xref: /openbmc/linux/block/sed-opal.c (revision c496daeb863093a046e0bb8db7265bf45d91775a)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright © 2016 Intel Corporation
4  *
5  * Authors:
6  *    Scott  Bauer      <scott.bauer@intel.com>
7  *    Rafael Antognolli <rafael.antognolli@intel.com>
8  */
9 
10 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
11 
12 #include <linux/delay.h>
13 #include <linux/device.h>
14 #include <linux/kernel.h>
15 #include <linux/list.h>
16 #include <linux/blkdev.h>
17 #include <linux/slab.h>
18 #include <linux/uaccess.h>
19 #include <uapi/linux/sed-opal.h>
20 #include <linux/sed-opal.h>
21 #include <linux/string.h>
22 #include <linux/kdev_t.h>
23 
24 #include "opal_proto.h"
25 
26 #define IO_BUFFER_LENGTH 2048
27 #define MAX_TOKS 64
28 
29 /* Number of bytes needed by cmd_finalize. */
30 #define CMD_FINALIZE_BYTES_NEEDED 7
31 
32 struct opal_step {
33 	int (*fn)(struct opal_dev *dev, void *data);
34 	void *data;
35 };
36 typedef int (cont_fn)(struct opal_dev *dev);
37 
38 enum opal_atom_width {
39 	OPAL_WIDTH_TINY,
40 	OPAL_WIDTH_SHORT,
41 	OPAL_WIDTH_MEDIUM,
42 	OPAL_WIDTH_LONG,
43 	OPAL_WIDTH_TOKEN
44 };
45 
46 /*
47  * On the parsed response, we don't store again the toks that are already
48  * stored in the response buffer. Instead, for each token, we just store a
49  * pointer to the position in the buffer where the token starts, and the size
50  * of the token in bytes.
51  */
52 struct opal_resp_tok {
53 	const u8 *pos;
54 	size_t len;
55 	enum opal_response_token type;
56 	enum opal_atom_width width;
57 	union {
58 		u64 u;
59 		s64 s;
60 	} stored;
61 };
62 
63 /*
64  * From the response header it's not possible to know how many tokens there are
65  * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
66  * if we start dealing with messages that have more than that, we can increase
67  * this number. This is done to avoid having to make two passes through the
68  * response, the first one counting how many tokens we have and the second one
69  * actually storing the positions.
70  */
71 struct parsed_resp {
72 	int num;
73 	struct opal_resp_tok toks[MAX_TOKS];
74 };
75 
76 struct opal_dev {
77 	u32 flags;
78 
79 	void *data;
80 	sec_send_recv *send_recv;
81 
82 	struct mutex dev_lock;
83 	u16 comid;
84 	u32 hsn;
85 	u32 tsn;
86 	u64 align; /* alignment granularity */
87 	u64 lowest_lba;
88 	u32 logical_block_size;
89 	u8  align_required; /* ALIGN: 0 or 1 */
90 
91 	size_t pos;
92 	u8 *cmd;
93 	u8 *resp;
94 
95 	struct parsed_resp parsed;
96 	size_t prev_d_len;
97 	void *prev_data;
98 
99 	struct list_head unlk_lst;
100 };
101 
102 
103 static const u8 opaluid[][OPAL_UID_LENGTH] = {
104 	/* users */
105 	[OPAL_SMUID_UID] =
106 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
107 	[OPAL_THISSP_UID] =
108 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
109 	[OPAL_ADMINSP_UID] =
110 		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
111 	[OPAL_LOCKINGSP_UID] =
112 		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
113 	[OPAL_ENTERPRISE_LOCKINGSP_UID] =
114 		{ 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
115 	[OPAL_ANYBODY_UID] =
116 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
117 	[OPAL_SID_UID] =
118 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
119 	[OPAL_ADMIN1_UID] =
120 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
121 	[OPAL_USER1_UID] =
122 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
123 	[OPAL_USER2_UID] =
124 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
125 	[OPAL_PSID_UID] =
126 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
127 	[OPAL_ENTERPRISE_BANDMASTER0_UID] =
128 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
129 	[OPAL_ENTERPRISE_ERASEMASTER_UID] =
130 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
131 
132 	/* tables */
133 	[OPAL_TABLE_TABLE] =
134 		{ 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01 },
135 	[OPAL_LOCKINGRANGE_GLOBAL] =
136 		{ 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
137 	[OPAL_LOCKINGRANGE_ACE_START_TO_KEY] =
138 		{ 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xD0, 0x01 },
139 	[OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
140 		{ 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
141 	[OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
142 		{ 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
143 	[OPAL_MBRCONTROL] =
144 		{ 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
145 	[OPAL_MBR] =
146 		{ 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
147 	[OPAL_AUTHORITY_TABLE] =
148 		{ 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
149 	[OPAL_C_PIN_TABLE] =
150 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
151 	[OPAL_LOCKING_INFO_TABLE] =
152 		{ 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
153 	[OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
154 		{ 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
155 	[OPAL_DATASTORE] =
156 		{ 0x00, 0x00, 0x10, 0x01, 0x00, 0x00, 0x00, 0x00 },
157 
158 	/* C_PIN_TABLE object ID's */
159 	[OPAL_C_PIN_MSID] =
160 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
161 	[OPAL_C_PIN_SID] =
162 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
163 	[OPAL_C_PIN_ADMIN1] =
164 		{ 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
165 
166 	/* half UID's (only first 4 bytes used) */
167 	[OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
168 		{ 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
169 	[OPAL_HALF_UID_BOOLEAN_ACE] =
170 		{ 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
171 
172 	/* special value for omitted optional parameter */
173 	[OPAL_UID_HEXFF] =
174 		{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
175 };
176 
177 /*
178  * TCG Storage SSC Methods.
179  * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
180  * Section: 6.3 Assigned UIDs
181  */
182 static const u8 opalmethod[][OPAL_METHOD_LENGTH] = {
183 	[OPAL_PROPERTIES] =
184 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
185 	[OPAL_STARTSESSION] =
186 		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
187 	[OPAL_REVERT] =
188 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
189 	[OPAL_ACTIVATE] =
190 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
191 	[OPAL_EGET] =
192 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
193 	[OPAL_ESET] =
194 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
195 	[OPAL_NEXT] =
196 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
197 	[OPAL_EAUTHENTICATE] =
198 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
199 	[OPAL_GETACL] =
200 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
201 	[OPAL_GENKEY] =
202 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
203 	[OPAL_REVERTSP] =
204 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
205 	[OPAL_GET] =
206 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
207 	[OPAL_SET] =
208 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
209 	[OPAL_AUTHENTICATE] =
210 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
211 	[OPAL_RANDOM] =
212 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
213 	[OPAL_ERASE] =
214 		{ 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
215 };
216 
217 static int end_opal_session_error(struct opal_dev *dev);
218 static int opal_discovery0_step(struct opal_dev *dev);
219 
220 struct opal_suspend_data {
221 	struct opal_lock_unlock unlk;
222 	u8 lr;
223 	struct list_head node;
224 };
225 
226 /*
227  * Derived from:
228  * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
229  * Section: 5.1.5 Method Status Codes
230  */
231 static const char * const opal_errors[] = {
232 	"Success",
233 	"Not Authorized",
234 	"Unknown Error",
235 	"SP Busy",
236 	"SP Failed",
237 	"SP Disabled",
238 	"SP Frozen",
239 	"No Sessions Available",
240 	"Uniqueness Conflict",
241 	"Insufficient Space",
242 	"Insufficient Rows",
243 	"Invalid Function",
244 	"Invalid Parameter",
245 	"Invalid Reference",
246 	"Unknown Error",
247 	"TPER Malfunction",
248 	"Transaction Failure",
249 	"Response Overflow",
250 	"Authority Locked Out",
251 };
252 
253 static const char *opal_error_to_human(int error)
254 {
255 	if (error == 0x3f)
256 		return "Failed";
257 
258 	if (error >= ARRAY_SIZE(opal_errors) || error < 0)
259 		return "Unknown Error";
260 
261 	return opal_errors[error];
262 }
263 
264 static void print_buffer(const u8 *ptr, u32 length)
265 {
266 #ifdef DEBUG
267 	print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
268 	pr_debug("\n");
269 #endif
270 }
271 
272 static bool check_tper(const void *data)
273 {
274 	const struct d0_tper_features *tper = data;
275 	u8 flags = tper->supported_features;
276 
277 	if (!(flags & TPER_SYNC_SUPPORTED)) {
278 		pr_debug("TPer sync not supported. flags = %d\n",
279 			 tper->supported_features);
280 		return false;
281 	}
282 
283 	return true;
284 }
285 
286 static bool check_lcksuppt(const void *data)
287 {
288 	const struct d0_locking_features *lfeat = data;
289 	u8 sup_feat = lfeat->supported_features;
290 
291 	return !!(sup_feat & LOCKING_SUPPORTED_MASK);
292 }
293 
294 static bool check_lckenabled(const void *data)
295 {
296 	const struct d0_locking_features *lfeat = data;
297 	u8 sup_feat = lfeat->supported_features;
298 
299 	return !!(sup_feat & LOCKING_ENABLED_MASK);
300 }
301 
302 static bool check_locked(const void *data)
303 {
304 	const struct d0_locking_features *lfeat = data;
305 	u8 sup_feat = lfeat->supported_features;
306 
307 	return !!(sup_feat & LOCKED_MASK);
308 }
309 
310 static bool check_mbrenabled(const void *data)
311 {
312 	const struct d0_locking_features *lfeat = data;
313 	u8 sup_feat = lfeat->supported_features;
314 
315 	return !!(sup_feat & MBR_ENABLED_MASK);
316 }
317 
318 static bool check_mbrdone(const void *data)
319 {
320 	const struct d0_locking_features *lfeat = data;
321 	u8 sup_feat = lfeat->supported_features;
322 
323 	return !!(sup_feat & MBR_DONE_MASK);
324 }
325 
326 static bool check_sum(const void *data)
327 {
328 	const struct d0_single_user_mode *sum = data;
329 	u32 nlo = be32_to_cpu(sum->num_locking_objects);
330 
331 	if (nlo == 0) {
332 		pr_debug("Need at least one locking object.\n");
333 		return false;
334 	}
335 
336 	pr_debug("Number of locking objects: %d\n", nlo);
337 
338 	return true;
339 }
340 
341 static u16 get_comid_v100(const void *data)
342 {
343 	const struct d0_opal_v100 *v100 = data;
344 
345 	return be16_to_cpu(v100->baseComID);
346 }
347 
348 static u16 get_comid_v200(const void *data)
349 {
350 	const struct d0_opal_v200 *v200 = data;
351 
352 	return be16_to_cpu(v200->baseComID);
353 }
354 
355 static int opal_send_cmd(struct opal_dev *dev)
356 {
357 	return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
358 			      dev->cmd, IO_BUFFER_LENGTH,
359 			      true);
360 }
361 
362 static int opal_recv_cmd(struct opal_dev *dev)
363 {
364 	return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
365 			      dev->resp, IO_BUFFER_LENGTH,
366 			      false);
367 }
368 
369 static int opal_recv_check(struct opal_dev *dev)
370 {
371 	size_t buflen = IO_BUFFER_LENGTH;
372 	void *buffer = dev->resp;
373 	struct opal_header *hdr = buffer;
374 	int ret;
375 
376 	do {
377 		pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
378 			 hdr->cp.outstandingData,
379 			 hdr->cp.minTransfer);
380 
381 		if (hdr->cp.outstandingData == 0 ||
382 		    hdr->cp.minTransfer != 0)
383 			return 0;
384 
385 		memset(buffer, 0, buflen);
386 		ret = opal_recv_cmd(dev);
387 	} while (!ret);
388 
389 	return ret;
390 }
391 
392 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
393 {
394 	int ret;
395 
396 	ret = opal_send_cmd(dev);
397 	if (ret)
398 		return ret;
399 	ret = opal_recv_cmd(dev);
400 	if (ret)
401 		return ret;
402 	ret = opal_recv_check(dev);
403 	if (ret)
404 		return ret;
405 	return cont(dev);
406 }
407 
408 static void check_geometry(struct opal_dev *dev, const void *data)
409 {
410 	const struct d0_geometry_features *geo = data;
411 
412 	dev->align = be64_to_cpu(geo->alignment_granularity);
413 	dev->lowest_lba = be64_to_cpu(geo->lowest_aligned_lba);
414 	dev->logical_block_size = be32_to_cpu(geo->logical_block_size);
415 	dev->align_required = geo->reserved01 & 1;
416 }
417 
418 static int execute_step(struct opal_dev *dev,
419 			const struct opal_step *step, size_t stepIndex)
420 {
421 	int error = step->fn(dev, step->data);
422 
423 	if (error) {
424 		pr_debug("Step %zu (%pS) failed with error %d: %s\n",
425 			 stepIndex, step->fn, error,
426 			 opal_error_to_human(error));
427 	}
428 
429 	return error;
430 }
431 
432 static int execute_steps(struct opal_dev *dev,
433 			 const struct opal_step *steps, size_t n_steps)
434 {
435 	size_t state = 0;
436 	int error;
437 
438 	/* first do a discovery0 */
439 	error = opal_discovery0_step(dev);
440 	if (error)
441 		return error;
442 
443 	for (state = 0; state < n_steps; state++) {
444 		error = execute_step(dev, &steps[state], state);
445 		if (error)
446 			goto out_error;
447 	}
448 
449 	return 0;
450 
451 out_error:
452 	/*
453 	 * For each OPAL command the first step in steps starts some sort of
454 	 * session. If an error occurred in the initial discovery0 or if an
455 	 * error occurred in the first step (and thus stopping the loop with
456 	 * state == 0) then there was an error before or during the attempt to
457 	 * start a session. Therefore we shouldn't attempt to terminate a
458 	 * session, as one has not yet been created.
459 	 */
460 	if (state > 0)
461 		end_opal_session_error(dev);
462 
463 	return error;
464 }
465 
466 static int opal_discovery0_end(struct opal_dev *dev)
467 {
468 	bool found_com_id = false, supported = true, single_user = false;
469 	const struct d0_header *hdr = (struct d0_header *)dev->resp;
470 	const u8 *epos = dev->resp, *cpos = dev->resp;
471 	u16 comid = 0;
472 	u32 hlen = be32_to_cpu(hdr->length);
473 
474 	print_buffer(dev->resp, hlen);
475 	dev->flags &= OPAL_FL_SUPPORTED;
476 
477 	if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
478 		pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
479 			 sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
480 		return -EFAULT;
481 	}
482 
483 	epos += hlen; /* end of buffer */
484 	cpos += sizeof(*hdr); /* current position on buffer */
485 
486 	while (cpos < epos && supported) {
487 		const struct d0_features *body =
488 			(const struct d0_features *)cpos;
489 
490 		switch (be16_to_cpu(body->code)) {
491 		case FC_TPER:
492 			supported = check_tper(body->features);
493 			break;
494 		case FC_SINGLEUSER:
495 			single_user = check_sum(body->features);
496 			if (single_user)
497 				dev->flags |= OPAL_FL_SUM_SUPPORTED;
498 			break;
499 		case FC_GEOMETRY:
500 			check_geometry(dev, body);
501 			break;
502 		case FC_LOCKING:
503 			if (check_lcksuppt(body->features))
504 				dev->flags |= OPAL_FL_LOCKING_SUPPORTED;
505 			if (check_lckenabled(body->features))
506 				dev->flags |= OPAL_FL_LOCKING_ENABLED;
507 			if (check_locked(body->features))
508 				dev->flags |= OPAL_FL_LOCKED;
509 			if (check_mbrenabled(body->features))
510 				dev->flags |= OPAL_FL_MBR_ENABLED;
511 			if (check_mbrdone(body->features))
512 				dev->flags |= OPAL_FL_MBR_DONE;
513 			break;
514 		case FC_ENTERPRISE:
515 		case FC_DATASTORE:
516 			/* some ignored properties */
517 			pr_debug("Found OPAL feature description: %d\n",
518 				 be16_to_cpu(body->code));
519 			break;
520 		case FC_OPALV100:
521 			comid = get_comid_v100(body->features);
522 			found_com_id = true;
523 			break;
524 		case FC_OPALV200:
525 			comid = get_comid_v200(body->features);
526 			found_com_id = true;
527 			break;
528 		case 0xbfff ... 0xffff:
529 			/* vendor specific, just ignore */
530 			break;
531 		default:
532 			pr_debug("OPAL Unknown feature: %d\n",
533 				 be16_to_cpu(body->code));
534 
535 		}
536 		cpos += body->length + 4;
537 	}
538 
539 	if (!supported) {
540 		pr_debug("This device is not Opal enabled. Not Supported!\n");
541 		return -EOPNOTSUPP;
542 	}
543 
544 	if (!single_user)
545 		pr_debug("Device doesn't support single user mode\n");
546 
547 
548 	if (!found_com_id) {
549 		pr_debug("Could not find OPAL comid for device. Returning early\n");
550 		return -EOPNOTSUPP;
551 	}
552 
553 	dev->comid = comid;
554 
555 	return 0;
556 }
557 
558 static int opal_discovery0(struct opal_dev *dev, void *data)
559 {
560 	int ret;
561 
562 	memset(dev->resp, 0, IO_BUFFER_LENGTH);
563 	dev->comid = OPAL_DISCOVERY_COMID;
564 	ret = opal_recv_cmd(dev);
565 	if (ret)
566 		return ret;
567 
568 	return opal_discovery0_end(dev);
569 }
570 
571 static int opal_discovery0_step(struct opal_dev *dev)
572 {
573 	const struct opal_step discovery0_step = {
574 		opal_discovery0,
575 	};
576 
577 	return execute_step(dev, &discovery0_step, 0);
578 }
579 
580 static size_t remaining_size(struct opal_dev *cmd)
581 {
582 	return IO_BUFFER_LENGTH - cmd->pos;
583 }
584 
585 static bool can_add(int *err, struct opal_dev *cmd, size_t len)
586 {
587 	if (*err)
588 		return false;
589 
590 	if (remaining_size(cmd) < len) {
591 		pr_debug("Error adding %zu bytes: end of buffer.\n", len);
592 		*err = -ERANGE;
593 		return false;
594 	}
595 
596 	return true;
597 }
598 
599 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
600 {
601 	if (!can_add(err, cmd, 1))
602 		return;
603 
604 	cmd->cmd[cmd->pos++] = tok;
605 }
606 
607 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
608 				  bool has_sign, int len)
609 {
610 	u8 atom;
611 	int err = 0;
612 
613 	atom = SHORT_ATOM_ID;
614 	atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
615 	atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
616 	atom |= len & SHORT_ATOM_LEN_MASK;
617 
618 	add_token_u8(&err, cmd, atom);
619 }
620 
621 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
622 				   bool has_sign, int len)
623 {
624 	u8 header0;
625 
626 	header0 = MEDIUM_ATOM_ID;
627 	header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
628 	header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
629 	header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
630 
631 	cmd->cmd[cmd->pos++] = header0;
632 	cmd->cmd[cmd->pos++] = len;
633 }
634 
635 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
636 {
637 	size_t len;
638 	int msb;
639 
640 	if (!(number & ~TINY_ATOM_DATA_MASK)) {
641 		add_token_u8(err, cmd, number);
642 		return;
643 	}
644 
645 	msb = fls64(number);
646 	len = DIV_ROUND_UP(msb, 8);
647 
648 	if (!can_add(err, cmd, len + 1)) {
649 		pr_debug("Error adding u64: end of buffer.\n");
650 		return;
651 	}
652 	add_short_atom_header(cmd, false, false, len);
653 	while (len--)
654 		add_token_u8(err, cmd, number >> (len * 8));
655 }
656 
657 static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len)
658 {
659 	size_t header_len = 1;
660 	bool is_short_atom = true;
661 
662 	if (len & ~SHORT_ATOM_LEN_MASK) {
663 		header_len = 2;
664 		is_short_atom = false;
665 	}
666 
667 	if (!can_add(err, cmd, header_len + len)) {
668 		pr_debug("Error adding bytestring: end of buffer.\n");
669 		return NULL;
670 	}
671 
672 	if (is_short_atom)
673 		add_short_atom_header(cmd, true, false, len);
674 	else
675 		add_medium_atom_header(cmd, true, false, len);
676 
677 	return &cmd->cmd[cmd->pos];
678 }
679 
680 static void add_token_bytestring(int *err, struct opal_dev *cmd,
681 				 const u8 *bytestring, size_t len)
682 {
683 	u8 *start;
684 
685 	start = add_bytestring_header(err, cmd, len);
686 	if (!start)
687 		return;
688 	memcpy(start, bytestring, len);
689 	cmd->pos += len;
690 }
691 
692 static int build_locking_range(u8 *buffer, size_t length, u8 lr)
693 {
694 	if (length > OPAL_UID_LENGTH) {
695 		pr_debug("Can't build locking range. Length OOB\n");
696 		return -ERANGE;
697 	}
698 
699 	memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
700 
701 	if (lr == 0)
702 		return 0;
703 
704 	buffer[5] = LOCKING_RANGE_NON_GLOBAL;
705 	buffer[7] = lr;
706 
707 	return 0;
708 }
709 
710 static int build_locking_user(u8 *buffer, size_t length, u8 lr)
711 {
712 	if (length > OPAL_UID_LENGTH) {
713 		pr_debug("Can't build locking range user. Length OOB\n");
714 		return -ERANGE;
715 	}
716 
717 	memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
718 
719 	buffer[7] = lr + 1;
720 
721 	return 0;
722 }
723 
724 static void set_comid(struct opal_dev *cmd, u16 comid)
725 {
726 	struct opal_header *hdr = (struct opal_header *)cmd->cmd;
727 
728 	hdr->cp.extendedComID[0] = comid >> 8;
729 	hdr->cp.extendedComID[1] = comid;
730 	hdr->cp.extendedComID[2] = 0;
731 	hdr->cp.extendedComID[3] = 0;
732 }
733 
734 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
735 {
736 	struct opal_header *hdr;
737 	int err = 0;
738 
739 	/*
740 	 * Close the parameter list opened from cmd_start.
741 	 * The number of bytes added must be equal to
742 	 * CMD_FINALIZE_BYTES_NEEDED.
743 	 */
744 	add_token_u8(&err, cmd, OPAL_ENDLIST);
745 
746 	add_token_u8(&err, cmd, OPAL_ENDOFDATA);
747 	add_token_u8(&err, cmd, OPAL_STARTLIST);
748 	add_token_u8(&err, cmd, 0);
749 	add_token_u8(&err, cmd, 0);
750 	add_token_u8(&err, cmd, 0);
751 	add_token_u8(&err, cmd, OPAL_ENDLIST);
752 
753 	if (err) {
754 		pr_debug("Error finalizing command.\n");
755 		return -EFAULT;
756 	}
757 
758 	hdr = (struct opal_header *) cmd->cmd;
759 
760 	hdr->pkt.tsn = cpu_to_be32(tsn);
761 	hdr->pkt.hsn = cpu_to_be32(hsn);
762 
763 	hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
764 	while (cmd->pos % 4) {
765 		if (cmd->pos >= IO_BUFFER_LENGTH) {
766 			pr_debug("Error: Buffer overrun\n");
767 			return -ERANGE;
768 		}
769 		cmd->cmd[cmd->pos++] = 0;
770 	}
771 	hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
772 				      sizeof(hdr->pkt));
773 	hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
774 
775 	return 0;
776 }
777 
778 static const struct opal_resp_tok *response_get_token(
779 				const struct parsed_resp *resp,
780 				int n)
781 {
782 	const struct opal_resp_tok *tok;
783 
784 	if (!resp) {
785 		pr_debug("Response is NULL\n");
786 		return ERR_PTR(-EINVAL);
787 	}
788 
789 	if (n >= resp->num) {
790 		pr_debug("Token number doesn't exist: %d, resp: %d\n",
791 			 n, resp->num);
792 		return ERR_PTR(-EINVAL);
793 	}
794 
795 	tok = &resp->toks[n];
796 	if (tok->len == 0) {
797 		pr_debug("Token length must be non-zero\n");
798 		return ERR_PTR(-EINVAL);
799 	}
800 
801 	return tok;
802 }
803 
804 static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
805 				   const u8 *pos)
806 {
807 	tok->pos = pos;
808 	tok->len = 1;
809 	tok->width = OPAL_WIDTH_TINY;
810 
811 	if (pos[0] & TINY_ATOM_SIGNED) {
812 		tok->type = OPAL_DTA_TOKENID_SINT;
813 	} else {
814 		tok->type = OPAL_DTA_TOKENID_UINT;
815 		tok->stored.u = pos[0] & 0x3f;
816 	}
817 
818 	return tok->len;
819 }
820 
821 static ssize_t response_parse_short(struct opal_resp_tok *tok,
822 				    const u8 *pos)
823 {
824 	tok->pos = pos;
825 	tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
826 	tok->width = OPAL_WIDTH_SHORT;
827 
828 	if (pos[0] & SHORT_ATOM_BYTESTRING) {
829 		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
830 	} else if (pos[0] & SHORT_ATOM_SIGNED) {
831 		tok->type = OPAL_DTA_TOKENID_SINT;
832 	} else {
833 		u64 u_integer = 0;
834 		ssize_t i, b = 0;
835 
836 		tok->type = OPAL_DTA_TOKENID_UINT;
837 		if (tok->len > 9) {
838 			pr_debug("uint64 with more than 8 bytes\n");
839 			return -EINVAL;
840 		}
841 		for (i = tok->len - 1; i > 0; i--) {
842 			u_integer |= ((u64)pos[i] << (8 * b));
843 			b++;
844 		}
845 		tok->stored.u = u_integer;
846 	}
847 
848 	return tok->len;
849 }
850 
851 static ssize_t response_parse_medium(struct opal_resp_tok *tok,
852 				     const u8 *pos)
853 {
854 	tok->pos = pos;
855 	tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
856 	tok->width = OPAL_WIDTH_MEDIUM;
857 
858 	if (pos[0] & MEDIUM_ATOM_BYTESTRING)
859 		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
860 	else if (pos[0] & MEDIUM_ATOM_SIGNED)
861 		tok->type = OPAL_DTA_TOKENID_SINT;
862 	else
863 		tok->type = OPAL_DTA_TOKENID_UINT;
864 
865 	return tok->len;
866 }
867 
868 static ssize_t response_parse_long(struct opal_resp_tok *tok,
869 				   const u8 *pos)
870 {
871 	tok->pos = pos;
872 	tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
873 	tok->width = OPAL_WIDTH_LONG;
874 
875 	if (pos[0] & LONG_ATOM_BYTESTRING)
876 		tok->type = OPAL_DTA_TOKENID_BYTESTRING;
877 	else if (pos[0] & LONG_ATOM_SIGNED)
878 		tok->type = OPAL_DTA_TOKENID_SINT;
879 	else
880 		tok->type = OPAL_DTA_TOKENID_UINT;
881 
882 	return tok->len;
883 }
884 
885 static ssize_t response_parse_token(struct opal_resp_tok *tok,
886 				    const u8 *pos)
887 {
888 	tok->pos = pos;
889 	tok->len = 1;
890 	tok->type = OPAL_DTA_TOKENID_TOKEN;
891 	tok->width = OPAL_WIDTH_TOKEN;
892 
893 	return tok->len;
894 }
895 
896 static int response_parse(const u8 *buf, size_t length,
897 			  struct parsed_resp *resp)
898 {
899 	const struct opal_header *hdr;
900 	struct opal_resp_tok *iter;
901 	int num_entries = 0;
902 	int total;
903 	ssize_t token_length;
904 	const u8 *pos;
905 	u32 clen, plen, slen;
906 
907 	if (!buf)
908 		return -EFAULT;
909 
910 	if (!resp)
911 		return -EFAULT;
912 
913 	hdr = (struct opal_header *)buf;
914 	pos = buf;
915 	pos += sizeof(*hdr);
916 
917 	clen = be32_to_cpu(hdr->cp.length);
918 	plen = be32_to_cpu(hdr->pkt.length);
919 	slen = be32_to_cpu(hdr->subpkt.length);
920 	pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
921 		 clen, plen, slen);
922 
923 	if (clen == 0 || plen == 0 || slen == 0 ||
924 	    slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
925 		pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
926 			 clen, plen, slen);
927 		print_buffer(pos, sizeof(*hdr));
928 		return -EINVAL;
929 	}
930 
931 	if (pos > buf + length)
932 		return -EFAULT;
933 
934 	iter = resp->toks;
935 	total = slen;
936 	print_buffer(pos, total);
937 	while (total > 0) {
938 		if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
939 			token_length = response_parse_tiny(iter, pos);
940 		else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
941 			token_length = response_parse_short(iter, pos);
942 		else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
943 			token_length = response_parse_medium(iter, pos);
944 		else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
945 			token_length = response_parse_long(iter, pos);
946 		else /* TOKEN */
947 			token_length = response_parse_token(iter, pos);
948 
949 		if (token_length < 0)
950 			return token_length;
951 
952 		pos += token_length;
953 		total -= token_length;
954 		iter++;
955 		num_entries++;
956 	}
957 
958 	resp->num = num_entries;
959 
960 	return 0;
961 }
962 
963 static size_t response_get_string(const struct parsed_resp *resp, int n,
964 				  const char **store)
965 {
966 	u8 skip;
967 	const struct opal_resp_tok *tok;
968 
969 	*store = NULL;
970 	tok = response_get_token(resp, n);
971 	if (IS_ERR(tok))
972 		return 0;
973 
974 	if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) {
975 		pr_debug("Token is not a byte string!\n");
976 		return 0;
977 	}
978 
979 	switch (tok->width) {
980 	case OPAL_WIDTH_TINY:
981 	case OPAL_WIDTH_SHORT:
982 		skip = 1;
983 		break;
984 	case OPAL_WIDTH_MEDIUM:
985 		skip = 2;
986 		break;
987 	case OPAL_WIDTH_LONG:
988 		skip = 4;
989 		break;
990 	default:
991 		pr_debug("Token has invalid width!\n");
992 		return 0;
993 	}
994 
995 	*store = tok->pos + skip;
996 
997 	return tok->len - skip;
998 }
999 
1000 static u64 response_get_u64(const struct parsed_resp *resp, int n)
1001 {
1002 	const struct opal_resp_tok *tok;
1003 
1004 	tok = response_get_token(resp, n);
1005 	if (IS_ERR(tok))
1006 		return 0;
1007 
1008 	if (tok->type != OPAL_DTA_TOKENID_UINT) {
1009 		pr_debug("Token is not unsigned int: %d\n", tok->type);
1010 		return 0;
1011 	}
1012 
1013 	if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) {
1014 		pr_debug("Atom is not short or tiny: %d\n", tok->width);
1015 		return 0;
1016 	}
1017 
1018 	return tok->stored.u;
1019 }
1020 
1021 static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
1022 {
1023 	if (IS_ERR(token) ||
1024 	    token->type != OPAL_DTA_TOKENID_TOKEN ||
1025 	    token->pos[0] != match)
1026 		return false;
1027 	return true;
1028 }
1029 
1030 static u8 response_status(const struct parsed_resp *resp)
1031 {
1032 	const struct opal_resp_tok *tok;
1033 
1034 	tok = response_get_token(resp, 0);
1035 	if (response_token_matches(tok, OPAL_ENDOFSESSION))
1036 		return 0;
1037 
1038 	if (resp->num < 5)
1039 		return DTAERROR_NO_METHOD_STATUS;
1040 
1041 	tok = response_get_token(resp, resp->num - 5);
1042 	if (!response_token_matches(tok, OPAL_STARTLIST))
1043 		return DTAERROR_NO_METHOD_STATUS;
1044 
1045 	tok = response_get_token(resp, resp->num - 1);
1046 	if (!response_token_matches(tok, OPAL_ENDLIST))
1047 		return DTAERROR_NO_METHOD_STATUS;
1048 
1049 	return response_get_u64(resp, resp->num - 4);
1050 }
1051 
1052 /* Parses and checks for errors */
1053 static int parse_and_check_status(struct opal_dev *dev)
1054 {
1055 	int error;
1056 
1057 	print_buffer(dev->cmd, dev->pos);
1058 
1059 	error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
1060 	if (error) {
1061 		pr_debug("Couldn't parse response.\n");
1062 		return error;
1063 	}
1064 
1065 	return response_status(&dev->parsed);
1066 }
1067 
1068 static void clear_opal_cmd(struct opal_dev *dev)
1069 {
1070 	dev->pos = sizeof(struct opal_header);
1071 	memset(dev->cmd, 0, IO_BUFFER_LENGTH);
1072 }
1073 
1074 static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method)
1075 {
1076 	int err = 0;
1077 
1078 	clear_opal_cmd(dev);
1079 	set_comid(dev, dev->comid);
1080 
1081 	add_token_u8(&err, dev, OPAL_CALL);
1082 	add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1083 	add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH);
1084 
1085 	/*
1086 	 * Every method call is followed by its parameters enclosed within
1087 	 * OPAL_STARTLIST and OPAL_ENDLIST tokens. We automatically open the
1088 	 * parameter list here and close it later in cmd_finalize.
1089 	 */
1090 	add_token_u8(&err, dev, OPAL_STARTLIST);
1091 
1092 	return err;
1093 }
1094 
1095 static int start_opal_session_cont(struct opal_dev *dev)
1096 {
1097 	u32 hsn, tsn;
1098 	int error = 0;
1099 
1100 	error = parse_and_check_status(dev);
1101 	if (error)
1102 		return error;
1103 
1104 	hsn = response_get_u64(&dev->parsed, 4);
1105 	tsn = response_get_u64(&dev->parsed, 5);
1106 
1107 	if (hsn != GENERIC_HOST_SESSION_NUM || tsn < FIRST_TPER_SESSION_NUM) {
1108 		pr_debug("Couldn't authenticate session\n");
1109 		return -EPERM;
1110 	}
1111 
1112 	dev->hsn = hsn;
1113 	dev->tsn = tsn;
1114 
1115 	return 0;
1116 }
1117 
1118 static void add_suspend_info(struct opal_dev *dev,
1119 			     struct opal_suspend_data *sus)
1120 {
1121 	struct opal_suspend_data *iter;
1122 
1123 	list_for_each_entry(iter, &dev->unlk_lst, node) {
1124 		if (iter->lr == sus->lr) {
1125 			list_del(&iter->node);
1126 			kfree(iter);
1127 			break;
1128 		}
1129 	}
1130 	list_add_tail(&sus->node, &dev->unlk_lst);
1131 }
1132 
1133 static int end_session_cont(struct opal_dev *dev)
1134 {
1135 	dev->hsn = 0;
1136 	dev->tsn = 0;
1137 
1138 	return parse_and_check_status(dev);
1139 }
1140 
1141 static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1142 {
1143 	int ret;
1144 
1145 	ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1146 	if (ret) {
1147 		pr_debug("Error finalizing command buffer: %d\n", ret);
1148 		return ret;
1149 	}
1150 
1151 	print_buffer(dev->cmd, dev->pos);
1152 
1153 	return opal_send_recv(dev, cont);
1154 }
1155 
1156 static int generic_get_columns(struct opal_dev *dev, const u8 *table,
1157 			       u64 start_column, u64 end_column)
1158 {
1159 	int err;
1160 
1161 	err = cmd_start(dev, table, opalmethod[OPAL_GET]);
1162 
1163 	add_token_u8(&err, dev, OPAL_STARTLIST);
1164 
1165 	add_token_u8(&err, dev, OPAL_STARTNAME);
1166 	add_token_u8(&err, dev, OPAL_STARTCOLUMN);
1167 	add_token_u64(&err, dev, start_column);
1168 	add_token_u8(&err, dev, OPAL_ENDNAME);
1169 
1170 	add_token_u8(&err, dev, OPAL_STARTNAME);
1171 	add_token_u8(&err, dev, OPAL_ENDCOLUMN);
1172 	add_token_u64(&err, dev, end_column);
1173 	add_token_u8(&err, dev, OPAL_ENDNAME);
1174 
1175 	add_token_u8(&err, dev, OPAL_ENDLIST);
1176 
1177 	if (err)
1178 		return err;
1179 
1180 	return finalize_and_send(dev, parse_and_check_status);
1181 }
1182 
1183 /*
1184  * request @column from table @table on device @dev. On success, the column
1185  * data will be available in dev->resp->tok[4]
1186  */
1187 static int generic_get_column(struct opal_dev *dev, const u8 *table,
1188 			      u64 column)
1189 {
1190 	return generic_get_columns(dev, table, column, column);
1191 }
1192 
1193 /*
1194  * see TCG SAS 5.3.2.3 for a description of the available columns
1195  *
1196  * the result is provided in dev->resp->tok[4]
1197  */
1198 static int generic_get_table_info(struct opal_dev *dev, const u8 *table_uid,
1199 				  u64 column)
1200 {
1201 	u8 uid[OPAL_UID_LENGTH];
1202 	const unsigned int half = OPAL_UID_LENGTH_HALF;
1203 
1204 	/* sed-opal UIDs can be split in two halves:
1205 	 *  first:  actual table index
1206 	 *  second: relative index in the table
1207 	 * so we have to get the first half of the OPAL_TABLE_TABLE and use the
1208 	 * first part of the target table as relative index into that table
1209 	 */
1210 	memcpy(uid, opaluid[OPAL_TABLE_TABLE], half);
1211 	memcpy(uid + half, table_uid, half);
1212 
1213 	return generic_get_column(dev, uid, column);
1214 }
1215 
1216 static int gen_key(struct opal_dev *dev, void *data)
1217 {
1218 	u8 uid[OPAL_UID_LENGTH];
1219 	int err;
1220 
1221 	memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1222 	kfree(dev->prev_data);
1223 	dev->prev_data = NULL;
1224 
1225 	err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]);
1226 
1227 	if (err) {
1228 		pr_debug("Error building gen key command\n");
1229 		return err;
1230 
1231 	}
1232 
1233 	return finalize_and_send(dev, parse_and_check_status);
1234 }
1235 
1236 static int get_active_key_cont(struct opal_dev *dev)
1237 {
1238 	const char *activekey;
1239 	size_t keylen;
1240 	int error = 0;
1241 
1242 	error = parse_and_check_status(dev);
1243 	if (error)
1244 		return error;
1245 
1246 	keylen = response_get_string(&dev->parsed, 4, &activekey);
1247 	if (!activekey) {
1248 		pr_debug("%s: Couldn't extract the Activekey from the response\n",
1249 			 __func__);
1250 		return OPAL_INVAL_PARAM;
1251 	}
1252 
1253 	dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1254 
1255 	if (!dev->prev_data)
1256 		return -ENOMEM;
1257 
1258 	dev->prev_d_len = keylen;
1259 
1260 	return 0;
1261 }
1262 
1263 static int get_active_key(struct opal_dev *dev, void *data)
1264 {
1265 	u8 uid[OPAL_UID_LENGTH];
1266 	int err;
1267 	u8 *lr = data;
1268 
1269 	err = build_locking_range(uid, sizeof(uid), *lr);
1270 	if (err)
1271 		return err;
1272 
1273 	err = generic_get_column(dev, uid, OPAL_ACTIVEKEY);
1274 	if (err)
1275 		return err;
1276 
1277 	return get_active_key_cont(dev);
1278 }
1279 
1280 static int generic_table_write_data(struct opal_dev *dev, const u64 data,
1281 				    u64 offset, u64 size, const u8 *uid)
1282 {
1283 	const u8 __user *src = (u8 __user *)(uintptr_t)data;
1284 	u8 *dst;
1285 	u64 len;
1286 	size_t off = 0;
1287 	int err;
1288 
1289 	/* do we fit in the available space? */
1290 	err = generic_get_table_info(dev, uid, OPAL_TABLE_ROWS);
1291 	if (err) {
1292 		pr_debug("Couldn't get the table size\n");
1293 		return err;
1294 	}
1295 
1296 	len = response_get_u64(&dev->parsed, 4);
1297 	if (size > len || offset > len - size) {
1298 		pr_debug("Does not fit in the table (%llu vs. %llu)\n",
1299 			  offset + size, len);
1300 		return -ENOSPC;
1301 	}
1302 
1303 	/* do the actual transmission(s) */
1304 	while (off < size) {
1305 		err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1306 		add_token_u8(&err, dev, OPAL_STARTNAME);
1307 		add_token_u8(&err, dev, OPAL_WHERE);
1308 		add_token_u64(&err, dev, offset + off);
1309 		add_token_u8(&err, dev, OPAL_ENDNAME);
1310 
1311 		add_token_u8(&err, dev, OPAL_STARTNAME);
1312 		add_token_u8(&err, dev, OPAL_VALUES);
1313 
1314 		/*
1315 		 * The bytestring header is either 1 or 2 bytes, so assume 2.
1316 		 * There also needs to be enough space to accommodate the
1317 		 * trailing OPAL_ENDNAME (1 byte) and tokens added by
1318 		 * cmd_finalize.
1319 		 */
1320 		len = min(remaining_size(dev) - (2+1+CMD_FINALIZE_BYTES_NEEDED),
1321 			  (size_t)(size - off));
1322 		pr_debug("Write bytes %zu+%llu/%llu\n", off, len, size);
1323 
1324 		dst = add_bytestring_header(&err, dev, len);
1325 		if (!dst)
1326 			break;
1327 
1328 		if (copy_from_user(dst, src + off, len)) {
1329 			err = -EFAULT;
1330 			break;
1331 		}
1332 
1333 		dev->pos += len;
1334 
1335 		add_token_u8(&err, dev, OPAL_ENDNAME);
1336 		if (err)
1337 			break;
1338 
1339 		err = finalize_and_send(dev, parse_and_check_status);
1340 		if (err)
1341 			break;
1342 
1343 		off += len;
1344 	}
1345 
1346 	return err;
1347 }
1348 
1349 static int generic_lr_enable_disable(struct opal_dev *dev,
1350 				     u8 *uid, bool rle, bool wle,
1351 				     bool rl, bool wl)
1352 {
1353 	int err;
1354 
1355 	err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1356 
1357 	add_token_u8(&err, dev, OPAL_STARTNAME);
1358 	add_token_u8(&err, dev, OPAL_VALUES);
1359 	add_token_u8(&err, dev, OPAL_STARTLIST);
1360 
1361 	add_token_u8(&err, dev, OPAL_STARTNAME);
1362 	add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1363 	add_token_u8(&err, dev, rle);
1364 	add_token_u8(&err, dev, OPAL_ENDNAME);
1365 
1366 	add_token_u8(&err, dev, OPAL_STARTNAME);
1367 	add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1368 	add_token_u8(&err, dev, wle);
1369 	add_token_u8(&err, dev, OPAL_ENDNAME);
1370 
1371 	add_token_u8(&err, dev, OPAL_STARTNAME);
1372 	add_token_u8(&err, dev, OPAL_READLOCKED);
1373 	add_token_u8(&err, dev, rl);
1374 	add_token_u8(&err, dev, OPAL_ENDNAME);
1375 
1376 	add_token_u8(&err, dev, OPAL_STARTNAME);
1377 	add_token_u8(&err, dev, OPAL_WRITELOCKED);
1378 	add_token_u8(&err, dev, wl);
1379 	add_token_u8(&err, dev, OPAL_ENDNAME);
1380 
1381 	add_token_u8(&err, dev, OPAL_ENDLIST);
1382 	add_token_u8(&err, dev, OPAL_ENDNAME);
1383 
1384 	return err;
1385 }
1386 
1387 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1388 				   struct opal_user_lr_setup *setup)
1389 {
1390 	int err;
1391 
1392 	err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1393 					0, 0);
1394 	if (err)
1395 		pr_debug("Failed to create enable global lr command\n");
1396 
1397 	return err;
1398 }
1399 
1400 static int setup_locking_range(struct opal_dev *dev, void *data)
1401 {
1402 	u8 uid[OPAL_UID_LENGTH];
1403 	struct opal_user_lr_setup *setup = data;
1404 	u8 lr;
1405 	int err;
1406 
1407 	lr = setup->session.opal_key.lr;
1408 	err = build_locking_range(uid, sizeof(uid), lr);
1409 	if (err)
1410 		return err;
1411 
1412 	if (lr == 0)
1413 		err = enable_global_lr(dev, uid, setup);
1414 	else {
1415 		err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1416 
1417 		add_token_u8(&err, dev, OPAL_STARTNAME);
1418 		add_token_u8(&err, dev, OPAL_VALUES);
1419 		add_token_u8(&err, dev, OPAL_STARTLIST);
1420 
1421 		add_token_u8(&err, dev, OPAL_STARTNAME);
1422 		add_token_u8(&err, dev, OPAL_RANGESTART);
1423 		add_token_u64(&err, dev, setup->range_start);
1424 		add_token_u8(&err, dev, OPAL_ENDNAME);
1425 
1426 		add_token_u8(&err, dev, OPAL_STARTNAME);
1427 		add_token_u8(&err, dev, OPAL_RANGELENGTH);
1428 		add_token_u64(&err, dev, setup->range_length);
1429 		add_token_u8(&err, dev, OPAL_ENDNAME);
1430 
1431 		add_token_u8(&err, dev, OPAL_STARTNAME);
1432 		add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1433 		add_token_u64(&err, dev, !!setup->RLE);
1434 		add_token_u8(&err, dev, OPAL_ENDNAME);
1435 
1436 		add_token_u8(&err, dev, OPAL_STARTNAME);
1437 		add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1438 		add_token_u64(&err, dev, !!setup->WLE);
1439 		add_token_u8(&err, dev, OPAL_ENDNAME);
1440 
1441 		add_token_u8(&err, dev, OPAL_ENDLIST);
1442 		add_token_u8(&err, dev, OPAL_ENDNAME);
1443 	}
1444 	if (err) {
1445 		pr_debug("Error building Setup Locking range command.\n");
1446 		return err;
1447 	}
1448 
1449 	return finalize_and_send(dev, parse_and_check_status);
1450 }
1451 
1452 static int response_get_column(const struct parsed_resp *resp,
1453 			       int *iter,
1454 			       u8 column,
1455 			       u64 *value)
1456 {
1457 	const struct opal_resp_tok *tok;
1458 	int n = *iter;
1459 	u64 val;
1460 
1461 	tok = response_get_token(resp, n);
1462 	if (IS_ERR(tok))
1463 		return PTR_ERR(tok);
1464 
1465 	if (!response_token_matches(tok, OPAL_STARTNAME)) {
1466 		pr_debug("Unexpected response token type %d.\n", n);
1467 		return OPAL_INVAL_PARAM;
1468 	}
1469 	n++;
1470 
1471 	if (response_get_u64(resp, n) != column) {
1472 		pr_debug("Token %d does not match expected column %u.\n",
1473 			 n, column);
1474 		return OPAL_INVAL_PARAM;
1475 	}
1476 	n++;
1477 
1478 	val = response_get_u64(resp, n);
1479 	n++;
1480 
1481 	tok = response_get_token(resp, n);
1482 	if (IS_ERR(tok))
1483 		return PTR_ERR(tok);
1484 
1485 	if (!response_token_matches(tok, OPAL_ENDNAME)) {
1486 		pr_debug("Unexpected response token type %d.\n", n);
1487 		return OPAL_INVAL_PARAM;
1488 	}
1489 	n++;
1490 
1491 	*value = val;
1492 	*iter = n;
1493 
1494 	return 0;
1495 }
1496 
1497 static int locking_range_status(struct opal_dev *dev, void *data)
1498 {
1499 	u8 lr_buffer[OPAL_UID_LENGTH];
1500 	u64 resp;
1501 	bool rlocked, wlocked;
1502 	int err, tok_n = 2;
1503 	struct opal_lr_status *lrst = data;
1504 
1505 	err = build_locking_range(lr_buffer, sizeof(lr_buffer),
1506 				  lrst->session.opal_key.lr);
1507 	if (err)
1508 		return err;
1509 
1510 	err = generic_get_columns(dev, lr_buffer, OPAL_RANGESTART,
1511 				  OPAL_WRITELOCKED);
1512 	if (err) {
1513 		pr_debug("Couldn't get lr %u table columns %d to %d.\n",
1514 			 lrst->session.opal_key.lr, OPAL_RANGESTART,
1515 			 OPAL_WRITELOCKED);
1516 		return err;
1517 	}
1518 
1519 	/* range start */
1520 	err = response_get_column(&dev->parsed, &tok_n, OPAL_RANGESTART,
1521 				  &lrst->range_start);
1522 	if (err)
1523 		return err;
1524 
1525 	/* range length */
1526 	err = response_get_column(&dev->parsed, &tok_n, OPAL_RANGELENGTH,
1527 				  &lrst->range_length);
1528 	if (err)
1529 		return err;
1530 
1531 	/* RLE */
1532 	err = response_get_column(&dev->parsed, &tok_n, OPAL_READLOCKENABLED,
1533 				  &resp);
1534 	if (err)
1535 		return err;
1536 
1537 	lrst->RLE = !!resp;
1538 
1539 	/* WLE */
1540 	err = response_get_column(&dev->parsed, &tok_n, OPAL_WRITELOCKENABLED,
1541 				  &resp);
1542 	if (err)
1543 		return err;
1544 
1545 	lrst->WLE = !!resp;
1546 
1547 	/* read locked */
1548 	err = response_get_column(&dev->parsed, &tok_n, OPAL_READLOCKED, &resp);
1549 	if (err)
1550 		return err;
1551 
1552 	rlocked = !!resp;
1553 
1554 	/* write locked */
1555 	err = response_get_column(&dev->parsed, &tok_n, OPAL_WRITELOCKED, &resp);
1556 	if (err)
1557 		return err;
1558 
1559 	wlocked = !!resp;
1560 
1561 	/* opal_lock_state can not map 'read locked' only state. */
1562 	lrst->l_state = OPAL_RW;
1563 	if (rlocked && wlocked)
1564 		lrst->l_state = OPAL_LK;
1565 	else if (wlocked)
1566 		lrst->l_state = OPAL_RO;
1567 	else if (rlocked) {
1568 		pr_debug("Can not report read locked only state.\n");
1569 		return -EINVAL;
1570 	}
1571 
1572 	return 0;
1573 }
1574 
1575 static int start_generic_opal_session(struct opal_dev *dev,
1576 				      enum opal_uid auth,
1577 				      enum opal_uid sp_type,
1578 				      const char *key,
1579 				      u8 key_len)
1580 {
1581 	u32 hsn;
1582 	int err;
1583 
1584 	if (key == NULL && auth != OPAL_ANYBODY_UID)
1585 		return OPAL_INVAL_PARAM;
1586 
1587 	hsn = GENERIC_HOST_SESSION_NUM;
1588 	err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1589 			opalmethod[OPAL_STARTSESSION]);
1590 
1591 	add_token_u64(&err, dev, hsn);
1592 	add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1593 	add_token_u8(&err, dev, 1);
1594 
1595 	switch (auth) {
1596 	case OPAL_ANYBODY_UID:
1597 		break;
1598 	case OPAL_ADMIN1_UID:
1599 	case OPAL_SID_UID:
1600 	case OPAL_PSID_UID:
1601 		add_token_u8(&err, dev, OPAL_STARTNAME);
1602 		add_token_u8(&err, dev, 0); /* HostChallenge */
1603 		add_token_bytestring(&err, dev, key, key_len);
1604 		add_token_u8(&err, dev, OPAL_ENDNAME);
1605 		add_token_u8(&err, dev, OPAL_STARTNAME);
1606 		add_token_u8(&err, dev, 3); /* HostSignAuth */
1607 		add_token_bytestring(&err, dev, opaluid[auth],
1608 				     OPAL_UID_LENGTH);
1609 		add_token_u8(&err, dev, OPAL_ENDNAME);
1610 		break;
1611 	default:
1612 		pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1613 		return OPAL_INVAL_PARAM;
1614 	}
1615 
1616 	if (err) {
1617 		pr_debug("Error building start adminsp session command.\n");
1618 		return err;
1619 	}
1620 
1621 	return finalize_and_send(dev, start_opal_session_cont);
1622 }
1623 
1624 static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1625 {
1626 	return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1627 					  OPAL_ADMINSP_UID, NULL, 0);
1628 }
1629 
1630 static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1631 {
1632 	int ret;
1633 	const u8 *key = dev->prev_data;
1634 
1635 	if (!key) {
1636 		const struct opal_key *okey = data;
1637 
1638 		ret = start_generic_opal_session(dev, OPAL_SID_UID,
1639 						 OPAL_ADMINSP_UID,
1640 						 okey->key,
1641 						 okey->key_len);
1642 	} else {
1643 		ret = start_generic_opal_session(dev, OPAL_SID_UID,
1644 						 OPAL_ADMINSP_UID,
1645 						 key, dev->prev_d_len);
1646 		kfree(key);
1647 		dev->prev_data = NULL;
1648 	}
1649 
1650 	return ret;
1651 }
1652 
1653 static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1654 {
1655 	struct opal_key *key = data;
1656 
1657 	return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1658 					  OPAL_LOCKINGSP_UID,
1659 					  key->key, key->key_len);
1660 }
1661 
1662 static int start_PSID_opal_session(struct opal_dev *dev, void *data)
1663 {
1664 	const struct opal_key *okey = data;
1665 
1666 	return start_generic_opal_session(dev, OPAL_PSID_UID,
1667 					  OPAL_ADMINSP_UID,
1668 					  okey->key,
1669 					  okey->key_len);
1670 }
1671 
1672 static int start_auth_opal_session(struct opal_dev *dev, void *data)
1673 {
1674 	struct opal_session_info *session = data;
1675 	u8 lk_ul_user[OPAL_UID_LENGTH];
1676 	size_t keylen = session->opal_key.key_len;
1677 	int err = 0;
1678 
1679 	u8 *key = session->opal_key.key;
1680 	u32 hsn = GENERIC_HOST_SESSION_NUM;
1681 
1682 	if (session->sum)
1683 		err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1684 					 session->opal_key.lr);
1685 	else if (session->who != OPAL_ADMIN1 && !session->sum)
1686 		err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1687 					 session->who - 1);
1688 	else
1689 		memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1690 
1691 	if (err)
1692 		return err;
1693 
1694 	err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1695 			opalmethod[OPAL_STARTSESSION]);
1696 
1697 	add_token_u64(&err, dev, hsn);
1698 	add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1699 			     OPAL_UID_LENGTH);
1700 	add_token_u8(&err, dev, 1);
1701 	add_token_u8(&err, dev, OPAL_STARTNAME);
1702 	add_token_u8(&err, dev, 0);
1703 	add_token_bytestring(&err, dev, key, keylen);
1704 	add_token_u8(&err, dev, OPAL_ENDNAME);
1705 	add_token_u8(&err, dev, OPAL_STARTNAME);
1706 	add_token_u8(&err, dev, 3);
1707 	add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1708 	add_token_u8(&err, dev, OPAL_ENDNAME);
1709 
1710 	if (err) {
1711 		pr_debug("Error building STARTSESSION command.\n");
1712 		return err;
1713 	}
1714 
1715 	return finalize_and_send(dev, start_opal_session_cont);
1716 }
1717 
1718 static int revert_tper(struct opal_dev *dev, void *data)
1719 {
1720 	int err;
1721 
1722 	err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID],
1723 			opalmethod[OPAL_REVERT]);
1724 	if (err) {
1725 		pr_debug("Error building REVERT TPER command.\n");
1726 		return err;
1727 	}
1728 
1729 	return finalize_and_send(dev, parse_and_check_status);
1730 }
1731 
1732 static int internal_activate_user(struct opal_dev *dev, void *data)
1733 {
1734 	struct opal_session_info *session = data;
1735 	u8 uid[OPAL_UID_LENGTH];
1736 	int err;
1737 
1738 	memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1739 	uid[7] = session->who;
1740 
1741 	err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1742 	add_token_u8(&err, dev, OPAL_STARTNAME);
1743 	add_token_u8(&err, dev, OPAL_VALUES);
1744 	add_token_u8(&err, dev, OPAL_STARTLIST);
1745 	add_token_u8(&err, dev, OPAL_STARTNAME);
1746 	add_token_u8(&err, dev, 5); /* Enabled */
1747 	add_token_u8(&err, dev, OPAL_TRUE);
1748 	add_token_u8(&err, dev, OPAL_ENDNAME);
1749 	add_token_u8(&err, dev, OPAL_ENDLIST);
1750 	add_token_u8(&err, dev, OPAL_ENDNAME);
1751 
1752 	if (err) {
1753 		pr_debug("Error building Activate UserN command.\n");
1754 		return err;
1755 	}
1756 
1757 	return finalize_and_send(dev, parse_and_check_status);
1758 }
1759 
1760 static int erase_locking_range(struct opal_dev *dev, void *data)
1761 {
1762 	struct opal_session_info *session = data;
1763 	u8 uid[OPAL_UID_LENGTH];
1764 	int err;
1765 
1766 	if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1767 		return -ERANGE;
1768 
1769 	err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]);
1770 
1771 	if (err) {
1772 		pr_debug("Error building Erase Locking Range Command.\n");
1773 		return err;
1774 	}
1775 
1776 	return finalize_and_send(dev, parse_and_check_status);
1777 }
1778 
1779 static int set_mbr_done(struct opal_dev *dev, void *data)
1780 {
1781 	u8 *mbr_done_tf = data;
1782 	int err;
1783 
1784 	err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1785 			opalmethod[OPAL_SET]);
1786 
1787 	add_token_u8(&err, dev, OPAL_STARTNAME);
1788 	add_token_u8(&err, dev, OPAL_VALUES);
1789 	add_token_u8(&err, dev, OPAL_STARTLIST);
1790 	add_token_u8(&err, dev, OPAL_STARTNAME);
1791 	add_token_u8(&err, dev, OPAL_MBRDONE);
1792 	add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */
1793 	add_token_u8(&err, dev, OPAL_ENDNAME);
1794 	add_token_u8(&err, dev, OPAL_ENDLIST);
1795 	add_token_u8(&err, dev, OPAL_ENDNAME);
1796 
1797 	if (err) {
1798 		pr_debug("Error Building set MBR Done command\n");
1799 		return err;
1800 	}
1801 
1802 	return finalize_and_send(dev, parse_and_check_status);
1803 }
1804 
1805 static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1806 {
1807 	u8 *mbr_en_dis = data;
1808 	int err;
1809 
1810 	err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1811 			opalmethod[OPAL_SET]);
1812 
1813 	add_token_u8(&err, dev, OPAL_STARTNAME);
1814 	add_token_u8(&err, dev, OPAL_VALUES);
1815 	add_token_u8(&err, dev, OPAL_STARTLIST);
1816 	add_token_u8(&err, dev, OPAL_STARTNAME);
1817 	add_token_u8(&err, dev, OPAL_MBRENABLE);
1818 	add_token_u8(&err, dev, *mbr_en_dis);
1819 	add_token_u8(&err, dev, OPAL_ENDNAME);
1820 	add_token_u8(&err, dev, OPAL_ENDLIST);
1821 	add_token_u8(&err, dev, OPAL_ENDNAME);
1822 
1823 	if (err) {
1824 		pr_debug("Error Building set MBR done command\n");
1825 		return err;
1826 	}
1827 
1828 	return finalize_and_send(dev, parse_and_check_status);
1829 }
1830 
1831 static int write_shadow_mbr(struct opal_dev *dev, void *data)
1832 {
1833 	struct opal_shadow_mbr *shadow = data;
1834 
1835 	return generic_table_write_data(dev, shadow->data, shadow->offset,
1836 					shadow->size, opaluid[OPAL_MBR]);
1837 }
1838 
1839 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1840 			  struct opal_dev *dev)
1841 {
1842 	int err;
1843 
1844 	err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]);
1845 
1846 	add_token_u8(&err, dev, OPAL_STARTNAME);
1847 	add_token_u8(&err, dev, OPAL_VALUES);
1848 	add_token_u8(&err, dev, OPAL_STARTLIST);
1849 	add_token_u8(&err, dev, OPAL_STARTNAME);
1850 	add_token_u8(&err, dev, OPAL_PIN);
1851 	add_token_bytestring(&err, dev, key, key_len);
1852 	add_token_u8(&err, dev, OPAL_ENDNAME);
1853 	add_token_u8(&err, dev, OPAL_ENDLIST);
1854 	add_token_u8(&err, dev, OPAL_ENDNAME);
1855 
1856 	return err;
1857 }
1858 
1859 static int set_new_pw(struct opal_dev *dev, void *data)
1860 {
1861 	u8 cpin_uid[OPAL_UID_LENGTH];
1862 	struct opal_session_info *usr = data;
1863 
1864 	memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1865 
1866 	if (usr->who != OPAL_ADMIN1) {
1867 		cpin_uid[5] = 0x03;
1868 		if (usr->sum)
1869 			cpin_uid[7] = usr->opal_key.lr + 1;
1870 		else
1871 			cpin_uid[7] = usr->who;
1872 	}
1873 
1874 	if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
1875 			   cpin_uid, dev)) {
1876 		pr_debug("Error building set password command.\n");
1877 		return -ERANGE;
1878 	}
1879 
1880 	return finalize_and_send(dev, parse_and_check_status);
1881 }
1882 
1883 static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
1884 {
1885 	u8 cpin_uid[OPAL_UID_LENGTH];
1886 	struct opal_key *key = data;
1887 
1888 	memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
1889 
1890 	if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
1891 		pr_debug("Error building Set SID cpin\n");
1892 		return -ERANGE;
1893 	}
1894 	return finalize_and_send(dev, parse_and_check_status);
1895 }
1896 
1897 static void add_authority_object_ref(int *err,
1898 				     struct opal_dev *dev,
1899 				     const u8 *uid,
1900 				     size_t uid_len)
1901 {
1902 	add_token_u8(err, dev, OPAL_STARTNAME);
1903 	add_token_bytestring(err, dev,
1904 			     opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1905 			     OPAL_UID_LENGTH/2);
1906 	add_token_bytestring(err, dev, uid, uid_len);
1907 	add_token_u8(err, dev, OPAL_ENDNAME);
1908 }
1909 
1910 static void add_boolean_object_ref(int *err,
1911 				   struct opal_dev *dev,
1912 				   u8 boolean_op)
1913 {
1914 	add_token_u8(err, dev, OPAL_STARTNAME);
1915 	add_token_bytestring(err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
1916 			     OPAL_UID_LENGTH/2);
1917 	add_token_u8(err, dev, boolean_op);
1918 	add_token_u8(err, dev, OPAL_ENDNAME);
1919 }
1920 
1921 static int set_lr_boolean_ace(struct opal_dev *dev,
1922 			      unsigned int opal_uid,
1923 			      u8 lr,
1924 			      const u8 *users,
1925 			      size_t users_len)
1926 {
1927 	u8 lr_buffer[OPAL_UID_LENGTH];
1928 	u8 user_uid[OPAL_UID_LENGTH];
1929 	u8 u;
1930 	int err;
1931 
1932 	memcpy(lr_buffer, opaluid[opal_uid], OPAL_UID_LENGTH);
1933 	lr_buffer[7] = lr;
1934 
1935 	err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
1936 
1937 	add_token_u8(&err, dev, OPAL_STARTNAME);
1938 	add_token_u8(&err, dev, OPAL_VALUES);
1939 
1940 	add_token_u8(&err, dev, OPAL_STARTLIST);
1941 	add_token_u8(&err, dev, OPAL_STARTNAME);
1942 	add_token_u8(&err, dev, 3);
1943 
1944 	add_token_u8(&err, dev, OPAL_STARTLIST);
1945 
1946 	for (u = 0; u < users_len; u++) {
1947 		if (users[u] == OPAL_ADMIN1)
1948 			memcpy(user_uid, opaluid[OPAL_ADMIN1_UID],
1949 			       OPAL_UID_LENGTH);
1950 		else {
1951 			memcpy(user_uid, opaluid[OPAL_USER1_UID],
1952 			       OPAL_UID_LENGTH);
1953 			user_uid[7] = users[u];
1954 		}
1955 
1956 		add_authority_object_ref(&err, dev, user_uid, sizeof(user_uid));
1957 
1958 		/*
1959 		 * Add boolean operator in postfix only with
1960 		 * two or more authorities being added in ACE
1961 		 * expresion.
1962 		 * */
1963 		if (u > 0)
1964 			add_boolean_object_ref(&err, dev, OPAL_BOOLEAN_OR);
1965 	}
1966 
1967 	add_token_u8(&err, dev, OPAL_ENDLIST);
1968 	add_token_u8(&err, dev, OPAL_ENDNAME);
1969 	add_token_u8(&err, dev, OPAL_ENDLIST);
1970 	add_token_u8(&err, dev, OPAL_ENDNAME);
1971 
1972 	return err;
1973 }
1974 
1975 static int add_user_to_lr(struct opal_dev *dev, void *data)
1976 {
1977 	int err;
1978 	struct opal_lock_unlock *lkul = data;
1979 	const u8 users[] = {
1980 		lkul->session.who
1981 	};
1982 
1983 	err = set_lr_boolean_ace(dev,
1984 				 lkul->l_state == OPAL_RW ?
1985 					OPAL_LOCKINGRANGE_ACE_WRLOCKED :
1986 					OPAL_LOCKINGRANGE_ACE_RDLOCKED,
1987 				 lkul->session.opal_key.lr, users,
1988 				 ARRAY_SIZE(users));
1989 	if (err) {
1990 		pr_debug("Error building add user to locking range command.\n");
1991 		return err;
1992 	}
1993 
1994 	return finalize_and_send(dev, parse_and_check_status);
1995 }
1996 
1997 static int add_user_to_lr_ace(struct opal_dev *dev, void *data)
1998 {
1999 	int err;
2000 	struct opal_lock_unlock *lkul = data;
2001 	const u8 users[] = {
2002 		OPAL_ADMIN1,
2003 		lkul->session.who
2004 	};
2005 
2006 	err = set_lr_boolean_ace(dev, OPAL_LOCKINGRANGE_ACE_START_TO_KEY,
2007 				 lkul->session.opal_key.lr, users,
2008 				 ARRAY_SIZE(users));
2009 
2010 	if (err) {
2011 		pr_debug("Error building add user to locking ranges ACEs.\n");
2012 		return err;
2013 	}
2014 
2015 	return finalize_and_send(dev, parse_and_check_status);
2016 }
2017 
2018 static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
2019 {
2020 	u8 lr_buffer[OPAL_UID_LENGTH];
2021 	struct opal_lock_unlock *lkul = data;
2022 	u8 read_locked = 1, write_locked = 1;
2023 	int err = 0;
2024 
2025 	if (build_locking_range(lr_buffer, sizeof(lr_buffer),
2026 				lkul->session.opal_key.lr) < 0)
2027 		return -ERANGE;
2028 
2029 	switch (lkul->l_state) {
2030 	case OPAL_RO:
2031 		read_locked = 0;
2032 		write_locked = 1;
2033 		break;
2034 	case OPAL_RW:
2035 		read_locked = 0;
2036 		write_locked = 0;
2037 		break;
2038 	case OPAL_LK:
2039 		/* vars are initialized to locked */
2040 		break;
2041 	default:
2042 		pr_debug("Tried to set an invalid locking state... returning to uland\n");
2043 		return OPAL_INVAL_PARAM;
2044 	}
2045 
2046 	err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
2047 
2048 	add_token_u8(&err, dev, OPAL_STARTNAME);
2049 	add_token_u8(&err, dev, OPAL_VALUES);
2050 	add_token_u8(&err, dev, OPAL_STARTLIST);
2051 
2052 	add_token_u8(&err, dev, OPAL_STARTNAME);
2053 	add_token_u8(&err, dev, OPAL_READLOCKED);
2054 	add_token_u8(&err, dev, read_locked);
2055 	add_token_u8(&err, dev, OPAL_ENDNAME);
2056 
2057 	add_token_u8(&err, dev, OPAL_STARTNAME);
2058 	add_token_u8(&err, dev, OPAL_WRITELOCKED);
2059 	add_token_u8(&err, dev, write_locked);
2060 	add_token_u8(&err, dev, OPAL_ENDNAME);
2061 
2062 	add_token_u8(&err, dev, OPAL_ENDLIST);
2063 	add_token_u8(&err, dev, OPAL_ENDNAME);
2064 
2065 	if (err) {
2066 		pr_debug("Error building SET command.\n");
2067 		return err;
2068 	}
2069 
2070 	return finalize_and_send(dev, parse_and_check_status);
2071 }
2072 
2073 
2074 static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
2075 {
2076 	u8 lr_buffer[OPAL_UID_LENGTH];
2077 	u8 read_locked = 1, write_locked = 1;
2078 	struct opal_lock_unlock *lkul = data;
2079 	int ret;
2080 
2081 	clear_opal_cmd(dev);
2082 	set_comid(dev, dev->comid);
2083 
2084 	if (build_locking_range(lr_buffer, sizeof(lr_buffer),
2085 				lkul->session.opal_key.lr) < 0)
2086 		return -ERANGE;
2087 
2088 	switch (lkul->l_state) {
2089 	case OPAL_RO:
2090 		read_locked = 0;
2091 		write_locked = 1;
2092 		break;
2093 	case OPAL_RW:
2094 		read_locked = 0;
2095 		write_locked = 0;
2096 		break;
2097 	case OPAL_LK:
2098 		/* vars are initialized to locked */
2099 		break;
2100 	default:
2101 		pr_debug("Tried to set an invalid locking state.\n");
2102 		return OPAL_INVAL_PARAM;
2103 	}
2104 	ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
2105 					read_locked, write_locked);
2106 
2107 	if (ret < 0) {
2108 		pr_debug("Error building SET command.\n");
2109 		return ret;
2110 	}
2111 
2112 	return finalize_and_send(dev, parse_and_check_status);
2113 }
2114 
2115 static int activate_lsp(struct opal_dev *dev, void *data)
2116 {
2117 	struct opal_lr_act *opal_act = data;
2118 	u8 user_lr[OPAL_UID_LENGTH];
2119 	int err, i;
2120 
2121 	err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID],
2122 			opalmethod[OPAL_ACTIVATE]);
2123 
2124 	if (opal_act->sum) {
2125 		err = build_locking_range(user_lr, sizeof(user_lr),
2126 					  opal_act->lr[0]);
2127 		if (err)
2128 			return err;
2129 
2130 		add_token_u8(&err, dev, OPAL_STARTNAME);
2131 		add_token_u64(&err, dev, OPAL_SUM_SET_LIST);
2132 
2133 		add_token_u8(&err, dev, OPAL_STARTLIST);
2134 		add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
2135 		for (i = 1; i < opal_act->num_lrs; i++) {
2136 			user_lr[7] = opal_act->lr[i];
2137 			add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
2138 		}
2139 		add_token_u8(&err, dev, OPAL_ENDLIST);
2140 		add_token_u8(&err, dev, OPAL_ENDNAME);
2141 	}
2142 
2143 	if (err) {
2144 		pr_debug("Error building Activate LockingSP command.\n");
2145 		return err;
2146 	}
2147 
2148 	return finalize_and_send(dev, parse_and_check_status);
2149 }
2150 
2151 /* Determine if we're in the Manufactured Inactive or Active state */
2152 static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
2153 {
2154 	u8 lc_status;
2155 	int err;
2156 
2157 	err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID],
2158 				 OPAL_LIFECYCLE);
2159 	if (err)
2160 		return err;
2161 
2162 	lc_status = response_get_u64(&dev->parsed, 4);
2163 	/* 0x08 is Manufactured Inactive */
2164 	/* 0x09 is Manufactured */
2165 	if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
2166 		pr_debug("Couldn't determine the status of the Lifecycle state\n");
2167 		return -ENODEV;
2168 	}
2169 
2170 	return 0;
2171 }
2172 
2173 static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
2174 {
2175 	const char *msid_pin;
2176 	size_t strlen;
2177 	int err;
2178 
2179 	err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN);
2180 	if (err)
2181 		return err;
2182 
2183 	strlen = response_get_string(&dev->parsed, 4, &msid_pin);
2184 	if (!msid_pin) {
2185 		pr_debug("Couldn't extract MSID_CPIN from response\n");
2186 		return OPAL_INVAL_PARAM;
2187 	}
2188 
2189 	dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
2190 	if (!dev->prev_data)
2191 		return -ENOMEM;
2192 
2193 	dev->prev_d_len = strlen;
2194 
2195 	return 0;
2196 }
2197 
2198 static int write_table_data(struct opal_dev *dev, void *data)
2199 {
2200 	struct opal_read_write_table *write_tbl = data;
2201 
2202 	return generic_table_write_data(dev, write_tbl->data, write_tbl->offset,
2203 					write_tbl->size, write_tbl->table_uid);
2204 }
2205 
2206 static int read_table_data_cont(struct opal_dev *dev)
2207 {
2208 	int err;
2209 	const char *data_read;
2210 
2211 	err = parse_and_check_status(dev);
2212 	if (err)
2213 		return err;
2214 
2215 	dev->prev_d_len = response_get_string(&dev->parsed, 1, &data_read);
2216 	dev->prev_data = (void *)data_read;
2217 	if (!dev->prev_data) {
2218 		pr_debug("%s: Couldn't read data from the table.\n", __func__);
2219 		return OPAL_INVAL_PARAM;
2220 	}
2221 
2222 	return 0;
2223 }
2224 
2225 /*
2226  * IO_BUFFER_LENGTH = 2048
2227  * sizeof(header) = 56
2228  * No. of Token Bytes in the Response = 11
2229  * MAX size of data that can be carried in response buffer
2230  * at a time is : 2048 - (56 + 11) = 1981 = 0x7BD.
2231  */
2232 #define OPAL_MAX_READ_TABLE (0x7BD)
2233 
2234 static int read_table_data(struct opal_dev *dev, void *data)
2235 {
2236 	struct opal_read_write_table *read_tbl = data;
2237 	int err;
2238 	size_t off = 0, max_read_size = OPAL_MAX_READ_TABLE;
2239 	u64 table_len, len;
2240 	u64 offset = read_tbl->offset, read_size = read_tbl->size - 1;
2241 	u8 __user *dst;
2242 
2243 	err = generic_get_table_info(dev, read_tbl->table_uid, OPAL_TABLE_ROWS);
2244 	if (err) {
2245 		pr_debug("Couldn't get the table size\n");
2246 		return err;
2247 	}
2248 
2249 	table_len = response_get_u64(&dev->parsed, 4);
2250 
2251 	/* Check if the user is trying to read from the table limits */
2252 	if (read_size > table_len || offset > table_len - read_size) {
2253 		pr_debug("Read size exceeds the Table size limits (%llu vs. %llu)\n",
2254 			  offset + read_size, table_len);
2255 		return -EINVAL;
2256 	}
2257 
2258 	while (off < read_size) {
2259 		err = cmd_start(dev, read_tbl->table_uid, opalmethod[OPAL_GET]);
2260 
2261 		add_token_u8(&err, dev, OPAL_STARTLIST);
2262 		add_token_u8(&err, dev, OPAL_STARTNAME);
2263 		add_token_u8(&err, dev, OPAL_STARTROW);
2264 		add_token_u64(&err, dev, offset + off); /* start row value */
2265 		add_token_u8(&err, dev, OPAL_ENDNAME);
2266 
2267 		add_token_u8(&err, dev, OPAL_STARTNAME);
2268 		add_token_u8(&err, dev, OPAL_ENDROW);
2269 
2270 		len = min(max_read_size, (size_t)(read_size - off));
2271 		add_token_u64(&err, dev, offset + off + len); /* end row value
2272 							       */
2273 		add_token_u8(&err, dev, OPAL_ENDNAME);
2274 		add_token_u8(&err, dev, OPAL_ENDLIST);
2275 
2276 		if (err) {
2277 			pr_debug("Error building read table data command.\n");
2278 			break;
2279 		}
2280 
2281 		err = finalize_and_send(dev, read_table_data_cont);
2282 		if (err)
2283 			break;
2284 
2285 		/* len+1: This includes the NULL terminator at the end*/
2286 		if (dev->prev_d_len > len + 1) {
2287 			err = -EOVERFLOW;
2288 			break;
2289 		}
2290 
2291 		dst = (u8 __user *)(uintptr_t)read_tbl->data;
2292 		if (copy_to_user(dst + off, dev->prev_data, dev->prev_d_len)) {
2293 			pr_debug("Error copying data to userspace\n");
2294 			err = -EFAULT;
2295 			break;
2296 		}
2297 		dev->prev_data = NULL;
2298 
2299 		off += len;
2300 	}
2301 
2302 	return err;
2303 }
2304 
2305 static int end_opal_session(struct opal_dev *dev, void *data)
2306 {
2307 	int err = 0;
2308 
2309 	clear_opal_cmd(dev);
2310 	set_comid(dev, dev->comid);
2311 	add_token_u8(&err, dev, OPAL_ENDOFSESSION);
2312 
2313 	if (err < 0)
2314 		return err;
2315 
2316 	return finalize_and_send(dev, end_session_cont);
2317 }
2318 
2319 static int end_opal_session_error(struct opal_dev *dev)
2320 {
2321 	const struct opal_step error_end_session = {
2322 		end_opal_session,
2323 	};
2324 
2325 	return execute_step(dev, &error_end_session, 0);
2326 }
2327 
2328 static inline void setup_opal_dev(struct opal_dev *dev)
2329 {
2330 	dev->tsn = 0;
2331 	dev->hsn = 0;
2332 	dev->prev_data = NULL;
2333 }
2334 
2335 static int check_opal_support(struct opal_dev *dev)
2336 {
2337 	int ret;
2338 
2339 	mutex_lock(&dev->dev_lock);
2340 	setup_opal_dev(dev);
2341 	ret = opal_discovery0_step(dev);
2342 	if (!ret)
2343 		dev->flags |= OPAL_FL_SUPPORTED;
2344 	mutex_unlock(&dev->dev_lock);
2345 
2346 	return ret;
2347 }
2348 
2349 static void clean_opal_dev(struct opal_dev *dev)
2350 {
2351 
2352 	struct opal_suspend_data *suspend, *next;
2353 
2354 	mutex_lock(&dev->dev_lock);
2355 	list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
2356 		list_del(&suspend->node);
2357 		kfree(suspend);
2358 	}
2359 	mutex_unlock(&dev->dev_lock);
2360 }
2361 
2362 void free_opal_dev(struct opal_dev *dev)
2363 {
2364 	if (!dev)
2365 		return;
2366 
2367 	clean_opal_dev(dev);
2368 	kfree(dev->resp);
2369 	kfree(dev->cmd);
2370 	kfree(dev);
2371 }
2372 EXPORT_SYMBOL(free_opal_dev);
2373 
2374 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2375 {
2376 	struct opal_dev *dev;
2377 
2378 	dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2379 	if (!dev)
2380 		return NULL;
2381 
2382 	/*
2383 	 * Presumably DMA-able buffers must be cache-aligned. Kmalloc makes
2384 	 * sure the allocated buffer is DMA-safe in that regard.
2385 	 */
2386 	dev->cmd = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2387 	if (!dev->cmd)
2388 		goto err_free_dev;
2389 
2390 	dev->resp = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2391 	if (!dev->resp)
2392 		goto err_free_cmd;
2393 
2394 	INIT_LIST_HEAD(&dev->unlk_lst);
2395 	mutex_init(&dev->dev_lock);
2396 	dev->flags = 0;
2397 	dev->data = data;
2398 	dev->send_recv = send_recv;
2399 	if (check_opal_support(dev) != 0) {
2400 		pr_debug("Opal is not supported on this device\n");
2401 		goto err_free_resp;
2402 	}
2403 
2404 	return dev;
2405 
2406 err_free_resp:
2407 	kfree(dev->resp);
2408 
2409 err_free_cmd:
2410 	kfree(dev->cmd);
2411 
2412 err_free_dev:
2413 	kfree(dev);
2414 
2415 	return NULL;
2416 }
2417 EXPORT_SYMBOL(init_opal_dev);
2418 
2419 static int opal_secure_erase_locking_range(struct opal_dev *dev,
2420 					   struct opal_session_info *opal_session)
2421 {
2422 	const struct opal_step erase_steps[] = {
2423 		{ start_auth_opal_session, opal_session },
2424 		{ get_active_key, &opal_session->opal_key.lr },
2425 		{ gen_key, },
2426 		{ end_opal_session, }
2427 	};
2428 	int ret;
2429 
2430 	mutex_lock(&dev->dev_lock);
2431 	setup_opal_dev(dev);
2432 	ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2433 	mutex_unlock(&dev->dev_lock);
2434 
2435 	return ret;
2436 }
2437 
2438 static int opal_erase_locking_range(struct opal_dev *dev,
2439 				    struct opal_session_info *opal_session)
2440 {
2441 	const struct opal_step erase_steps[] = {
2442 		{ start_auth_opal_session, opal_session },
2443 		{ erase_locking_range, opal_session },
2444 		{ end_opal_session, }
2445 	};
2446 	int ret;
2447 
2448 	mutex_lock(&dev->dev_lock);
2449 	setup_opal_dev(dev);
2450 	ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2451 	mutex_unlock(&dev->dev_lock);
2452 
2453 	return ret;
2454 }
2455 
2456 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2457 					  struct opal_mbr_data *opal_mbr)
2458 {
2459 	u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ?
2460 		OPAL_TRUE : OPAL_FALSE;
2461 
2462 	const struct opal_step mbr_steps[] = {
2463 		{ start_admin1LSP_opal_session, &opal_mbr->key },
2464 		{ set_mbr_done, &enable_disable },
2465 		{ end_opal_session, },
2466 		{ start_admin1LSP_opal_session, &opal_mbr->key },
2467 		{ set_mbr_enable_disable, &enable_disable },
2468 		{ end_opal_session, }
2469 	};
2470 	int ret;
2471 
2472 	if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2473 	    opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2474 		return -EINVAL;
2475 
2476 	mutex_lock(&dev->dev_lock);
2477 	setup_opal_dev(dev);
2478 	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2479 	mutex_unlock(&dev->dev_lock);
2480 
2481 	return ret;
2482 }
2483 
2484 static int opal_set_mbr_done(struct opal_dev *dev,
2485 			     struct opal_mbr_done *mbr_done)
2486 {
2487 	u8 mbr_done_tf = mbr_done->done_flag == OPAL_MBR_DONE ?
2488 		OPAL_TRUE : OPAL_FALSE;
2489 
2490 	const struct opal_step mbr_steps[] = {
2491 		{ start_admin1LSP_opal_session, &mbr_done->key },
2492 		{ set_mbr_done, &mbr_done_tf },
2493 		{ end_opal_session, }
2494 	};
2495 	int ret;
2496 
2497 	if (mbr_done->done_flag != OPAL_MBR_DONE &&
2498 	    mbr_done->done_flag != OPAL_MBR_NOT_DONE)
2499 		return -EINVAL;
2500 
2501 	mutex_lock(&dev->dev_lock);
2502 	setup_opal_dev(dev);
2503 	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2504 	mutex_unlock(&dev->dev_lock);
2505 
2506 	return ret;
2507 }
2508 
2509 static int opal_write_shadow_mbr(struct opal_dev *dev,
2510 				 struct opal_shadow_mbr *info)
2511 {
2512 	const struct opal_step mbr_steps[] = {
2513 		{ start_admin1LSP_opal_session, &info->key },
2514 		{ write_shadow_mbr, info },
2515 		{ end_opal_session, }
2516 	};
2517 	int ret;
2518 
2519 	if (info->size == 0)
2520 		return 0;
2521 
2522 	mutex_lock(&dev->dev_lock);
2523 	setup_opal_dev(dev);
2524 	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2525 	mutex_unlock(&dev->dev_lock);
2526 
2527 	return ret;
2528 }
2529 
2530 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2531 {
2532 	struct opal_suspend_data *suspend;
2533 
2534 	suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2535 	if (!suspend)
2536 		return -ENOMEM;
2537 
2538 	suspend->unlk = *lk_unlk;
2539 	suspend->lr = lk_unlk->session.opal_key.lr;
2540 
2541 	mutex_lock(&dev->dev_lock);
2542 	setup_opal_dev(dev);
2543 	add_suspend_info(dev, suspend);
2544 	mutex_unlock(&dev->dev_lock);
2545 
2546 	return 0;
2547 }
2548 
2549 static int opal_add_user_to_lr(struct opal_dev *dev,
2550 			       struct opal_lock_unlock *lk_unlk)
2551 {
2552 	const struct opal_step steps[] = {
2553 		{ start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2554 		{ add_user_to_lr, lk_unlk },
2555 		{ add_user_to_lr_ace, lk_unlk },
2556 		{ end_opal_session, }
2557 	};
2558 	int ret;
2559 
2560 	if (lk_unlk->l_state != OPAL_RO &&
2561 	    lk_unlk->l_state != OPAL_RW) {
2562 		pr_debug("Locking state was not RO or RW\n");
2563 		return -EINVAL;
2564 	}
2565 
2566 	if (lk_unlk->session.who < OPAL_USER1 ||
2567 	    lk_unlk->session.who > OPAL_USER9) {
2568 		pr_debug("Authority was not within the range of users: %d\n",
2569 			 lk_unlk->session.who);
2570 		return -EINVAL;
2571 	}
2572 
2573 	if (lk_unlk->session.sum) {
2574 		pr_debug("%s not supported in sum. Use setup locking range\n",
2575 			 __func__);
2576 		return -EINVAL;
2577 	}
2578 
2579 	mutex_lock(&dev->dev_lock);
2580 	setup_opal_dev(dev);
2581 	ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2582 	mutex_unlock(&dev->dev_lock);
2583 
2584 	return ret;
2585 }
2586 
2587 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psid)
2588 {
2589 	/* controller will terminate session */
2590 	const struct opal_step revert_steps[] = {
2591 		{ start_SIDASP_opal_session, opal },
2592 		{ revert_tper, }
2593 	};
2594 	const struct opal_step psid_revert_steps[] = {
2595 		{ start_PSID_opal_session, opal },
2596 		{ revert_tper, }
2597 	};
2598 
2599 	int ret;
2600 
2601 	mutex_lock(&dev->dev_lock);
2602 	setup_opal_dev(dev);
2603 	if (psid)
2604 		ret = execute_steps(dev, psid_revert_steps,
2605 				    ARRAY_SIZE(psid_revert_steps));
2606 	else
2607 		ret = execute_steps(dev, revert_steps,
2608 				    ARRAY_SIZE(revert_steps));
2609 	mutex_unlock(&dev->dev_lock);
2610 
2611 	/*
2612 	 * If we successfully reverted lets clean
2613 	 * any saved locking ranges.
2614 	 */
2615 	if (!ret)
2616 		clean_opal_dev(dev);
2617 
2618 	return ret;
2619 }
2620 
2621 static int __opal_lock_unlock(struct opal_dev *dev,
2622 			      struct opal_lock_unlock *lk_unlk)
2623 {
2624 	const struct opal_step unlock_steps[] = {
2625 		{ start_auth_opal_session, &lk_unlk->session },
2626 		{ lock_unlock_locking_range, lk_unlk },
2627 		{ end_opal_session, }
2628 	};
2629 	const struct opal_step unlock_sum_steps[] = {
2630 		{ start_auth_opal_session, &lk_unlk->session },
2631 		{ lock_unlock_locking_range_sum, lk_unlk },
2632 		{ end_opal_session, }
2633 	};
2634 
2635 	if (lk_unlk->session.sum)
2636 		return execute_steps(dev, unlock_sum_steps,
2637 				     ARRAY_SIZE(unlock_sum_steps));
2638 	else
2639 		return execute_steps(dev, unlock_steps,
2640 				     ARRAY_SIZE(unlock_steps));
2641 }
2642 
2643 static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2644 {
2645 	u8 mbr_done_tf = OPAL_TRUE;
2646 	const struct opal_step mbrdone_step[] = {
2647 		{ start_admin1LSP_opal_session, key },
2648 		{ set_mbr_done, &mbr_done_tf },
2649 		{ end_opal_session, }
2650 	};
2651 
2652 	return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step));
2653 }
2654 
2655 static void opal_lock_check_for_saved_key(struct opal_dev *dev,
2656 			    struct opal_lock_unlock *lk_unlk)
2657 {
2658 	struct opal_suspend_data *iter;
2659 
2660 	if (lk_unlk->l_state != OPAL_LK ||
2661 			lk_unlk->session.opal_key.key_len > 0)
2662 		return;
2663 
2664 	/*
2665 	 * Usually when closing a crypto device (eg: dm-crypt with LUKS) the
2666 	 * volume key is not required, as it requires root privileges anyway,
2667 	 * and root can deny access to a disk in many ways regardless.
2668 	 * Requiring the volume key to lock the device is a peculiarity of the
2669 	 * OPAL specification. Given we might already have saved the key if
2670 	 * the user requested it via the 'IOC_OPAL_SAVE' ioctl, we can use
2671 	 * that key to lock the device if no key was provided here, the
2672 	 * locking range matches and the appropriate flag was passed with
2673 	 * 'IOC_OPAL_SAVE'.
2674 	 * This allows integrating OPAL with tools and libraries that are used
2675 	 * to the common behaviour and do not ask for the volume key when
2676 	 * closing a device.
2677 	 */
2678 	setup_opal_dev(dev);
2679 	list_for_each_entry(iter, &dev->unlk_lst, node) {
2680 		if ((iter->unlk.flags & OPAL_SAVE_FOR_LOCK) &&
2681 				iter->lr == lk_unlk->session.opal_key.lr &&
2682 				iter->unlk.session.opal_key.key_len > 0) {
2683 			lk_unlk->session.opal_key.key_len =
2684 				iter->unlk.session.opal_key.key_len;
2685 			memcpy(lk_unlk->session.opal_key.key,
2686 				iter->unlk.session.opal_key.key,
2687 				iter->unlk.session.opal_key.key_len);
2688 			break;
2689 		}
2690 	}
2691 }
2692 
2693 static int opal_lock_unlock(struct opal_dev *dev,
2694 			    struct opal_lock_unlock *lk_unlk)
2695 {
2696 	int ret;
2697 
2698 	if (lk_unlk->session.who > OPAL_USER9)
2699 		return -EINVAL;
2700 
2701 	mutex_lock(&dev->dev_lock);
2702 	opal_lock_check_for_saved_key(dev, lk_unlk);
2703 	ret = __opal_lock_unlock(dev, lk_unlk);
2704 	mutex_unlock(&dev->dev_lock);
2705 
2706 	return ret;
2707 }
2708 
2709 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2710 {
2711 	const struct opal_step owner_steps[] = {
2712 		{ start_anybodyASP_opal_session, },
2713 		{ get_msid_cpin_pin, },
2714 		{ end_opal_session, },
2715 		{ start_SIDASP_opal_session, opal },
2716 		{ set_sid_cpin_pin, opal },
2717 		{ end_opal_session, }
2718 	};
2719 	int ret;
2720 
2721 	if (!dev)
2722 		return -ENODEV;
2723 
2724 	mutex_lock(&dev->dev_lock);
2725 	setup_opal_dev(dev);
2726 	ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
2727 	mutex_unlock(&dev->dev_lock);
2728 
2729 	return ret;
2730 }
2731 
2732 static int opal_activate_lsp(struct opal_dev *dev,
2733 			     struct opal_lr_act *opal_lr_act)
2734 {
2735 	const struct opal_step active_steps[] = {
2736 		{ start_SIDASP_opal_session, &opal_lr_act->key },
2737 		{ get_lsp_lifecycle, },
2738 		{ activate_lsp, opal_lr_act },
2739 		{ end_opal_session, }
2740 	};
2741 	int ret;
2742 
2743 	if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2744 		return -EINVAL;
2745 
2746 	mutex_lock(&dev->dev_lock);
2747 	setup_opal_dev(dev);
2748 	ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
2749 	mutex_unlock(&dev->dev_lock);
2750 
2751 	return ret;
2752 }
2753 
2754 static int opal_setup_locking_range(struct opal_dev *dev,
2755 				    struct opal_user_lr_setup *opal_lrs)
2756 {
2757 	const struct opal_step lr_steps[] = {
2758 		{ start_auth_opal_session, &opal_lrs->session },
2759 		{ setup_locking_range, opal_lrs },
2760 		{ end_opal_session, }
2761 	};
2762 	int ret;
2763 
2764 	mutex_lock(&dev->dev_lock);
2765 	setup_opal_dev(dev);
2766 	ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2767 	mutex_unlock(&dev->dev_lock);
2768 
2769 	return ret;
2770 }
2771 
2772 static int opal_locking_range_status(struct opal_dev *dev,
2773 			  struct opal_lr_status *opal_lrst,
2774 			  void __user *data)
2775 {
2776 	const struct opal_step lr_steps[] = {
2777 		{ start_auth_opal_session, &opal_lrst->session },
2778 		{ locking_range_status, opal_lrst },
2779 		{ end_opal_session, }
2780 	};
2781 	int ret;
2782 
2783 	mutex_lock(&dev->dev_lock);
2784 	setup_opal_dev(dev);
2785 	ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2786 	mutex_unlock(&dev->dev_lock);
2787 
2788 	/* skip session info when copying back to uspace */
2789 	if (!ret && copy_to_user(data + offsetof(struct opal_lr_status, range_start),
2790 				(void *)opal_lrst + offsetof(struct opal_lr_status, range_start),
2791 				sizeof(*opal_lrst) - offsetof(struct opal_lr_status, range_start))) {
2792 		pr_debug("Error copying status to userspace\n");
2793 		return -EFAULT;
2794 	}
2795 
2796 	return ret;
2797 }
2798 
2799 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
2800 {
2801 	const struct opal_step pw_steps[] = {
2802 		{ start_auth_opal_session, &opal_pw->session },
2803 		{ set_new_pw, &opal_pw->new_user_pw },
2804 		{ end_opal_session, }
2805 	};
2806 	int ret;
2807 
2808 	if (opal_pw->session.who > OPAL_USER9  ||
2809 	    opal_pw->new_user_pw.who > OPAL_USER9)
2810 		return -EINVAL;
2811 
2812 	mutex_lock(&dev->dev_lock);
2813 	setup_opal_dev(dev);
2814 	ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
2815 	mutex_unlock(&dev->dev_lock);
2816 
2817 	return ret;
2818 }
2819 
2820 static int opal_activate_user(struct opal_dev *dev,
2821 			      struct opal_session_info *opal_session)
2822 {
2823 	const struct opal_step act_steps[] = {
2824 		{ start_admin1LSP_opal_session, &opal_session->opal_key },
2825 		{ internal_activate_user, opal_session },
2826 		{ end_opal_session, }
2827 	};
2828 	int ret;
2829 
2830 	/* We can't activate Admin1 it's active as manufactured */
2831 	if (opal_session->who < OPAL_USER1 ||
2832 	    opal_session->who > OPAL_USER9) {
2833 		pr_debug("Who was not a valid user: %d\n", opal_session->who);
2834 		return -EINVAL;
2835 	}
2836 
2837 	mutex_lock(&dev->dev_lock);
2838 	setup_opal_dev(dev);
2839 	ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
2840 	mutex_unlock(&dev->dev_lock);
2841 
2842 	return ret;
2843 }
2844 
2845 bool opal_unlock_from_suspend(struct opal_dev *dev)
2846 {
2847 	struct opal_suspend_data *suspend;
2848 	bool was_failure = false;
2849 	int ret = 0;
2850 
2851 	if (!dev)
2852 		return false;
2853 
2854 	if (!(dev->flags & OPAL_FL_SUPPORTED))
2855 		return false;
2856 
2857 	mutex_lock(&dev->dev_lock);
2858 	setup_opal_dev(dev);
2859 
2860 	list_for_each_entry(suspend, &dev->unlk_lst, node) {
2861 		dev->tsn = 0;
2862 		dev->hsn = 0;
2863 
2864 		ret = __opal_lock_unlock(dev, &suspend->unlk);
2865 		if (ret) {
2866 			pr_debug("Failed to unlock LR %hhu with sum %d\n",
2867 				 suspend->unlk.session.opal_key.lr,
2868 				 suspend->unlk.session.sum);
2869 			was_failure = true;
2870 		}
2871 
2872 		if (dev->flags & OPAL_FL_MBR_ENABLED) {
2873 			ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
2874 			if (ret)
2875 				pr_debug("Failed to set MBR Done in S3 resume\n");
2876 		}
2877 	}
2878 	mutex_unlock(&dev->dev_lock);
2879 
2880 	return was_failure;
2881 }
2882 EXPORT_SYMBOL(opal_unlock_from_suspend);
2883 
2884 static int opal_read_table(struct opal_dev *dev,
2885 			   struct opal_read_write_table *rw_tbl)
2886 {
2887 	const struct opal_step read_table_steps[] = {
2888 		{ start_admin1LSP_opal_session, &rw_tbl->key },
2889 		{ read_table_data, rw_tbl },
2890 		{ end_opal_session, }
2891 	};
2892 	int ret = 0;
2893 
2894 	if (!rw_tbl->size)
2895 		return ret;
2896 
2897 	return execute_steps(dev, read_table_steps,
2898 			     ARRAY_SIZE(read_table_steps));
2899 }
2900 
2901 static int opal_write_table(struct opal_dev *dev,
2902 			    struct opal_read_write_table *rw_tbl)
2903 {
2904 	const struct opal_step write_table_steps[] = {
2905 		{ start_admin1LSP_opal_session, &rw_tbl->key },
2906 		{ write_table_data, rw_tbl },
2907 		{ end_opal_session, }
2908 	};
2909 	int ret = 0;
2910 
2911 	if (!rw_tbl->size)
2912 		return ret;
2913 
2914 	return execute_steps(dev, write_table_steps,
2915 			     ARRAY_SIZE(write_table_steps));
2916 }
2917 
2918 static int opal_generic_read_write_table(struct opal_dev *dev,
2919 					 struct opal_read_write_table *rw_tbl)
2920 {
2921 	int ret, bit_set;
2922 
2923 	mutex_lock(&dev->dev_lock);
2924 	setup_opal_dev(dev);
2925 
2926 	bit_set = fls64(rw_tbl->flags) - 1;
2927 	switch (bit_set) {
2928 	case OPAL_READ_TABLE:
2929 		ret = opal_read_table(dev, rw_tbl);
2930 		break;
2931 	case OPAL_WRITE_TABLE:
2932 		ret = opal_write_table(dev, rw_tbl);
2933 		break;
2934 	default:
2935 		pr_debug("Invalid bit set in the flag (%016llx).\n",
2936 			 rw_tbl->flags);
2937 		ret = -EINVAL;
2938 		break;
2939 	}
2940 
2941 	mutex_unlock(&dev->dev_lock);
2942 
2943 	return ret;
2944 }
2945 
2946 static int opal_get_status(struct opal_dev *dev, void __user *data)
2947 {
2948 	struct opal_status sts = {0};
2949 
2950 	/*
2951 	 * check_opal_support() error is not fatal,
2952 	 * !dev->supported is a valid condition
2953 	 */
2954 	if (!check_opal_support(dev))
2955 		sts.flags = dev->flags;
2956 	if (copy_to_user(data, &sts, sizeof(sts))) {
2957 		pr_debug("Error copying status to userspace\n");
2958 		return -EFAULT;
2959 	}
2960 	return 0;
2961 }
2962 
2963 static int opal_get_geometry(struct opal_dev *dev, void __user *data)
2964 {
2965 	struct opal_geometry geo = {0};
2966 
2967 	if (check_opal_support(dev))
2968 		return -EINVAL;
2969 
2970 	geo.align = dev->align_required;
2971 	geo.logical_block_size = dev->logical_block_size;
2972 	geo.alignment_granularity =  dev->align;
2973 	geo.lowest_aligned_lba = dev->lowest_lba;
2974 
2975 	if (copy_to_user(data, &geo, sizeof(geo))) {
2976 		pr_debug("Error copying geometry data to userspace\n");
2977 		return -EFAULT;
2978 	}
2979 
2980 	return 0;
2981 }
2982 
2983 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
2984 {
2985 	void *p;
2986 	int ret = -ENOTTY;
2987 
2988 	if (!capable(CAP_SYS_ADMIN))
2989 		return -EACCES;
2990 	if (!dev)
2991 		return -ENOTSUPP;
2992 	if (!(dev->flags & OPAL_FL_SUPPORTED))
2993 		return -ENOTSUPP;
2994 
2995 	if (cmd & IOC_IN) {
2996 		p = memdup_user(arg, _IOC_SIZE(cmd));
2997 		if (IS_ERR(p))
2998 			return PTR_ERR(p);
2999 	}
3000 
3001 	switch (cmd) {
3002 	case IOC_OPAL_SAVE:
3003 		ret = opal_save(dev, p);
3004 		break;
3005 	case IOC_OPAL_LOCK_UNLOCK:
3006 		ret = opal_lock_unlock(dev, p);
3007 		break;
3008 	case IOC_OPAL_TAKE_OWNERSHIP:
3009 		ret = opal_take_ownership(dev, p);
3010 		break;
3011 	case IOC_OPAL_ACTIVATE_LSP:
3012 		ret = opal_activate_lsp(dev, p);
3013 		break;
3014 	case IOC_OPAL_SET_PW:
3015 		ret = opal_set_new_pw(dev, p);
3016 		break;
3017 	case IOC_OPAL_ACTIVATE_USR:
3018 		ret = opal_activate_user(dev, p);
3019 		break;
3020 	case IOC_OPAL_REVERT_TPR:
3021 		ret = opal_reverttper(dev, p, false);
3022 		break;
3023 	case IOC_OPAL_LR_SETUP:
3024 		ret = opal_setup_locking_range(dev, p);
3025 		break;
3026 	case IOC_OPAL_ADD_USR_TO_LR:
3027 		ret = opal_add_user_to_lr(dev, p);
3028 		break;
3029 	case IOC_OPAL_ENABLE_DISABLE_MBR:
3030 		ret = opal_enable_disable_shadow_mbr(dev, p);
3031 		break;
3032 	case IOC_OPAL_MBR_DONE:
3033 		ret = opal_set_mbr_done(dev, p);
3034 		break;
3035 	case IOC_OPAL_WRITE_SHADOW_MBR:
3036 		ret = opal_write_shadow_mbr(dev, p);
3037 		break;
3038 	case IOC_OPAL_ERASE_LR:
3039 		ret = opal_erase_locking_range(dev, p);
3040 		break;
3041 	case IOC_OPAL_SECURE_ERASE_LR:
3042 		ret = opal_secure_erase_locking_range(dev, p);
3043 		break;
3044 	case IOC_OPAL_PSID_REVERT_TPR:
3045 		ret = opal_reverttper(dev, p, true);
3046 		break;
3047 	case IOC_OPAL_GENERIC_TABLE_RW:
3048 		ret = opal_generic_read_write_table(dev, p);
3049 		break;
3050 	case IOC_OPAL_GET_STATUS:
3051 		ret = opal_get_status(dev, arg);
3052 		break;
3053 	case IOC_OPAL_GET_LR_STATUS:
3054 		ret = opal_locking_range_status(dev, p, arg);
3055 		break;
3056 	case IOC_OPAL_GET_GEOMETRY:
3057 		ret = opal_get_geometry(dev, arg);
3058 		break;
3059 	default:
3060 		break;
3061 	}
3062 
3063 	if (cmd & IOC_IN)
3064 		kfree(p);
3065 	return ret;
3066 }
3067 EXPORT_SYMBOL_GPL(sed_ioctl);
3068