opal_pw->new_user_pw.who > OPAL_USER9)
2315 		return -EINVAL;
2316 
2317 	mutex_lock(&dev->dev_lock);
2318 	setup_opal_dev(dev, pw_steps);
2319 	ret = next(dev);
2320 	mutex_unlock(&dev->dev_lock);
2321 	return ret;
2322 }
2323 
2324 static int opal_activate_user(struct opal_dev *dev,
2325 			      struct opal_session_info *opal_session)
2326 {
2327 	const struct opal_step act_steps[] = {
2328 		{ opal_discovery0, },
2329 		{ start_admin1LSP_opal_session, &opal_session->opal_key },
2330 		{ internal_activate_user, opal_session },
2331 		{ end_opal_session, },
2332 		{ NULL, }
2333 	};
2334 	int ret;
2335 
2336 	/* We can't activate Admin1 it's active as manufactured */
2337 	if (opal_session->who < OPAL_USER1 ||
2338 	    opal_session->who > OPAL_USER9) {
2339 		pr_debug("Who was not a valid user: %d\n", opal_session->who);
2340 		return -EINVAL;
2341 	}
2342 
2343 	mutex_lock(&dev->dev_lock);
2344 	setup_opal_dev(dev, act_steps);
2345 	ret = next(dev);
2346 	mutex_unlock(&dev->dev_lock);
2347 	return ret;
2348 }
2349 
2350 bool opal_unlock_from_suspend(struct opal_dev *dev)
2351 {
2352 	struct opal_suspend_data *suspend;
2353 	bool was_failure = false;
2354 	int ret = 0;
2355 
2356 	if (!dev)
2357 		return false;
2358 	if (!dev->supported)
2359 		return false;
2360 
2361 	mutex_lock(&dev->dev_lock);
2362 	setup_opal_dev(dev, NULL);
2363 
2364 	list_for_each_entry(suspend, &dev->unlk_lst, node) {
2365 		dev->tsn = 0;
2366 		dev->hsn = 0;
2367 
2368 		ret = __opal_lock_unlock(dev, &suspend->unlk);
2369 		if (ret) {
2370 			pr_debug("Failed to unlock LR %hhu with sum %d\n",
2371 				 suspend->unlk.session.opal_key.lr,
2372 				 suspend->unlk.session.sum);
2373 			was_failure = true;
2374 		}
2375 		if (dev->mbr_enabled) {
2376 			ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
2377 			if (ret)
2378 				pr_debug("Failed to set MBR Done in S3 resume\n");
2379 		}
2380 	}
2381 	mutex_unlock(&dev->dev_lock);
2382 	return was_failure;
2383 }
2384 EXPORT_SYMBOL(opal_unlock_from_suspend);
2385 
2386 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
2387 {
2388 	void *p;
2389 	int ret = -ENOTTY;
2390 
2391 	if (!capable(CAP_SYS_ADMIN))
2392 		return -EACCES;
2393 	if (!dev)
2394 		return -ENOTSUPP;
2395 	if (!dev->supported)
2396 		return -ENOTSUPP;
2397 
2398 	p = memdup_user(arg, _IOC_SIZE(cmd));
2399 	if (IS_ERR(p))
2400 		return PTR_ERR(p);
2401 
2402 	switch (cmd) {
2403 	case IOC_OPAL_SAVE:
2404 		ret = opal_save(dev, p);
2405 		break;
2406 	case IOC_OPAL_LOCK_UNLOCK:
2407 		ret = opal_lock_unlock(dev, p);
2408 		break;
2409 	case IOC_OPAL_TAKE_OWNERSHIP:
2410 		ret = opal_take_ownership(dev, p);
2411 		break;
2412 	case IOC_OPAL_ACTIVATE_LSP:
2413 		ret = opal_activate_lsp(dev, p);
2414 		break;
2415 	case IOC_OPAL_SET_PW:
2416 		ret = opal_set_new_pw(dev, p);
2417 		break;
2418 	case IOC_OPAL_ACTIVATE_USR:
2419 		ret = opal_activate_user(dev, p);
2420 		break;
2421 	case IOC_OPAL_REVERT_TPR:
2422 		ret = opal_reverttper(dev, p);
2423 		break;
2424 	case IOC_OPAL_LR_SETUP:
2425 		ret = opal_setup_locking_range(dev, p);
2426 		break;
2427 	case IOC_OPAL_ADD_USR_TO_LR:
2428 		ret = opal_add_user_to_lr(dev, p);
2429 		break;
2430 	case IOC_OPAL_ENABLE_DISABLE_MBR:
2431 		ret = opal_enable_disable_shadow_mbr(dev, p);
2432 		break;
2433 	case IOC_OPAL_ERASE_LR:
2434 		ret = opal_erase_locking_range(dev, p);
2435 		break;
2436 	case IOC_OPAL_SECURE_ERASE_LR:
2437 		ret = opal_secure_erase_locking_range(dev, p);
2438 		break;
2439 	default:
2440 		break;
2441 	}
2442 
2443 	kfree(p);
2444 	return ret;
2445 }
2446 EXPORT_SYMBOL_GPL(sed_ioctl);
2447