1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright © 2016 Intel Corporation 4 * 5 * Authors: 6 * Scott Bauer <scott.bauer@intel.com> 7 * Rafael Antognolli <rafael.antognolli@intel.com> 8 */ 9 10 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt 11 12 #include <linux/delay.h> 13 #include <linux/device.h> 14 #include <linux/kernel.h> 15 #include <linux/list.h> 16 #include <linux/blkdev.h> 17 #include <linux/slab.h> 18 #include <linux/uaccess.h> 19 #include <uapi/linux/sed-opal.h> 20 #include <linux/sed-opal.h> 21 #include <linux/string.h> 22 #include <linux/kdev_t.h> 23 #include <linux/key.h> 24 #include <linux/key-type.h> 25 #include <keys/user-type.h> 26 27 #include "opal_proto.h" 28 29 #define IO_BUFFER_LENGTH 2048 30 #define MAX_TOKS 64 31 32 /* Number of bytes needed by cmd_finalize. */ 33 #define CMD_FINALIZE_BYTES_NEEDED 7 34 35 static struct key *sed_opal_keyring; 36 37 struct opal_step { 38 int (*fn)(struct opal_dev *dev, void *data); 39 void *data; 40 }; 41 typedef int (cont_fn)(struct opal_dev *dev); 42 43 enum opal_atom_width { 44 OPAL_WIDTH_TINY, 45 OPAL_WIDTH_SHORT, 46 OPAL_WIDTH_MEDIUM, 47 OPAL_WIDTH_LONG, 48 OPAL_WIDTH_TOKEN 49 }; 50 51 /* 52 * On the parsed response, we don't store again the toks that are already 53 * stored in the response buffer. Instead, for each token, we just store a 54 * pointer to the position in the buffer where the token starts, and the size 55 * of the token in bytes. 56 */ 57 struct opal_resp_tok { 58 const u8 *pos; 59 size_t len; 60 enum opal_response_token type; 61 enum opal_atom_width width; 62 union { 63 u64 u; 64 s64 s; 65 } stored; 66 }; 67 68 /* 69 * From the response header it's not possible to know how many tokens there are 70 * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later 71 * if we start dealing with messages that have more than that, we can increase 72 * this number. This is done to avoid having to make two passes through the 73 * response, the first one counting how many tokens we have and the second one 74 * actually storing the positions. 75 */ 76 struct parsed_resp { 77 int num; 78 struct opal_resp_tok toks[MAX_TOKS]; 79 }; 80 81 struct opal_dev { 82 u32 flags; 83 84 void *data; 85 sec_send_recv *send_recv; 86 87 struct mutex dev_lock; 88 u16 comid; 89 u32 hsn; 90 u32 tsn; 91 u64 align; /* alignment granularity */ 92 u64 lowest_lba; 93 u32 logical_block_size; 94 u8 align_required; /* ALIGN: 0 or 1 */ 95 96 size_t pos; 97 u8 *cmd; 98 u8 *resp; 99 100 struct parsed_resp parsed; 101 size_t prev_d_len; 102 void *prev_data; 103 104 struct list_head unlk_lst; 105 }; 106 107 108 static const u8 opaluid[][OPAL_UID_LENGTH] = { 109 /* users */ 110 [OPAL_SMUID_UID] = 111 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff }, 112 [OPAL_THISSP_UID] = 113 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, 114 [OPAL_ADMINSP_UID] = 115 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 }, 116 [OPAL_LOCKINGSP_UID] = 117 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 }, 118 [OPAL_ENTERPRISE_LOCKINGSP_UID] = 119 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 }, 120 [OPAL_ANYBODY_UID] = 121 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 }, 122 [OPAL_SID_UID] = 123 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 }, 124 [OPAL_ADMIN1_UID] = 125 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 }, 126 [OPAL_USER1_UID] = 127 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 }, 128 [OPAL_USER2_UID] = 129 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 }, 130 [OPAL_PSID_UID] = 131 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 }, 132 [OPAL_ENTERPRISE_BANDMASTER0_UID] = 133 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 }, 134 [OPAL_ENTERPRISE_ERASEMASTER_UID] = 135 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 }, 136 137 /* tables */ 138 [OPAL_TABLE_TABLE] = 139 { 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01 }, 140 [OPAL_LOCKINGRANGE_GLOBAL] = 141 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 }, 142 [OPAL_LOCKINGRANGE_ACE_START_TO_KEY] = 143 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xD0, 0x01 }, 144 [OPAL_LOCKINGRANGE_ACE_RDLOCKED] = 145 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 }, 146 [OPAL_LOCKINGRANGE_ACE_WRLOCKED] = 147 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 }, 148 [OPAL_MBRCONTROL] = 149 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 }, 150 [OPAL_MBR] = 151 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 }, 152 [OPAL_AUTHORITY_TABLE] = 153 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00}, 154 [OPAL_C_PIN_TABLE] = 155 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00}, 156 [OPAL_LOCKING_INFO_TABLE] = 157 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 }, 158 [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] = 159 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 }, 160 [OPAL_DATASTORE] = 161 { 0x00, 0x00, 0x10, 0x01, 0x00, 0x00, 0x00, 0x00 }, 162 163 /* C_PIN_TABLE object ID's */ 164 [OPAL_C_PIN_MSID] = 165 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02}, 166 [OPAL_C_PIN_SID] = 167 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01}, 168 [OPAL_C_PIN_ADMIN1] = 169 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01}, 170 171 /* half UID's (only first 4 bytes used) */ 172 [OPAL_HALF_UID_AUTHORITY_OBJ_REF] = 173 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff }, 174 [OPAL_HALF_UID_BOOLEAN_ACE] = 175 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff }, 176 177 /* special value for omitted optional parameter */ 178 [OPAL_UID_HEXFF] = 179 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 180 }; 181 182 /* 183 * TCG Storage SSC Methods. 184 * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00 185 * Section: 6.3 Assigned UIDs 186 */ 187 static const u8 opalmethod[][OPAL_METHOD_LENGTH] = { 188 [OPAL_PROPERTIES] = 189 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 }, 190 [OPAL_STARTSESSION] = 191 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 }, 192 [OPAL_REVERT] = 193 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 }, 194 [OPAL_ACTIVATE] = 195 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 }, 196 [OPAL_EGET] = 197 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 }, 198 [OPAL_ESET] = 199 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 }, 200 [OPAL_NEXT] = 201 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 }, 202 [OPAL_EAUTHENTICATE] = 203 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c }, 204 [OPAL_GETACL] = 205 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d }, 206 [OPAL_GENKEY] = 207 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 }, 208 [OPAL_REVERTSP] = 209 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 }, 210 [OPAL_GET] = 211 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 }, 212 [OPAL_SET] = 213 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 }, 214 [OPAL_AUTHENTICATE] = 215 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c }, 216 [OPAL_RANDOM] = 217 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 }, 218 [OPAL_ERASE] = 219 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 }, 220 }; 221 222 static int end_opal_session_error(struct opal_dev *dev); 223 static int opal_discovery0_step(struct opal_dev *dev); 224 225 struct opal_suspend_data { 226 struct opal_lock_unlock unlk; 227 u8 lr; 228 struct list_head node; 229 }; 230 231 /* 232 * Derived from: 233 * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00 234 * Section: 5.1.5 Method Status Codes 235 */ 236 static const char * const opal_errors[] = { 237 "Success", 238 "Not Authorized", 239 "Unknown Error", 240 "SP Busy", 241 "SP Failed", 242 "SP Disabled", 243 "SP Frozen", 244 "No Sessions Available", 245 "Uniqueness Conflict", 246 "Insufficient Space", 247 "Insufficient Rows", 248 "Invalid Function", 249 "Invalid Parameter", 250 "Invalid Reference", 251 "Unknown Error", 252 "TPER Malfunction", 253 "Transaction Failure", 254 "Response Overflow", 255 "Authority Locked Out", 256 }; 257 258 static const char *opal_error_to_human(int error) 259 { 260 if (error == 0x3f) 261 return "Failed"; 262 263 if (error >= ARRAY_SIZE(opal_errors) || error < 0) 264 return "Unknown Error"; 265 266 return opal_errors[error]; 267 } 268 269 static void print_buffer(const u8 *ptr, u32 length) 270 { 271 #ifdef DEBUG 272 print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length); 273 pr_debug("\n"); 274 #endif 275 } 276 277 /* 278 * Allocate/update a SED Opal key and add it to the SED Opal keyring. 279 */ 280 static int update_sed_opal_key(const char *desc, u_char *key_data, int keylen) 281 { 282 key_ref_t kr; 283 284 if (!sed_opal_keyring) 285 return -ENOKEY; 286 287 kr = key_create_or_update(make_key_ref(sed_opal_keyring, true), "user", 288 desc, (const void *)key_data, keylen, 289 KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_WRITE, 290 KEY_ALLOC_NOT_IN_QUOTA | KEY_ALLOC_BUILT_IN | 291 KEY_ALLOC_BYPASS_RESTRICTION); 292 if (IS_ERR(kr)) { 293 pr_err("Error adding SED key (%ld)\n", PTR_ERR(kr)); 294 return PTR_ERR(kr); 295 } 296 297 return 0; 298 } 299 300 /* 301 * Read a SED Opal key from the SED Opal keyring. 302 */ 303 static int read_sed_opal_key(const char *key_name, u_char *buffer, int buflen) 304 { 305 int ret; 306 key_ref_t kref; 307 struct key *key; 308 309 if (!sed_opal_keyring) 310 return -ENOKEY; 311 312 kref = keyring_search(make_key_ref(sed_opal_keyring, true), 313 &key_type_user, key_name, true); 314 315 if (IS_ERR(kref)) 316 ret = PTR_ERR(kref); 317 318 key = key_ref_to_ptr(kref); 319 down_read(&key->sem); 320 ret = key_validate(key); 321 if (ret == 0) { 322 if (buflen > key->datalen) 323 buflen = key->datalen; 324 325 ret = key->type->read(key, (char *)buffer, buflen); 326 } 327 up_read(&key->sem); 328 329 key_ref_put(kref); 330 331 return ret; 332 } 333 334 static int opal_get_key(struct opal_dev *dev, struct opal_key *key) 335 { 336 int ret = 0; 337 338 switch (key->key_type) { 339 case OPAL_INCLUDED: 340 /* the key is ready to use */ 341 break; 342 case OPAL_KEYRING: 343 /* the key is in the keyring */ 344 ret = read_sed_opal_key(OPAL_AUTH_KEY, key->key, OPAL_KEY_MAX); 345 if (ret > 0) { 346 if (ret > U8_MAX) { 347 ret = -ENOSPC; 348 goto error; 349 } 350 key->key_len = ret; 351 key->key_type = OPAL_INCLUDED; 352 } 353 break; 354 default: 355 ret = -EINVAL; 356 break; 357 } 358 if (ret < 0) 359 goto error; 360 361 /* must have a PEK by now or it's an error */ 362 if (key->key_type != OPAL_INCLUDED || key->key_len == 0) { 363 ret = -EINVAL; 364 goto error; 365 } 366 return 0; 367 error: 368 pr_debug("Error getting password: %d\n", ret); 369 return ret; 370 } 371 372 static bool check_tper(const void *data) 373 { 374 const struct d0_tper_features *tper = data; 375 u8 flags = tper->supported_features; 376 377 if (!(flags & TPER_SYNC_SUPPORTED)) { 378 pr_debug("TPer sync not supported. flags = %d\n", 379 tper->supported_features); 380 return false; 381 } 382 383 return true; 384 } 385 386 static bool check_lcksuppt(const void *data) 387 { 388 const struct d0_locking_features *lfeat = data; 389 u8 sup_feat = lfeat->supported_features; 390 391 return !!(sup_feat & LOCKING_SUPPORTED_MASK); 392 } 393 394 static bool check_lckenabled(const void *data) 395 { 396 const struct d0_locking_features *lfeat = data; 397 u8 sup_feat = lfeat->supported_features; 398 399 return !!(sup_feat & LOCKING_ENABLED_MASK); 400 } 401 402 static bool check_locked(const void *data) 403 { 404 const struct d0_locking_features *lfeat = data; 405 u8 sup_feat = lfeat->supported_features; 406 407 return !!(sup_feat & LOCKED_MASK); 408 } 409 410 static bool check_mbrenabled(const void *data) 411 { 412 const struct d0_locking_features *lfeat = data; 413 u8 sup_feat = lfeat->supported_features; 414 415 return !!(sup_feat & MBR_ENABLED_MASK); 416 } 417 418 static bool check_mbrdone(const void *data) 419 { 420 const struct d0_locking_features *lfeat = data; 421 u8 sup_feat = lfeat->supported_features; 422 423 return !!(sup_feat & MBR_DONE_MASK); 424 } 425 426 static bool check_sum(const void *data) 427 { 428 const struct d0_single_user_mode *sum = data; 429 u32 nlo = be32_to_cpu(sum->num_locking_objects); 430 431 if (nlo == 0) { 432 pr_debug("Need at least one locking object.\n"); 433 return false; 434 } 435 436 pr_debug("Number of locking objects: %d\n", nlo); 437 438 return true; 439 } 440 441 static u16 get_comid_v100(const void *data) 442 { 443 const struct d0_opal_v100 *v100 = data; 444 445 return be16_to_cpu(v100->baseComID); 446 } 447 448 static u16 get_comid_v200(const void *data) 449 { 450 const struct d0_opal_v200 *v200 = data; 451 452 return be16_to_cpu(v200->baseComID); 453 } 454 455 static int opal_send_cmd(struct opal_dev *dev) 456 { 457 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01, 458 dev->cmd, IO_BUFFER_LENGTH, 459 true); 460 } 461 462 static int opal_recv_cmd(struct opal_dev *dev) 463 { 464 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01, 465 dev->resp, IO_BUFFER_LENGTH, 466 false); 467 } 468 469 static int opal_recv_check(struct opal_dev *dev) 470 { 471 size_t buflen = IO_BUFFER_LENGTH; 472 void *buffer = dev->resp; 473 struct opal_header *hdr = buffer; 474 int ret; 475 476 do { 477 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n", 478 hdr->cp.outstandingData, 479 hdr->cp.minTransfer); 480 481 if (hdr->cp.outstandingData == 0 || 482 hdr->cp.minTransfer != 0) 483 return 0; 484 485 memset(buffer, 0, buflen); 486 ret = opal_recv_cmd(dev); 487 } while (!ret); 488 489 return ret; 490 } 491 492 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont) 493 { 494 int ret; 495 496 ret = opal_send_cmd(dev); 497 if (ret) 498 return ret; 499 ret = opal_recv_cmd(dev); 500 if (ret) 501 return ret; 502 ret = opal_recv_check(dev); 503 if (ret) 504 return ret; 505 return cont(dev); 506 } 507 508 static void check_geometry(struct opal_dev *dev, const void *data) 509 { 510 const struct d0_geometry_features *geo = data; 511 512 dev->align = be64_to_cpu(geo->alignment_granularity); 513 dev->lowest_lba = be64_to_cpu(geo->lowest_aligned_lba); 514 dev->logical_block_size = be32_to_cpu(geo->logical_block_size); 515 dev->align_required = geo->reserved01 & 1; 516 } 517 518 static int execute_step(struct opal_dev *dev, 519 const struct opal_step *step, size_t stepIndex) 520 { 521 int error = step->fn(dev, step->data); 522 523 if (error) { 524 pr_debug("Step %zu (%pS) failed with error %d: %s\n", 525 stepIndex, step->fn, error, 526 opal_error_to_human(error)); 527 } 528 529 return error; 530 } 531 532 static int execute_steps(struct opal_dev *dev, 533 const struct opal_step *steps, size_t n_steps) 534 { 535 size_t state = 0; 536 int error; 537 538 /* first do a discovery0 */ 539 error = opal_discovery0_step(dev); 540 if (error) 541 return error; 542 543 for (state = 0; state < n_steps; state++) { 544 error = execute_step(dev, &steps[state], state); 545 if (error) 546 goto out_error; 547 } 548 549 return 0; 550 551 out_error: 552 /* 553 * For each OPAL command the first step in steps starts some sort of 554 * session. If an error occurred in the initial discovery0 or if an 555 * error occurred in the first step (and thus stopping the loop with 556 * state == 0) then there was an error before or during the attempt to 557 * start a session. Therefore we shouldn't attempt to terminate a 558 * session, as one has not yet been created. 559 */ 560 if (state > 0) 561 end_opal_session_error(dev); 562 563 return error; 564 } 565 566 static int opal_discovery0_end(struct opal_dev *dev, void *data) 567 { 568 struct opal_discovery *discv_out = data; /* may be NULL */ 569 u8 __user *buf_out; 570 u64 len_out; 571 bool found_com_id = false, supported = true, single_user = false; 572 const struct d0_header *hdr = (struct d0_header *)dev->resp; 573 const u8 *epos = dev->resp, *cpos = dev->resp; 574 u16 comid = 0; 575 u32 hlen = be32_to_cpu(hdr->length); 576 577 print_buffer(dev->resp, hlen); 578 dev->flags &= OPAL_FL_SUPPORTED; 579 580 if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) { 581 pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n", 582 sizeof(*hdr), hlen, IO_BUFFER_LENGTH); 583 return -EFAULT; 584 } 585 586 if (discv_out) { 587 buf_out = (u8 __user *)(uintptr_t)discv_out->data; 588 len_out = min_t(u64, discv_out->size, hlen); 589 if (buf_out && copy_to_user(buf_out, dev->resp, len_out)) 590 return -EFAULT; 591 592 discv_out->size = hlen; /* actual size of data */ 593 } 594 595 epos += hlen; /* end of buffer */ 596 cpos += sizeof(*hdr); /* current position on buffer */ 597 598 while (cpos < epos && supported) { 599 const struct d0_features *body = 600 (const struct d0_features *)cpos; 601 602 switch (be16_to_cpu(body->code)) { 603 case FC_TPER: 604 supported = check_tper(body->features); 605 break; 606 case FC_SINGLEUSER: 607 single_user = check_sum(body->features); 608 if (single_user) 609 dev->flags |= OPAL_FL_SUM_SUPPORTED; 610 break; 611 case FC_GEOMETRY: 612 check_geometry(dev, body); 613 break; 614 case FC_LOCKING: 615 if (check_lcksuppt(body->features)) 616 dev->flags |= OPAL_FL_LOCKING_SUPPORTED; 617 if (check_lckenabled(body->features)) 618 dev->flags |= OPAL_FL_LOCKING_ENABLED; 619 if (check_locked(body->features)) 620 dev->flags |= OPAL_FL_LOCKED; 621 if (check_mbrenabled(body->features)) 622 dev->flags |= OPAL_FL_MBR_ENABLED; 623 if (check_mbrdone(body->features)) 624 dev->flags |= OPAL_FL_MBR_DONE; 625 break; 626 case FC_ENTERPRISE: 627 case FC_DATASTORE: 628 /* some ignored properties */ 629 pr_debug("Found OPAL feature description: %d\n", 630 be16_to_cpu(body->code)); 631 break; 632 case FC_OPALV100: 633 comid = get_comid_v100(body->features); 634 found_com_id = true; 635 break; 636 case FC_OPALV200: 637 comid = get_comid_v200(body->features); 638 found_com_id = true; 639 break; 640 case 0xbfff ... 0xffff: 641 /* vendor specific, just ignore */ 642 break; 643 default: 644 pr_debug("OPAL Unknown feature: %d\n", 645 be16_to_cpu(body->code)); 646 647 } 648 cpos += body->length + 4; 649 } 650 651 if (!supported) { 652 pr_debug("This device is not Opal enabled. Not Supported!\n"); 653 return -EOPNOTSUPP; 654 } 655 656 if (!single_user) 657 pr_debug("Device doesn't support single user mode\n"); 658 659 660 if (!found_com_id) { 661 pr_debug("Could not find OPAL comid for device. Returning early\n"); 662 return -EOPNOTSUPP; 663 } 664 665 dev->comid = comid; 666 667 return 0; 668 } 669 670 static int opal_discovery0(struct opal_dev *dev, void *data) 671 { 672 int ret; 673 674 memset(dev->resp, 0, IO_BUFFER_LENGTH); 675 dev->comid = OPAL_DISCOVERY_COMID; 676 ret = opal_recv_cmd(dev); 677 if (ret) 678 return ret; 679 680 return opal_discovery0_end(dev, data); 681 } 682 683 static int opal_discovery0_step(struct opal_dev *dev) 684 { 685 const struct opal_step discovery0_step = { 686 opal_discovery0, NULL 687 }; 688 689 return execute_step(dev, &discovery0_step, 0); 690 } 691 692 static size_t remaining_size(struct opal_dev *cmd) 693 { 694 return IO_BUFFER_LENGTH - cmd->pos; 695 } 696 697 static bool can_add(int *err, struct opal_dev *cmd, size_t len) 698 { 699 if (*err) 700 return false; 701 702 if (remaining_size(cmd) < len) { 703 pr_debug("Error adding %zu bytes: end of buffer.\n", len); 704 *err = -ERANGE; 705 return false; 706 } 707 708 return true; 709 } 710 711 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok) 712 { 713 if (!can_add(err, cmd, 1)) 714 return; 715 716 cmd->cmd[cmd->pos++] = tok; 717 } 718 719 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring, 720 bool has_sign, int len) 721 { 722 u8 atom; 723 int err = 0; 724 725 atom = SHORT_ATOM_ID; 726 atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0; 727 atom |= has_sign ? SHORT_ATOM_SIGNED : 0; 728 atom |= len & SHORT_ATOM_LEN_MASK; 729 730 add_token_u8(&err, cmd, atom); 731 } 732 733 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring, 734 bool has_sign, int len) 735 { 736 u8 header0; 737 738 header0 = MEDIUM_ATOM_ID; 739 header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0; 740 header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0; 741 header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK; 742 743 cmd->cmd[cmd->pos++] = header0; 744 cmd->cmd[cmd->pos++] = len; 745 } 746 747 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number) 748 { 749 size_t len; 750 int msb; 751 752 if (!(number & ~TINY_ATOM_DATA_MASK)) { 753 add_token_u8(err, cmd, number); 754 return; 755 } 756 757 msb = fls64(number); 758 len = DIV_ROUND_UP(msb, 8); 759 760 if (!can_add(err, cmd, len + 1)) { 761 pr_debug("Error adding u64: end of buffer.\n"); 762 return; 763 } 764 add_short_atom_header(cmd, false, false, len); 765 while (len--) 766 add_token_u8(err, cmd, number >> (len * 8)); 767 } 768 769 static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len) 770 { 771 size_t header_len = 1; 772 bool is_short_atom = true; 773 774 if (len & ~SHORT_ATOM_LEN_MASK) { 775 header_len = 2; 776 is_short_atom = false; 777 } 778 779 if (!can_add(err, cmd, header_len + len)) { 780 pr_debug("Error adding bytestring: end of buffer.\n"); 781 return NULL; 782 } 783 784 if (is_short_atom) 785 add_short_atom_header(cmd, true, false, len); 786 else 787 add_medium_atom_header(cmd, true, false, len); 788 789 return &cmd->cmd[cmd->pos]; 790 } 791 792 static void add_token_bytestring(int *err, struct opal_dev *cmd, 793 const u8 *bytestring, size_t len) 794 { 795 u8 *start; 796 797 start = add_bytestring_header(err, cmd, len); 798 if (!start) 799 return; 800 memcpy(start, bytestring, len); 801 cmd->pos += len; 802 } 803 804 static int build_locking_range(u8 *buffer, size_t length, u8 lr) 805 { 806 if (length > OPAL_UID_LENGTH) { 807 pr_debug("Can't build locking range. Length OOB\n"); 808 return -ERANGE; 809 } 810 811 memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH); 812 813 if (lr == 0) 814 return 0; 815 816 buffer[5] = LOCKING_RANGE_NON_GLOBAL; 817 buffer[7] = lr; 818 819 return 0; 820 } 821 822 static int build_locking_user(u8 *buffer, size_t length, u8 lr) 823 { 824 if (length > OPAL_UID_LENGTH) { 825 pr_debug("Can't build locking range user. Length OOB\n"); 826 return -ERANGE; 827 } 828 829 memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH); 830 831 buffer[7] = lr + 1; 832 833 return 0; 834 } 835 836 static void set_comid(struct opal_dev *cmd, u16 comid) 837 { 838 struct opal_header *hdr = (struct opal_header *)cmd->cmd; 839 840 hdr->cp.extendedComID[0] = comid >> 8; 841 hdr->cp.extendedComID[1] = comid; 842 hdr->cp.extendedComID[2] = 0; 843 hdr->cp.extendedComID[3] = 0; 844 } 845 846 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn) 847 { 848 struct opal_header *hdr; 849 int err = 0; 850 851 /* 852 * Close the parameter list opened from cmd_start. 853 * The number of bytes added must be equal to 854 * CMD_FINALIZE_BYTES_NEEDED. 855 */ 856 add_token_u8(&err, cmd, OPAL_ENDLIST); 857 858 add_token_u8(&err, cmd, OPAL_ENDOFDATA); 859 add_token_u8(&err, cmd, OPAL_STARTLIST); 860 add_token_u8(&err, cmd, 0); 861 add_token_u8(&err, cmd, 0); 862 add_token_u8(&err, cmd, 0); 863 add_token_u8(&err, cmd, OPAL_ENDLIST); 864 865 if (err) { 866 pr_debug("Error finalizing command.\n"); 867 return -EFAULT; 868 } 869 870 hdr = (struct opal_header *) cmd->cmd; 871 872 hdr->pkt.tsn = cpu_to_be32(tsn); 873 hdr->pkt.hsn = cpu_to_be32(hsn); 874 875 hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr)); 876 while (cmd->pos % 4) { 877 if (cmd->pos >= IO_BUFFER_LENGTH) { 878 pr_debug("Error: Buffer overrun\n"); 879 return -ERANGE; 880 } 881 cmd->cmd[cmd->pos++] = 0; 882 } 883 hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) - 884 sizeof(hdr->pkt)); 885 hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp)); 886 887 return 0; 888 } 889 890 static const struct opal_resp_tok *response_get_token( 891 const struct parsed_resp *resp, 892 int n) 893 { 894 const struct opal_resp_tok *tok; 895 896 if (!resp) { 897 pr_debug("Response is NULL\n"); 898 return ERR_PTR(-EINVAL); 899 } 900 901 if (n >= resp->num) { 902 pr_debug("Token number doesn't exist: %d, resp: %d\n", 903 n, resp->num); 904 return ERR_PTR(-EINVAL); 905 } 906 907 tok = &resp->toks[n]; 908 if (tok->len == 0) { 909 pr_debug("Token length must be non-zero\n"); 910 return ERR_PTR(-EINVAL); 911 } 912 913 return tok; 914 } 915 916 static ssize_t response_parse_tiny(struct opal_resp_tok *tok, 917 const u8 *pos) 918 { 919 tok->pos = pos; 920 tok->len = 1; 921 tok->width = OPAL_WIDTH_TINY; 922 923 if (pos[0] & TINY_ATOM_SIGNED) { 924 tok->type = OPAL_DTA_TOKENID_SINT; 925 } else { 926 tok->type = OPAL_DTA_TOKENID_UINT; 927 tok->stored.u = pos[0] & 0x3f; 928 } 929 930 return tok->len; 931 } 932 933 static ssize_t response_parse_short(struct opal_resp_tok *tok, 934 const u8 *pos) 935 { 936 tok->pos = pos; 937 tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1; 938 tok->width = OPAL_WIDTH_SHORT; 939 940 if (pos[0] & SHORT_ATOM_BYTESTRING) { 941 tok->type = OPAL_DTA_TOKENID_BYTESTRING; 942 } else if (pos[0] & SHORT_ATOM_SIGNED) { 943 tok->type = OPAL_DTA_TOKENID_SINT; 944 } else { 945 u64 u_integer = 0; 946 ssize_t i, b = 0; 947 948 tok->type = OPAL_DTA_TOKENID_UINT; 949 if (tok->len > 9) { 950 pr_debug("uint64 with more than 8 bytes\n"); 951 return -EINVAL; 952 } 953 for (i = tok->len - 1; i > 0; i--) { 954 u_integer |= ((u64)pos[i] << (8 * b)); 955 b++; 956 } 957 tok->stored.u = u_integer; 958 } 959 960 return tok->len; 961 } 962 963 static ssize_t response_parse_medium(struct opal_resp_tok *tok, 964 const u8 *pos) 965 { 966 tok->pos = pos; 967 tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2; 968 tok->width = OPAL_WIDTH_MEDIUM; 969 970 if (pos[0] & MEDIUM_ATOM_BYTESTRING) 971 tok->type = OPAL_DTA_TOKENID_BYTESTRING; 972 else if (pos[0] & MEDIUM_ATOM_SIGNED) 973 tok->type = OPAL_DTA_TOKENID_SINT; 974 else 975 tok->type = OPAL_DTA_TOKENID_UINT; 976 977 return tok->len; 978 } 979 980 static ssize_t response_parse_long(struct opal_resp_tok *tok, 981 const u8 *pos) 982 { 983 tok->pos = pos; 984 tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4; 985 tok->width = OPAL_WIDTH_LONG; 986 987 if (pos[0] & LONG_ATOM_BYTESTRING) 988 tok->type = OPAL_DTA_TOKENID_BYTESTRING; 989 else if (pos[0] & LONG_ATOM_SIGNED) 990 tok->type = OPAL_DTA_TOKENID_SINT; 991 else 992 tok->type = OPAL_DTA_TOKENID_UINT; 993 994 return tok->len; 995 } 996 997 static ssize_t response_parse_token(struct opal_resp_tok *tok, 998 const u8 *pos) 999 { 1000 tok->pos = pos; 1001 tok->len = 1; 1002 tok->type = OPAL_DTA_TOKENID_TOKEN; 1003 tok->width = OPAL_WIDTH_TOKEN; 1004 1005 return tok->len; 1006 } 1007 1008 static int response_parse(const u8 *buf, size_t length, 1009 struct parsed_resp *resp) 1010 { 1011 const struct opal_header *hdr; 1012 struct opal_resp_tok *iter; 1013 int num_entries = 0; 1014 int total; 1015 ssize_t token_length; 1016 const u8 *pos; 1017 u32 clen, plen, slen; 1018 1019 if (!buf) 1020 return -EFAULT; 1021 1022 if (!resp) 1023 return -EFAULT; 1024 1025 hdr = (struct opal_header *)buf; 1026 pos = buf; 1027 pos += sizeof(*hdr); 1028 1029 clen = be32_to_cpu(hdr->cp.length); 1030 plen = be32_to_cpu(hdr->pkt.length); 1031 slen = be32_to_cpu(hdr->subpkt.length); 1032 pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n", 1033 clen, plen, slen); 1034 1035 if (clen == 0 || plen == 0 || slen == 0 || 1036 slen > IO_BUFFER_LENGTH - sizeof(*hdr)) { 1037 pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n", 1038 clen, plen, slen); 1039 print_buffer(pos, sizeof(*hdr)); 1040 return -EINVAL; 1041 } 1042 1043 if (pos > buf + length) 1044 return -EFAULT; 1045 1046 iter = resp->toks; 1047 total = slen; 1048 print_buffer(pos, total); 1049 while (total > 0) { 1050 if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */ 1051 token_length = response_parse_tiny(iter, pos); 1052 else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */ 1053 token_length = response_parse_short(iter, pos); 1054 else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */ 1055 token_length = response_parse_medium(iter, pos); 1056 else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */ 1057 token_length = response_parse_long(iter, pos); 1058 else if (pos[0] == EMPTY_ATOM_BYTE) /* empty atom */ 1059 token_length = 1; 1060 else /* TOKEN */ 1061 token_length = response_parse_token(iter, pos); 1062 1063 if (token_length < 0) 1064 return token_length; 1065 1066 if (pos[0] != EMPTY_ATOM_BYTE) 1067 num_entries++; 1068 1069 pos += token_length; 1070 total -= token_length; 1071 iter++; 1072 } 1073 1074 resp->num = num_entries; 1075 1076 return 0; 1077 } 1078 1079 static size_t response_get_string(const struct parsed_resp *resp, int n, 1080 const char **store) 1081 { 1082 u8 skip; 1083 const struct opal_resp_tok *tok; 1084 1085 *store = NULL; 1086 tok = response_get_token(resp, n); 1087 if (IS_ERR(tok)) 1088 return 0; 1089 1090 if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) { 1091 pr_debug("Token is not a byte string!\n"); 1092 return 0; 1093 } 1094 1095 switch (tok->width) { 1096 case OPAL_WIDTH_TINY: 1097 case OPAL_WIDTH_SHORT: 1098 skip = 1; 1099 break; 1100 case OPAL_WIDTH_MEDIUM: 1101 skip = 2; 1102 break; 1103 case OPAL_WIDTH_LONG: 1104 skip = 4; 1105 break; 1106 default: 1107 pr_debug("Token has invalid width!\n"); 1108 return 0; 1109 } 1110 1111 *store = tok->pos + skip; 1112 1113 return tok->len - skip; 1114 } 1115 1116 static u64 response_get_u64(const struct parsed_resp *resp, int n) 1117 { 1118 const struct opal_resp_tok *tok; 1119 1120 tok = response_get_token(resp, n); 1121 if (IS_ERR(tok)) 1122 return 0; 1123 1124 if (tok->type != OPAL_DTA_TOKENID_UINT) { 1125 pr_debug("Token is not unsigned int: %d\n", tok->type); 1126 return 0; 1127 } 1128 1129 if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) { 1130 pr_debug("Atom is not short or tiny: %d\n", tok->width); 1131 return 0; 1132 } 1133 1134 return tok->stored.u; 1135 } 1136 1137 static bool response_token_matches(const struct opal_resp_tok *token, u8 match) 1138 { 1139 if (IS_ERR(token) || 1140 token->type != OPAL_DTA_TOKENID_TOKEN || 1141 token->pos[0] != match) 1142 return false; 1143 return true; 1144 } 1145 1146 static u8 response_status(const struct parsed_resp *resp) 1147 { 1148 const struct opal_resp_tok *tok; 1149 1150 tok = response_get_token(resp, 0); 1151 if (response_token_matches(tok, OPAL_ENDOFSESSION)) 1152 return 0; 1153 1154 if (resp->num < 5) 1155 return DTAERROR_NO_METHOD_STATUS; 1156 1157 tok = response_get_token(resp, resp->num - 5); 1158 if (!response_token_matches(tok, OPAL_STARTLIST)) 1159 return DTAERROR_NO_METHOD_STATUS; 1160 1161 tok = response_get_token(resp, resp->num - 1); 1162 if (!response_token_matches(tok, OPAL_ENDLIST)) 1163 return DTAERROR_NO_METHOD_STATUS; 1164 1165 return response_get_u64(resp, resp->num - 4); 1166 } 1167 1168 /* Parses and checks for errors */ 1169 static int parse_and_check_status(struct opal_dev *dev) 1170 { 1171 int error; 1172 1173 print_buffer(dev->cmd, dev->pos); 1174 1175 error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed); 1176 if (error) { 1177 pr_debug("Couldn't parse response.\n"); 1178 return error; 1179 } 1180 1181 return response_status(&dev->parsed); 1182 } 1183 1184 static void clear_opal_cmd(struct opal_dev *dev) 1185 { 1186 dev->pos = sizeof(struct opal_header); 1187 memset(dev->cmd, 0, IO_BUFFER_LENGTH); 1188 } 1189 1190 static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method) 1191 { 1192 int err = 0; 1193 1194 clear_opal_cmd(dev); 1195 set_comid(dev, dev->comid); 1196 1197 add_token_u8(&err, dev, OPAL_CALL); 1198 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH); 1199 add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH); 1200 1201 /* 1202 * Every method call is followed by its parameters enclosed within 1203 * OPAL_STARTLIST and OPAL_ENDLIST tokens. We automatically open the 1204 * parameter list here and close it later in cmd_finalize. 1205 */ 1206 add_token_u8(&err, dev, OPAL_STARTLIST); 1207 1208 return err; 1209 } 1210 1211 static int start_opal_session_cont(struct opal_dev *dev) 1212 { 1213 u32 hsn, tsn; 1214 int error = 0; 1215 1216 error = parse_and_check_status(dev); 1217 if (error) 1218 return error; 1219 1220 hsn = response_get_u64(&dev->parsed, 4); 1221 tsn = response_get_u64(&dev->parsed, 5); 1222 1223 if (hsn != GENERIC_HOST_SESSION_NUM || tsn < FIRST_TPER_SESSION_NUM) { 1224 pr_debug("Couldn't authenticate session\n"); 1225 return -EPERM; 1226 } 1227 1228 dev->hsn = hsn; 1229 dev->tsn = tsn; 1230 1231 return 0; 1232 } 1233 1234 static void add_suspend_info(struct opal_dev *dev, 1235 struct opal_suspend_data *sus) 1236 { 1237 struct opal_suspend_data *iter; 1238 1239 list_for_each_entry(iter, &dev->unlk_lst, node) { 1240 if (iter->lr == sus->lr) { 1241 list_del(&iter->node); 1242 kfree(iter); 1243 break; 1244 } 1245 } 1246 list_add_tail(&sus->node, &dev->unlk_lst); 1247 } 1248 1249 static int end_session_cont(struct opal_dev *dev) 1250 { 1251 dev->hsn = 0; 1252 dev->tsn = 0; 1253 1254 return parse_and_check_status(dev); 1255 } 1256 1257 static int finalize_and_send(struct opal_dev *dev, cont_fn cont) 1258 { 1259 int ret; 1260 1261 ret = cmd_finalize(dev, dev->hsn, dev->tsn); 1262 if (ret) { 1263 pr_debug("Error finalizing command buffer: %d\n", ret); 1264 return ret; 1265 } 1266 1267 print_buffer(dev->cmd, dev->pos); 1268 1269 return opal_send_recv(dev, cont); 1270 } 1271 1272 static int generic_get_columns(struct opal_dev *dev, const u8 *table, 1273 u64 start_column, u64 end_column) 1274 { 1275 int err; 1276 1277 err = cmd_start(dev, table, opalmethod[OPAL_GET]); 1278 1279 add_token_u8(&err, dev, OPAL_STARTLIST); 1280 1281 add_token_u8(&err, dev, OPAL_STARTNAME); 1282 add_token_u8(&err, dev, OPAL_STARTCOLUMN); 1283 add_token_u64(&err, dev, start_column); 1284 add_token_u8(&err, dev, OPAL_ENDNAME); 1285 1286 add_token_u8(&err, dev, OPAL_STARTNAME); 1287 add_token_u8(&err, dev, OPAL_ENDCOLUMN); 1288 add_token_u64(&err, dev, end_column); 1289 add_token_u8(&err, dev, OPAL_ENDNAME); 1290 1291 add_token_u8(&err, dev, OPAL_ENDLIST); 1292 1293 if (err) 1294 return err; 1295 1296 return finalize_and_send(dev, parse_and_check_status); 1297 } 1298 1299 /* 1300 * request @column from table @table on device @dev. On success, the column 1301 * data will be available in dev->resp->tok[4] 1302 */ 1303 static int generic_get_column(struct opal_dev *dev, const u8 *table, 1304 u64 column) 1305 { 1306 return generic_get_columns(dev, table, column, column); 1307 } 1308 1309 /* 1310 * see TCG SAS 5.3.2.3 for a description of the available columns 1311 * 1312 * the result is provided in dev->resp->tok[4] 1313 */ 1314 static int generic_get_table_info(struct opal_dev *dev, const u8 *table_uid, 1315 u64 column) 1316 { 1317 u8 uid[OPAL_UID_LENGTH]; 1318 const unsigned int half = OPAL_UID_LENGTH_HALF; 1319 1320 /* sed-opal UIDs can be split in two halves: 1321 * first: actual table index 1322 * second: relative index in the table 1323 * so we have to get the first half of the OPAL_TABLE_TABLE and use the 1324 * first part of the target table as relative index into that table 1325 */ 1326 memcpy(uid, opaluid[OPAL_TABLE_TABLE], half); 1327 memcpy(uid + half, table_uid, half); 1328 1329 return generic_get_column(dev, uid, column); 1330 } 1331 1332 static int gen_key(struct opal_dev *dev, void *data) 1333 { 1334 u8 uid[OPAL_UID_LENGTH]; 1335 int err; 1336 1337 memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len)); 1338 kfree(dev->prev_data); 1339 dev->prev_data = NULL; 1340 1341 err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]); 1342 1343 if (err) { 1344 pr_debug("Error building gen key command\n"); 1345 return err; 1346 1347 } 1348 1349 return finalize_and_send(dev, parse_and_check_status); 1350 } 1351 1352 static int get_active_key_cont(struct opal_dev *dev) 1353 { 1354 const char *activekey; 1355 size_t keylen; 1356 int error = 0; 1357 1358 error = parse_and_check_status(dev); 1359 if (error) 1360 return error; 1361 1362 keylen = response_get_string(&dev->parsed, 4, &activekey); 1363 if (!activekey) { 1364 pr_debug("%s: Couldn't extract the Activekey from the response\n", 1365 __func__); 1366 return OPAL_INVAL_PARAM; 1367 } 1368 1369 dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL); 1370 1371 if (!dev->prev_data) 1372 return -ENOMEM; 1373 1374 dev->prev_d_len = keylen; 1375 1376 return 0; 1377 } 1378 1379 static int get_active_key(struct opal_dev *dev, void *data) 1380 { 1381 u8 uid[OPAL_UID_LENGTH]; 1382 int err; 1383 u8 *lr = data; 1384 1385 err = build_locking_range(uid, sizeof(uid), *lr); 1386 if (err) 1387 return err; 1388 1389 err = generic_get_column(dev, uid, OPAL_ACTIVEKEY); 1390 if (err) 1391 return err; 1392 1393 return get_active_key_cont(dev); 1394 } 1395 1396 static int generic_table_write_data(struct opal_dev *dev, const u64 data, 1397 u64 offset, u64 size, const u8 *uid) 1398 { 1399 const u8 __user *src = (u8 __user *)(uintptr_t)data; 1400 u8 *dst; 1401 u64 len; 1402 size_t off = 0; 1403 int err; 1404 1405 /* do we fit in the available space? */ 1406 err = generic_get_table_info(dev, uid, OPAL_TABLE_ROWS); 1407 if (err) { 1408 pr_debug("Couldn't get the table size\n"); 1409 return err; 1410 } 1411 1412 len = response_get_u64(&dev->parsed, 4); 1413 if (size > len || offset > len - size) { 1414 pr_debug("Does not fit in the table (%llu vs. %llu)\n", 1415 offset + size, len); 1416 return -ENOSPC; 1417 } 1418 1419 /* do the actual transmission(s) */ 1420 while (off < size) { 1421 err = cmd_start(dev, uid, opalmethod[OPAL_SET]); 1422 add_token_u8(&err, dev, OPAL_STARTNAME); 1423 add_token_u8(&err, dev, OPAL_WHERE); 1424 add_token_u64(&err, dev, offset + off); 1425 add_token_u8(&err, dev, OPAL_ENDNAME); 1426 1427 add_token_u8(&err, dev, OPAL_STARTNAME); 1428 add_token_u8(&err, dev, OPAL_VALUES); 1429 1430 /* 1431 * The bytestring header is either 1 or 2 bytes, so assume 2. 1432 * There also needs to be enough space to accommodate the 1433 * trailing OPAL_ENDNAME (1 byte) and tokens added by 1434 * cmd_finalize. 1435 */ 1436 len = min(remaining_size(dev) - (2+1+CMD_FINALIZE_BYTES_NEEDED), 1437 (size_t)(size - off)); 1438 pr_debug("Write bytes %zu+%llu/%llu\n", off, len, size); 1439 1440 dst = add_bytestring_header(&err, dev, len); 1441 if (!dst) 1442 break; 1443 1444 if (copy_from_user(dst, src + off, len)) { 1445 err = -EFAULT; 1446 break; 1447 } 1448 1449 dev->pos += len; 1450 1451 add_token_u8(&err, dev, OPAL_ENDNAME); 1452 if (err) 1453 break; 1454 1455 err = finalize_and_send(dev, parse_and_check_status); 1456 if (err) 1457 break; 1458 1459 off += len; 1460 } 1461 1462 return err; 1463 } 1464 1465 static int generic_lr_enable_disable(struct opal_dev *dev, 1466 u8 *uid, bool rle, bool wle, 1467 bool rl, bool wl) 1468 { 1469 int err; 1470 1471 err = cmd_start(dev, uid, opalmethod[OPAL_SET]); 1472 1473 add_token_u8(&err, dev, OPAL_STARTNAME); 1474 add_token_u8(&err, dev, OPAL_VALUES); 1475 add_token_u8(&err, dev, OPAL_STARTLIST); 1476 1477 add_token_u8(&err, dev, OPAL_STARTNAME); 1478 add_token_u8(&err, dev, OPAL_READLOCKENABLED); 1479 add_token_u8(&err, dev, rle); 1480 add_token_u8(&err, dev, OPAL_ENDNAME); 1481 1482 add_token_u8(&err, dev, OPAL_STARTNAME); 1483 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED); 1484 add_token_u8(&err, dev, wle); 1485 add_token_u8(&err, dev, OPAL_ENDNAME); 1486 1487 add_token_u8(&err, dev, OPAL_STARTNAME); 1488 add_token_u8(&err, dev, OPAL_READLOCKED); 1489 add_token_u8(&err, dev, rl); 1490 add_token_u8(&err, dev, OPAL_ENDNAME); 1491 1492 add_token_u8(&err, dev, OPAL_STARTNAME); 1493 add_token_u8(&err, dev, OPAL_WRITELOCKED); 1494 add_token_u8(&err, dev, wl); 1495 add_token_u8(&err, dev, OPAL_ENDNAME); 1496 1497 add_token_u8(&err, dev, OPAL_ENDLIST); 1498 add_token_u8(&err, dev, OPAL_ENDNAME); 1499 1500 return err; 1501 } 1502 1503 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid, 1504 struct opal_user_lr_setup *setup) 1505 { 1506 int err; 1507 1508 err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE, 1509 0, 0); 1510 if (err) 1511 pr_debug("Failed to create enable global lr command\n"); 1512 1513 return err; 1514 } 1515 1516 static int setup_locking_range(struct opal_dev *dev, void *data) 1517 { 1518 u8 uid[OPAL_UID_LENGTH]; 1519 struct opal_user_lr_setup *setup = data; 1520 u8 lr; 1521 int err; 1522 1523 lr = setup->session.opal_key.lr; 1524 err = build_locking_range(uid, sizeof(uid), lr); 1525 if (err) 1526 return err; 1527 1528 if (lr == 0) 1529 err = enable_global_lr(dev, uid, setup); 1530 else { 1531 err = cmd_start(dev, uid, opalmethod[OPAL_SET]); 1532 1533 add_token_u8(&err, dev, OPAL_STARTNAME); 1534 add_token_u8(&err, dev, OPAL_VALUES); 1535 add_token_u8(&err, dev, OPAL_STARTLIST); 1536 1537 add_token_u8(&err, dev, OPAL_STARTNAME); 1538 add_token_u8(&err, dev, OPAL_RANGESTART); 1539 add_token_u64(&err, dev, setup->range_start); 1540 add_token_u8(&err, dev, OPAL_ENDNAME); 1541 1542 add_token_u8(&err, dev, OPAL_STARTNAME); 1543 add_token_u8(&err, dev, OPAL_RANGELENGTH); 1544 add_token_u64(&err, dev, setup->range_length); 1545 add_token_u8(&err, dev, OPAL_ENDNAME); 1546 1547 add_token_u8(&err, dev, OPAL_STARTNAME); 1548 add_token_u8(&err, dev, OPAL_READLOCKENABLED); 1549 add_token_u64(&err, dev, !!setup->RLE); 1550 add_token_u8(&err, dev, OPAL_ENDNAME); 1551 1552 add_token_u8(&err, dev, OPAL_STARTNAME); 1553 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED); 1554 add_token_u64(&err, dev, !!setup->WLE); 1555 add_token_u8(&err, dev, OPAL_ENDNAME); 1556 1557 add_token_u8(&err, dev, OPAL_ENDLIST); 1558 add_token_u8(&err, dev, OPAL_ENDNAME); 1559 } 1560 if (err) { 1561 pr_debug("Error building Setup Locking range command.\n"); 1562 return err; 1563 } 1564 1565 return finalize_and_send(dev, parse_and_check_status); 1566 } 1567 1568 static int response_get_column(const struct parsed_resp *resp, 1569 int *iter, 1570 u8 column, 1571 u64 *value) 1572 { 1573 const struct opal_resp_tok *tok; 1574 int n = *iter; 1575 u64 val; 1576 1577 tok = response_get_token(resp, n); 1578 if (IS_ERR(tok)) 1579 return PTR_ERR(tok); 1580 1581 if (!response_token_matches(tok, OPAL_STARTNAME)) { 1582 pr_debug("Unexpected response token type %d.\n", n); 1583 return OPAL_INVAL_PARAM; 1584 } 1585 n++; 1586 1587 if (response_get_u64(resp, n) != column) { 1588 pr_debug("Token %d does not match expected column %u.\n", 1589 n, column); 1590 return OPAL_INVAL_PARAM; 1591 } 1592 n++; 1593 1594 val = response_get_u64(resp, n); 1595 n++; 1596 1597 tok = response_get_token(resp, n); 1598 if (IS_ERR(tok)) 1599 return PTR_ERR(tok); 1600 1601 if (!response_token_matches(tok, OPAL_ENDNAME)) { 1602 pr_debug("Unexpected response token type %d.\n", n); 1603 return OPAL_INVAL_PARAM; 1604 } 1605 n++; 1606 1607 *value = val; 1608 *iter = n; 1609 1610 return 0; 1611 } 1612 1613 static int locking_range_status(struct opal_dev *dev, void *data) 1614 { 1615 u8 lr_buffer[OPAL_UID_LENGTH]; 1616 u64 resp; 1617 bool rlocked, wlocked; 1618 int err, tok_n = 2; 1619 struct opal_lr_status *lrst = data; 1620 1621 err = build_locking_range(lr_buffer, sizeof(lr_buffer), 1622 lrst->session.opal_key.lr); 1623 if (err) 1624 return err; 1625 1626 err = generic_get_columns(dev, lr_buffer, OPAL_RANGESTART, 1627 OPAL_WRITELOCKED); 1628 if (err) { 1629 pr_debug("Couldn't get lr %u table columns %d to %d.\n", 1630 lrst->session.opal_key.lr, OPAL_RANGESTART, 1631 OPAL_WRITELOCKED); 1632 return err; 1633 } 1634 1635 /* range start */ 1636 err = response_get_column(&dev->parsed, &tok_n, OPAL_RANGESTART, 1637 &lrst->range_start); 1638 if (err) 1639 return err; 1640 1641 /* range length */ 1642 err = response_get_column(&dev->parsed, &tok_n, OPAL_RANGELENGTH, 1643 &lrst->range_length); 1644 if (err) 1645 return err; 1646 1647 /* RLE */ 1648 err = response_get_column(&dev->parsed, &tok_n, OPAL_READLOCKENABLED, 1649 &resp); 1650 if (err) 1651 return err; 1652 1653 lrst->RLE = !!resp; 1654 1655 /* WLE */ 1656 err = response_get_column(&dev->parsed, &tok_n, OPAL_WRITELOCKENABLED, 1657 &resp); 1658 if (err) 1659 return err; 1660 1661 lrst->WLE = !!resp; 1662 1663 /* read locked */ 1664 err = response_get_column(&dev->parsed, &tok_n, OPAL_READLOCKED, &resp); 1665 if (err) 1666 return err; 1667 1668 rlocked = !!resp; 1669 1670 /* write locked */ 1671 err = response_get_column(&dev->parsed, &tok_n, OPAL_WRITELOCKED, &resp); 1672 if (err) 1673 return err; 1674 1675 wlocked = !!resp; 1676 1677 /* opal_lock_state can not map 'read locked' only state. */ 1678 lrst->l_state = OPAL_RW; 1679 if (rlocked && wlocked) 1680 lrst->l_state = OPAL_LK; 1681 else if (wlocked) 1682 lrst->l_state = OPAL_RO; 1683 else if (rlocked) { 1684 pr_debug("Can not report read locked only state.\n"); 1685 return -EINVAL; 1686 } 1687 1688 return 0; 1689 } 1690 1691 static int start_generic_opal_session(struct opal_dev *dev, 1692 enum opal_uid auth, 1693 enum opal_uid sp_type, 1694 const char *key, 1695 u8 key_len) 1696 { 1697 u32 hsn; 1698 int err; 1699 1700 if (key == NULL && auth != OPAL_ANYBODY_UID) 1701 return OPAL_INVAL_PARAM; 1702 1703 hsn = GENERIC_HOST_SESSION_NUM; 1704 err = cmd_start(dev, opaluid[OPAL_SMUID_UID], 1705 opalmethod[OPAL_STARTSESSION]); 1706 1707 add_token_u64(&err, dev, hsn); 1708 add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH); 1709 add_token_u8(&err, dev, 1); 1710 1711 switch (auth) { 1712 case OPAL_ANYBODY_UID: 1713 break; 1714 case OPAL_ADMIN1_UID: 1715 case OPAL_SID_UID: 1716 case OPAL_PSID_UID: 1717 add_token_u8(&err, dev, OPAL_STARTNAME); 1718 add_token_u8(&err, dev, 0); /* HostChallenge */ 1719 add_token_bytestring(&err, dev, key, key_len); 1720 add_token_u8(&err, dev, OPAL_ENDNAME); 1721 add_token_u8(&err, dev, OPAL_STARTNAME); 1722 add_token_u8(&err, dev, 3); /* HostSignAuth */ 1723 add_token_bytestring(&err, dev, opaluid[auth], 1724 OPAL_UID_LENGTH); 1725 add_token_u8(&err, dev, OPAL_ENDNAME); 1726 break; 1727 default: 1728 pr_debug("Cannot start Admin SP session with auth %d\n", auth); 1729 return OPAL_INVAL_PARAM; 1730 } 1731 1732 if (err) { 1733 pr_debug("Error building start adminsp session command.\n"); 1734 return err; 1735 } 1736 1737 return finalize_and_send(dev, start_opal_session_cont); 1738 } 1739 1740 static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data) 1741 { 1742 return start_generic_opal_session(dev, OPAL_ANYBODY_UID, 1743 OPAL_ADMINSP_UID, NULL, 0); 1744 } 1745 1746 static int start_SIDASP_opal_session(struct opal_dev *dev, void *data) 1747 { 1748 int ret; 1749 const u8 *key = dev->prev_data; 1750 1751 if (!key) { 1752 const struct opal_key *okey = data; 1753 1754 ret = start_generic_opal_session(dev, OPAL_SID_UID, 1755 OPAL_ADMINSP_UID, 1756 okey->key, 1757 okey->key_len); 1758 } else { 1759 ret = start_generic_opal_session(dev, OPAL_SID_UID, 1760 OPAL_ADMINSP_UID, 1761 key, dev->prev_d_len); 1762 kfree(key); 1763 dev->prev_data = NULL; 1764 } 1765 1766 return ret; 1767 } 1768 1769 static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data) 1770 { 1771 struct opal_key *key = data; 1772 1773 return start_generic_opal_session(dev, OPAL_ADMIN1_UID, 1774 OPAL_LOCKINGSP_UID, 1775 key->key, key->key_len); 1776 } 1777 1778 static int start_PSID_opal_session(struct opal_dev *dev, void *data) 1779 { 1780 const struct opal_key *okey = data; 1781 1782 return start_generic_opal_session(dev, OPAL_PSID_UID, 1783 OPAL_ADMINSP_UID, 1784 okey->key, 1785 okey->key_len); 1786 } 1787 1788 static int start_auth_opal_session(struct opal_dev *dev, void *data) 1789 { 1790 struct opal_session_info *session = data; 1791 u8 lk_ul_user[OPAL_UID_LENGTH]; 1792 size_t keylen = session->opal_key.key_len; 1793 int err = 0; 1794 1795 u8 *key = session->opal_key.key; 1796 u32 hsn = GENERIC_HOST_SESSION_NUM; 1797 1798 if (session->sum) 1799 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user), 1800 session->opal_key.lr); 1801 else if (session->who != OPAL_ADMIN1 && !session->sum) 1802 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user), 1803 session->who - 1); 1804 else 1805 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH); 1806 1807 if (err) 1808 return err; 1809 1810 err = cmd_start(dev, opaluid[OPAL_SMUID_UID], 1811 opalmethod[OPAL_STARTSESSION]); 1812 1813 add_token_u64(&err, dev, hsn); 1814 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID], 1815 OPAL_UID_LENGTH); 1816 add_token_u8(&err, dev, 1); 1817 add_token_u8(&err, dev, OPAL_STARTNAME); 1818 add_token_u8(&err, dev, 0); 1819 add_token_bytestring(&err, dev, key, keylen); 1820 add_token_u8(&err, dev, OPAL_ENDNAME); 1821 add_token_u8(&err, dev, OPAL_STARTNAME); 1822 add_token_u8(&err, dev, 3); 1823 add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH); 1824 add_token_u8(&err, dev, OPAL_ENDNAME); 1825 1826 if (err) { 1827 pr_debug("Error building STARTSESSION command.\n"); 1828 return err; 1829 } 1830 1831 return finalize_and_send(dev, start_opal_session_cont); 1832 } 1833 1834 static int revert_tper(struct opal_dev *dev, void *data) 1835 { 1836 int err; 1837 1838 err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID], 1839 opalmethod[OPAL_REVERT]); 1840 if (err) { 1841 pr_debug("Error building REVERT TPER command.\n"); 1842 return err; 1843 } 1844 1845 return finalize_and_send(dev, parse_and_check_status); 1846 } 1847 1848 static int internal_activate_user(struct opal_dev *dev, void *data) 1849 { 1850 struct opal_session_info *session = data; 1851 u8 uid[OPAL_UID_LENGTH]; 1852 int err; 1853 1854 memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH); 1855 uid[7] = session->who; 1856 1857 err = cmd_start(dev, uid, opalmethod[OPAL_SET]); 1858 add_token_u8(&err, dev, OPAL_STARTNAME); 1859 add_token_u8(&err, dev, OPAL_VALUES); 1860 add_token_u8(&err, dev, OPAL_STARTLIST); 1861 add_token_u8(&err, dev, OPAL_STARTNAME); 1862 add_token_u8(&err, dev, 5); /* Enabled */ 1863 add_token_u8(&err, dev, OPAL_TRUE); 1864 add_token_u8(&err, dev, OPAL_ENDNAME); 1865 add_token_u8(&err, dev, OPAL_ENDLIST); 1866 add_token_u8(&err, dev, OPAL_ENDNAME); 1867 1868 if (err) { 1869 pr_debug("Error building Activate UserN command.\n"); 1870 return err; 1871 } 1872 1873 return finalize_and_send(dev, parse_and_check_status); 1874 } 1875 1876 static int revert_lsp(struct opal_dev *dev, void *data) 1877 { 1878 struct opal_revert_lsp *rev = data; 1879 int err; 1880 1881 err = cmd_start(dev, opaluid[OPAL_THISSP_UID], 1882 opalmethod[OPAL_REVERTSP]); 1883 add_token_u8(&err, dev, OPAL_STARTNAME); 1884 add_token_u64(&err, dev, OPAL_KEEP_GLOBAL_RANGE_KEY); 1885 add_token_u8(&err, dev, (rev->options & OPAL_PRESERVE) ? 1886 OPAL_TRUE : OPAL_FALSE); 1887 add_token_u8(&err, dev, OPAL_ENDNAME); 1888 if (err) { 1889 pr_debug("Error building REVERT SP command.\n"); 1890 return err; 1891 } 1892 1893 return finalize_and_send(dev, parse_and_check_status); 1894 } 1895 1896 static int erase_locking_range(struct opal_dev *dev, void *data) 1897 { 1898 struct opal_session_info *session = data; 1899 u8 uid[OPAL_UID_LENGTH]; 1900 int err; 1901 1902 if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0) 1903 return -ERANGE; 1904 1905 err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]); 1906 1907 if (err) { 1908 pr_debug("Error building Erase Locking Range Command.\n"); 1909 return err; 1910 } 1911 1912 return finalize_and_send(dev, parse_and_check_status); 1913 } 1914 1915 static int set_mbr_done(struct opal_dev *dev, void *data) 1916 { 1917 u8 *mbr_done_tf = data; 1918 int err; 1919 1920 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL], 1921 opalmethod[OPAL_SET]); 1922 1923 add_token_u8(&err, dev, OPAL_STARTNAME); 1924 add_token_u8(&err, dev, OPAL_VALUES); 1925 add_token_u8(&err, dev, OPAL_STARTLIST); 1926 add_token_u8(&err, dev, OPAL_STARTNAME); 1927 add_token_u8(&err, dev, OPAL_MBRDONE); 1928 add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */ 1929 add_token_u8(&err, dev, OPAL_ENDNAME); 1930 add_token_u8(&err, dev, OPAL_ENDLIST); 1931 add_token_u8(&err, dev, OPAL_ENDNAME); 1932 1933 if (err) { 1934 pr_debug("Error Building set MBR Done command\n"); 1935 return err; 1936 } 1937 1938 return finalize_and_send(dev, parse_and_check_status); 1939 } 1940 1941 static int set_mbr_enable_disable(struct opal_dev *dev, void *data) 1942 { 1943 u8 *mbr_en_dis = data; 1944 int err; 1945 1946 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL], 1947 opalmethod[OPAL_SET]); 1948 1949 add_token_u8(&err, dev, OPAL_STARTNAME); 1950 add_token_u8(&err, dev, OPAL_VALUES); 1951 add_token_u8(&err, dev, OPAL_STARTLIST); 1952 add_token_u8(&err, dev, OPAL_STARTNAME); 1953 add_token_u8(&err, dev, OPAL_MBRENABLE); 1954 add_token_u8(&err, dev, *mbr_en_dis); 1955 add_token_u8(&err, dev, OPAL_ENDNAME); 1956 add_token_u8(&err, dev, OPAL_ENDLIST); 1957 add_token_u8(&err, dev, OPAL_ENDNAME); 1958 1959 if (err) { 1960 pr_debug("Error Building set MBR done command\n"); 1961 return err; 1962 } 1963 1964 return finalize_and_send(dev, parse_and_check_status); 1965 } 1966 1967 static int write_shadow_mbr(struct opal_dev *dev, void *data) 1968 { 1969 struct opal_shadow_mbr *shadow = data; 1970 1971 return generic_table_write_data(dev, shadow->data, shadow->offset, 1972 shadow->size, opaluid[OPAL_MBR]); 1973 } 1974 1975 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid, 1976 struct opal_dev *dev) 1977 { 1978 int err; 1979 1980 err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]); 1981 1982 add_token_u8(&err, dev, OPAL_STARTNAME); 1983 add_token_u8(&err, dev, OPAL_VALUES); 1984 add_token_u8(&err, dev, OPAL_STARTLIST); 1985 add_token_u8(&err, dev, OPAL_STARTNAME); 1986 add_token_u8(&err, dev, OPAL_PIN); 1987 add_token_bytestring(&err, dev, key, key_len); 1988 add_token_u8(&err, dev, OPAL_ENDNAME); 1989 add_token_u8(&err, dev, OPAL_ENDLIST); 1990 add_token_u8(&err, dev, OPAL_ENDNAME); 1991 1992 return err; 1993 } 1994 1995 static int set_new_pw(struct opal_dev *dev, void *data) 1996 { 1997 u8 cpin_uid[OPAL_UID_LENGTH]; 1998 struct opal_session_info *usr = data; 1999 2000 memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH); 2001 2002 if (usr->who != OPAL_ADMIN1) { 2003 cpin_uid[5] = 0x03; 2004 if (usr->sum) 2005 cpin_uid[7] = usr->opal_key.lr + 1; 2006 else 2007 cpin_uid[7] = usr->who; 2008 } 2009 2010 if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len, 2011 cpin_uid, dev)) { 2012 pr_debug("Error building set password command.\n"); 2013 return -ERANGE; 2014 } 2015 2016 return finalize_and_send(dev, parse_and_check_status); 2017 } 2018 2019 static int set_sid_cpin_pin(struct opal_dev *dev, void *data) 2020 { 2021 u8 cpin_uid[OPAL_UID_LENGTH]; 2022 struct opal_key *key = data; 2023 2024 memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH); 2025 2026 if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) { 2027 pr_debug("Error building Set SID cpin\n"); 2028 return -ERANGE; 2029 } 2030 return finalize_and_send(dev, parse_and_check_status); 2031 } 2032 2033 static void add_authority_object_ref(int *err, 2034 struct opal_dev *dev, 2035 const u8 *uid, 2036 size_t uid_len) 2037 { 2038 add_token_u8(err, dev, OPAL_STARTNAME); 2039 add_token_bytestring(err, dev, 2040 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF], 2041 OPAL_UID_LENGTH/2); 2042 add_token_bytestring(err, dev, uid, uid_len); 2043 add_token_u8(err, dev, OPAL_ENDNAME); 2044 } 2045 2046 static void add_boolean_object_ref(int *err, 2047 struct opal_dev *dev, 2048 u8 boolean_op) 2049 { 2050 add_token_u8(err, dev, OPAL_STARTNAME); 2051 add_token_bytestring(err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE], 2052 OPAL_UID_LENGTH/2); 2053 add_token_u8(err, dev, boolean_op); 2054 add_token_u8(err, dev, OPAL_ENDNAME); 2055 } 2056 2057 static int set_lr_boolean_ace(struct opal_dev *dev, 2058 unsigned int opal_uid, 2059 u8 lr, 2060 const u8 *users, 2061 size_t users_len) 2062 { 2063 u8 lr_buffer[OPAL_UID_LENGTH]; 2064 u8 user_uid[OPAL_UID_LENGTH]; 2065 u8 u; 2066 int err; 2067 2068 memcpy(lr_buffer, opaluid[opal_uid], OPAL_UID_LENGTH); 2069 lr_buffer[7] = lr; 2070 2071 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]); 2072 2073 add_token_u8(&err, dev, OPAL_STARTNAME); 2074 add_token_u8(&err, dev, OPAL_VALUES); 2075 2076 add_token_u8(&err, dev, OPAL_STARTLIST); 2077 add_token_u8(&err, dev, OPAL_STARTNAME); 2078 add_token_u8(&err, dev, 3); 2079 2080 add_token_u8(&err, dev, OPAL_STARTLIST); 2081 2082 for (u = 0; u < users_len; u++) { 2083 if (users[u] == OPAL_ADMIN1) 2084 memcpy(user_uid, opaluid[OPAL_ADMIN1_UID], 2085 OPAL_UID_LENGTH); 2086 else { 2087 memcpy(user_uid, opaluid[OPAL_USER1_UID], 2088 OPAL_UID_LENGTH); 2089 user_uid[7] = users[u]; 2090 } 2091 2092 add_authority_object_ref(&err, dev, user_uid, sizeof(user_uid)); 2093 2094 /* 2095 * Add boolean operator in postfix only with 2096 * two or more authorities being added in ACE 2097 * expresion. 2098 * */ 2099 if (u > 0) 2100 add_boolean_object_ref(&err, dev, OPAL_BOOLEAN_OR); 2101 } 2102 2103 add_token_u8(&err, dev, OPAL_ENDLIST); 2104 add_token_u8(&err, dev, OPAL_ENDNAME); 2105 add_token_u8(&err, dev, OPAL_ENDLIST); 2106 add_token_u8(&err, dev, OPAL_ENDNAME); 2107 2108 return err; 2109 } 2110 2111 static int add_user_to_lr(struct opal_dev *dev, void *data) 2112 { 2113 int err; 2114 struct opal_lock_unlock *lkul = data; 2115 const u8 users[] = { 2116 lkul->session.who 2117 }; 2118 2119 err = set_lr_boolean_ace(dev, 2120 lkul->l_state == OPAL_RW ? 2121 OPAL_LOCKINGRANGE_ACE_WRLOCKED : 2122 OPAL_LOCKINGRANGE_ACE_RDLOCKED, 2123 lkul->session.opal_key.lr, users, 2124 ARRAY_SIZE(users)); 2125 if (err) { 2126 pr_debug("Error building add user to locking range command.\n"); 2127 return err; 2128 } 2129 2130 return finalize_and_send(dev, parse_and_check_status); 2131 } 2132 2133 static int add_user_to_lr_ace(struct opal_dev *dev, void *data) 2134 { 2135 int err; 2136 struct opal_lock_unlock *lkul = data; 2137 const u8 users[] = { 2138 OPAL_ADMIN1, 2139 lkul->session.who 2140 }; 2141 2142 err = set_lr_boolean_ace(dev, OPAL_LOCKINGRANGE_ACE_START_TO_KEY, 2143 lkul->session.opal_key.lr, users, 2144 ARRAY_SIZE(users)); 2145 2146 if (err) { 2147 pr_debug("Error building add user to locking ranges ACEs.\n"); 2148 return err; 2149 } 2150 2151 return finalize_and_send(dev, parse_and_check_status); 2152 } 2153 2154 static int lock_unlock_locking_range(struct opal_dev *dev, void *data) 2155 { 2156 u8 lr_buffer[OPAL_UID_LENGTH]; 2157 struct opal_lock_unlock *lkul = data; 2158 u8 read_locked = 1, write_locked = 1; 2159 int err = 0; 2160 2161 if (build_locking_range(lr_buffer, sizeof(lr_buffer), 2162 lkul->session.opal_key.lr) < 0) 2163 return -ERANGE; 2164 2165 switch (lkul->l_state) { 2166 case OPAL_RO: 2167 read_locked = 0; 2168 write_locked = 1; 2169 break; 2170 case OPAL_RW: 2171 read_locked = 0; 2172 write_locked = 0; 2173 break; 2174 case OPAL_LK: 2175 /* vars are initialized to locked */ 2176 break; 2177 default: 2178 pr_debug("Tried to set an invalid locking state... returning to uland\n"); 2179 return OPAL_INVAL_PARAM; 2180 } 2181 2182 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]); 2183 2184 add_token_u8(&err, dev, OPAL_STARTNAME); 2185 add_token_u8(&err, dev, OPAL_VALUES); 2186 add_token_u8(&err, dev, OPAL_STARTLIST); 2187 2188 add_token_u8(&err, dev, OPAL_STARTNAME); 2189 add_token_u8(&err, dev, OPAL_READLOCKED); 2190 add_token_u8(&err, dev, read_locked); 2191 add_token_u8(&err, dev, OPAL_ENDNAME); 2192 2193 add_token_u8(&err, dev, OPAL_STARTNAME); 2194 add_token_u8(&err, dev, OPAL_WRITELOCKED); 2195 add_token_u8(&err, dev, write_locked); 2196 add_token_u8(&err, dev, OPAL_ENDNAME); 2197 2198 add_token_u8(&err, dev, OPAL_ENDLIST); 2199 add_token_u8(&err, dev, OPAL_ENDNAME); 2200 2201 if (err) { 2202 pr_debug("Error building SET command.\n"); 2203 return err; 2204 } 2205 2206 return finalize_and_send(dev, parse_and_check_status); 2207 } 2208 2209 2210 static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data) 2211 { 2212 u8 lr_buffer[OPAL_UID_LENGTH]; 2213 u8 read_locked = 1, write_locked = 1; 2214 struct opal_lock_unlock *lkul = data; 2215 int ret; 2216 2217 clear_opal_cmd(dev); 2218 set_comid(dev, dev->comid); 2219 2220 if (build_locking_range(lr_buffer, sizeof(lr_buffer), 2221 lkul->session.opal_key.lr) < 0) 2222 return -ERANGE; 2223 2224 switch (lkul->l_state) { 2225 case OPAL_RO: 2226 read_locked = 0; 2227 write_locked = 1; 2228 break; 2229 case OPAL_RW: 2230 read_locked = 0; 2231 write_locked = 0; 2232 break; 2233 case OPAL_LK: 2234 /* vars are initialized to locked */ 2235 break; 2236 default: 2237 pr_debug("Tried to set an invalid locking state.\n"); 2238 return OPAL_INVAL_PARAM; 2239 } 2240 ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1, 2241 read_locked, write_locked); 2242 2243 if (ret < 0) { 2244 pr_debug("Error building SET command.\n"); 2245 return ret; 2246 } 2247 2248 return finalize_and_send(dev, parse_and_check_status); 2249 } 2250 2251 static int activate_lsp(struct opal_dev *dev, void *data) 2252 { 2253 struct opal_lr_act *opal_act = data; 2254 u8 user_lr[OPAL_UID_LENGTH]; 2255 int err, i; 2256 2257 err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID], 2258 opalmethod[OPAL_ACTIVATE]); 2259 2260 if (opal_act->sum) { 2261 err = build_locking_range(user_lr, sizeof(user_lr), 2262 opal_act->lr[0]); 2263 if (err) 2264 return err; 2265 2266 add_token_u8(&err, dev, OPAL_STARTNAME); 2267 add_token_u64(&err, dev, OPAL_SUM_SET_LIST); 2268 2269 add_token_u8(&err, dev, OPAL_STARTLIST); 2270 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH); 2271 for (i = 1; i < opal_act->num_lrs; i++) { 2272 user_lr[7] = opal_act->lr[i]; 2273 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH); 2274 } 2275 add_token_u8(&err, dev, OPAL_ENDLIST); 2276 add_token_u8(&err, dev, OPAL_ENDNAME); 2277 } 2278 2279 if (err) { 2280 pr_debug("Error building Activate LockingSP command.\n"); 2281 return err; 2282 } 2283 2284 return finalize_and_send(dev, parse_and_check_status); 2285 } 2286 2287 /* Determine if we're in the Manufactured Inactive or Active state */ 2288 static int get_lsp_lifecycle(struct opal_dev *dev, void *data) 2289 { 2290 u8 lc_status; 2291 int err; 2292 2293 err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID], 2294 OPAL_LIFECYCLE); 2295 if (err) 2296 return err; 2297 2298 lc_status = response_get_u64(&dev->parsed, 4); 2299 /* 0x08 is Manufactured Inactive */ 2300 /* 0x09 is Manufactured */ 2301 if (lc_status != OPAL_MANUFACTURED_INACTIVE) { 2302 pr_debug("Couldn't determine the status of the Lifecycle state\n"); 2303 return -ENODEV; 2304 } 2305 2306 return 0; 2307 } 2308 2309 static int get_msid_cpin_pin(struct opal_dev *dev, void *data) 2310 { 2311 const char *msid_pin; 2312 size_t strlen; 2313 int err; 2314 2315 err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN); 2316 if (err) 2317 return err; 2318 2319 strlen = response_get_string(&dev->parsed, 4, &msid_pin); 2320 if (!msid_pin) { 2321 pr_debug("Couldn't extract MSID_CPIN from response\n"); 2322 return OPAL_INVAL_PARAM; 2323 } 2324 2325 dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL); 2326 if (!dev->prev_data) 2327 return -ENOMEM; 2328 2329 dev->prev_d_len = strlen; 2330 2331 return 0; 2332 } 2333 2334 static int write_table_data(struct opal_dev *dev, void *data) 2335 { 2336 struct opal_read_write_table *write_tbl = data; 2337 2338 return generic_table_write_data(dev, write_tbl->data, write_tbl->offset, 2339 write_tbl->size, write_tbl->table_uid); 2340 } 2341 2342 static int read_table_data_cont(struct opal_dev *dev) 2343 { 2344 int err; 2345 const char *data_read; 2346 2347 err = parse_and_check_status(dev); 2348 if (err) 2349 return err; 2350 2351 dev->prev_d_len = response_get_string(&dev->parsed, 1, &data_read); 2352 dev->prev_data = (void *)data_read; 2353 if (!dev->prev_data) { 2354 pr_debug("%s: Couldn't read data from the table.\n", __func__); 2355 return OPAL_INVAL_PARAM; 2356 } 2357 2358 return 0; 2359 } 2360 2361 /* 2362 * IO_BUFFER_LENGTH = 2048 2363 * sizeof(header) = 56 2364 * No. of Token Bytes in the Response = 11 2365 * MAX size of data that can be carried in response buffer 2366 * at a time is : 2048 - (56 + 11) = 1981 = 0x7BD. 2367 */ 2368 #define OPAL_MAX_READ_TABLE (0x7BD) 2369 2370 static int read_table_data(struct opal_dev *dev, void *data) 2371 { 2372 struct opal_read_write_table *read_tbl = data; 2373 int err; 2374 size_t off = 0, max_read_size = OPAL_MAX_READ_TABLE; 2375 u64 table_len, len; 2376 u64 offset = read_tbl->offset, read_size = read_tbl->size - 1; 2377 u8 __user *dst; 2378 2379 err = generic_get_table_info(dev, read_tbl->table_uid, OPAL_TABLE_ROWS); 2380 if (err) { 2381 pr_debug("Couldn't get the table size\n"); 2382 return err; 2383 } 2384 2385 table_len = response_get_u64(&dev->parsed, 4); 2386 2387 /* Check if the user is trying to read from the table limits */ 2388 if (read_size > table_len || offset > table_len - read_size) { 2389 pr_debug("Read size exceeds the Table size limits (%llu vs. %llu)\n", 2390 offset + read_size, table_len); 2391 return -EINVAL; 2392 } 2393 2394 while (off < read_size) { 2395 err = cmd_start(dev, read_tbl->table_uid, opalmethod[OPAL_GET]); 2396 2397 add_token_u8(&err, dev, OPAL_STARTLIST); 2398 add_token_u8(&err, dev, OPAL_STARTNAME); 2399 add_token_u8(&err, dev, OPAL_STARTROW); 2400 add_token_u64(&err, dev, offset + off); /* start row value */ 2401 add_token_u8(&err, dev, OPAL_ENDNAME); 2402 2403 add_token_u8(&err, dev, OPAL_STARTNAME); 2404 add_token_u8(&err, dev, OPAL_ENDROW); 2405 2406 len = min(max_read_size, (size_t)(read_size - off)); 2407 add_token_u64(&err, dev, offset + off + len); /* end row value 2408 */ 2409 add_token_u8(&err, dev, OPAL_ENDNAME); 2410 add_token_u8(&err, dev, OPAL_ENDLIST); 2411 2412 if (err) { 2413 pr_debug("Error building read table data command.\n"); 2414 break; 2415 } 2416 2417 err = finalize_and_send(dev, read_table_data_cont); 2418 if (err) 2419 break; 2420 2421 /* len+1: This includes the NULL terminator at the end*/ 2422 if (dev->prev_d_len > len + 1) { 2423 err = -EOVERFLOW; 2424 break; 2425 } 2426 2427 dst = (u8 __user *)(uintptr_t)read_tbl->data; 2428 if (copy_to_user(dst + off, dev->prev_data, dev->prev_d_len)) { 2429 pr_debug("Error copying data to userspace\n"); 2430 err = -EFAULT; 2431 break; 2432 } 2433 dev->prev_data = NULL; 2434 2435 off += len; 2436 } 2437 2438 return err; 2439 } 2440 2441 static int end_opal_session(struct opal_dev *dev, void *data) 2442 { 2443 int err = 0; 2444 2445 clear_opal_cmd(dev); 2446 set_comid(dev, dev->comid); 2447 add_token_u8(&err, dev, OPAL_ENDOFSESSION); 2448 2449 if (err < 0) 2450 return err; 2451 2452 return finalize_and_send(dev, end_session_cont); 2453 } 2454 2455 static int end_opal_session_error(struct opal_dev *dev) 2456 { 2457 const struct opal_step error_end_session = { 2458 end_opal_session, 2459 }; 2460 2461 return execute_step(dev, &error_end_session, 0); 2462 } 2463 2464 static inline void setup_opal_dev(struct opal_dev *dev) 2465 { 2466 dev->tsn = 0; 2467 dev->hsn = 0; 2468 dev->prev_data = NULL; 2469 } 2470 2471 static int check_opal_support(struct opal_dev *dev) 2472 { 2473 int ret; 2474 2475 mutex_lock(&dev->dev_lock); 2476 setup_opal_dev(dev); 2477 ret = opal_discovery0_step(dev); 2478 if (!ret) 2479 dev->flags |= OPAL_FL_SUPPORTED; 2480 mutex_unlock(&dev->dev_lock); 2481 2482 return ret; 2483 } 2484 2485 static void clean_opal_dev(struct opal_dev *dev) 2486 { 2487 2488 struct opal_suspend_data *suspend, *next; 2489 2490 mutex_lock(&dev->dev_lock); 2491 list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) { 2492 list_del(&suspend->node); 2493 kfree(suspend); 2494 } 2495 mutex_unlock(&dev->dev_lock); 2496 } 2497 2498 void free_opal_dev(struct opal_dev *dev) 2499 { 2500 if (!dev) 2501 return; 2502 2503 clean_opal_dev(dev); 2504 kfree(dev->resp); 2505 kfree(dev->cmd); 2506 kfree(dev); 2507 } 2508 EXPORT_SYMBOL(free_opal_dev); 2509 2510 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv) 2511 { 2512 struct opal_dev *dev; 2513 2514 dev = kmalloc(sizeof(*dev), GFP_KERNEL); 2515 if (!dev) 2516 return NULL; 2517 2518 /* 2519 * Presumably DMA-able buffers must be cache-aligned. Kmalloc makes 2520 * sure the allocated buffer is DMA-safe in that regard. 2521 */ 2522 dev->cmd = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL); 2523 if (!dev->cmd) 2524 goto err_free_dev; 2525 2526 dev->resp = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL); 2527 if (!dev->resp) 2528 goto err_free_cmd; 2529 2530 INIT_LIST_HEAD(&dev->unlk_lst); 2531 mutex_init(&dev->dev_lock); 2532 dev->flags = 0; 2533 dev->data = data; 2534 dev->send_recv = send_recv; 2535 if (check_opal_support(dev) != 0) { 2536 pr_debug("Opal is not supported on this device\n"); 2537 goto err_free_resp; 2538 } 2539 2540 return dev; 2541 2542 err_free_resp: 2543 kfree(dev->resp); 2544 2545 err_free_cmd: 2546 kfree(dev->cmd); 2547 2548 err_free_dev: 2549 kfree(dev); 2550 2551 return NULL; 2552 } 2553 EXPORT_SYMBOL(init_opal_dev); 2554 2555 static int opal_secure_erase_locking_range(struct opal_dev *dev, 2556 struct opal_session_info *opal_session) 2557 { 2558 const struct opal_step erase_steps[] = { 2559 { start_auth_opal_session, opal_session }, 2560 { get_active_key, &opal_session->opal_key.lr }, 2561 { gen_key, }, 2562 { end_opal_session, } 2563 }; 2564 int ret; 2565 2566 ret = opal_get_key(dev, &opal_session->opal_key); 2567 if (ret) 2568 return ret; 2569 mutex_lock(&dev->dev_lock); 2570 setup_opal_dev(dev); 2571 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps)); 2572 mutex_unlock(&dev->dev_lock); 2573 2574 return ret; 2575 } 2576 2577 static int opal_get_discv(struct opal_dev *dev, struct opal_discovery *discv) 2578 { 2579 const struct opal_step discovery0_step = { 2580 opal_discovery0, discv 2581 }; 2582 int ret = 0; 2583 2584 mutex_lock(&dev->dev_lock); 2585 setup_opal_dev(dev); 2586 ret = execute_step(dev, &discovery0_step, 0); 2587 mutex_unlock(&dev->dev_lock); 2588 if (ret) 2589 return ret; 2590 return discv->size; /* modified to actual length of data */ 2591 } 2592 2593 static int opal_revertlsp(struct opal_dev *dev, struct opal_revert_lsp *rev) 2594 { 2595 /* controller will terminate session */ 2596 const struct opal_step steps[] = { 2597 { start_admin1LSP_opal_session, &rev->key }, 2598 { revert_lsp, rev } 2599 }; 2600 int ret; 2601 2602 ret = opal_get_key(dev, &rev->key); 2603 if (ret) 2604 return ret; 2605 mutex_lock(&dev->dev_lock); 2606 setup_opal_dev(dev); 2607 ret = execute_steps(dev, steps, ARRAY_SIZE(steps)); 2608 mutex_unlock(&dev->dev_lock); 2609 2610 return ret; 2611 } 2612 2613 static int opal_erase_locking_range(struct opal_dev *dev, 2614 struct opal_session_info *opal_session) 2615 { 2616 const struct opal_step erase_steps[] = { 2617 { start_auth_opal_session, opal_session }, 2618 { erase_locking_range, opal_session }, 2619 { end_opal_session, } 2620 }; 2621 int ret; 2622 2623 ret = opal_get_key(dev, &opal_session->opal_key); 2624 if (ret) 2625 return ret; 2626 mutex_lock(&dev->dev_lock); 2627 setup_opal_dev(dev); 2628 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps)); 2629 mutex_unlock(&dev->dev_lock); 2630 2631 return ret; 2632 } 2633 2634 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev, 2635 struct opal_mbr_data *opal_mbr) 2636 { 2637 u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ? 2638 OPAL_TRUE : OPAL_FALSE; 2639 2640 const struct opal_step mbr_steps[] = { 2641 { start_admin1LSP_opal_session, &opal_mbr->key }, 2642 { set_mbr_done, &enable_disable }, 2643 { end_opal_session, }, 2644 { start_admin1LSP_opal_session, &opal_mbr->key }, 2645 { set_mbr_enable_disable, &enable_disable }, 2646 { end_opal_session, } 2647 }; 2648 int ret; 2649 2650 if (opal_mbr->enable_disable != OPAL_MBR_ENABLE && 2651 opal_mbr->enable_disable != OPAL_MBR_DISABLE) 2652 return -EINVAL; 2653 2654 ret = opal_get_key(dev, &opal_mbr->key); 2655 if (ret) 2656 return ret; 2657 mutex_lock(&dev->dev_lock); 2658 setup_opal_dev(dev); 2659 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps)); 2660 mutex_unlock(&dev->dev_lock); 2661 2662 return ret; 2663 } 2664 2665 static int opal_set_mbr_done(struct opal_dev *dev, 2666 struct opal_mbr_done *mbr_done) 2667 { 2668 u8 mbr_done_tf = mbr_done->done_flag == OPAL_MBR_DONE ? 2669 OPAL_TRUE : OPAL_FALSE; 2670 2671 const struct opal_step mbr_steps[] = { 2672 { start_admin1LSP_opal_session, &mbr_done->key }, 2673 { set_mbr_done, &mbr_done_tf }, 2674 { end_opal_session, } 2675 }; 2676 int ret; 2677 2678 if (mbr_done->done_flag != OPAL_MBR_DONE && 2679 mbr_done->done_flag != OPAL_MBR_NOT_DONE) 2680 return -EINVAL; 2681 2682 ret = opal_get_key(dev, &mbr_done->key); 2683 if (ret) 2684 return ret; 2685 mutex_lock(&dev->dev_lock); 2686 setup_opal_dev(dev); 2687 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps)); 2688 mutex_unlock(&dev->dev_lock); 2689 2690 return ret; 2691 } 2692 2693 static int opal_write_shadow_mbr(struct opal_dev *dev, 2694 struct opal_shadow_mbr *info) 2695 { 2696 const struct opal_step mbr_steps[] = { 2697 { start_admin1LSP_opal_session, &info->key }, 2698 { write_shadow_mbr, info }, 2699 { end_opal_session, } 2700 }; 2701 int ret; 2702 2703 if (info->size == 0) 2704 return 0; 2705 2706 ret = opal_get_key(dev, &info->key); 2707 if (ret) 2708 return ret; 2709 mutex_lock(&dev->dev_lock); 2710 setup_opal_dev(dev); 2711 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps)); 2712 mutex_unlock(&dev->dev_lock); 2713 2714 return ret; 2715 } 2716 2717 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk) 2718 { 2719 struct opal_suspend_data *suspend; 2720 2721 suspend = kzalloc(sizeof(*suspend), GFP_KERNEL); 2722 if (!suspend) 2723 return -ENOMEM; 2724 2725 suspend->unlk = *lk_unlk; 2726 suspend->lr = lk_unlk->session.opal_key.lr; 2727 2728 mutex_lock(&dev->dev_lock); 2729 setup_opal_dev(dev); 2730 add_suspend_info(dev, suspend); 2731 mutex_unlock(&dev->dev_lock); 2732 2733 return 0; 2734 } 2735 2736 static int opal_add_user_to_lr(struct opal_dev *dev, 2737 struct opal_lock_unlock *lk_unlk) 2738 { 2739 const struct opal_step steps[] = { 2740 { start_admin1LSP_opal_session, &lk_unlk->session.opal_key }, 2741 { add_user_to_lr, lk_unlk }, 2742 { add_user_to_lr_ace, lk_unlk }, 2743 { end_opal_session, } 2744 }; 2745 int ret; 2746 2747 if (lk_unlk->l_state != OPAL_RO && 2748 lk_unlk->l_state != OPAL_RW) { 2749 pr_debug("Locking state was not RO or RW\n"); 2750 return -EINVAL; 2751 } 2752 2753 if (lk_unlk->session.who < OPAL_USER1 || 2754 lk_unlk->session.who > OPAL_USER9) { 2755 pr_debug("Authority was not within the range of users: %d\n", 2756 lk_unlk->session.who); 2757 return -EINVAL; 2758 } 2759 2760 if (lk_unlk->session.sum) { 2761 pr_debug("%s not supported in sum. Use setup locking range\n", 2762 __func__); 2763 return -EINVAL; 2764 } 2765 2766 ret = opal_get_key(dev, &lk_unlk->session.opal_key); 2767 if (ret) 2768 return ret; 2769 mutex_lock(&dev->dev_lock); 2770 setup_opal_dev(dev); 2771 ret = execute_steps(dev, steps, ARRAY_SIZE(steps)); 2772 mutex_unlock(&dev->dev_lock); 2773 2774 return ret; 2775 } 2776 2777 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psid) 2778 { 2779 /* controller will terminate session */ 2780 const struct opal_step revert_steps[] = { 2781 { start_SIDASP_opal_session, opal }, 2782 { revert_tper, } 2783 }; 2784 const struct opal_step psid_revert_steps[] = { 2785 { start_PSID_opal_session, opal }, 2786 { revert_tper, } 2787 }; 2788 2789 int ret; 2790 2791 ret = opal_get_key(dev, opal); 2792 2793 if (ret) 2794 return ret; 2795 mutex_lock(&dev->dev_lock); 2796 setup_opal_dev(dev); 2797 if (psid) 2798 ret = execute_steps(dev, psid_revert_steps, 2799 ARRAY_SIZE(psid_revert_steps)); 2800 else 2801 ret = execute_steps(dev, revert_steps, 2802 ARRAY_SIZE(revert_steps)); 2803 mutex_unlock(&dev->dev_lock); 2804 2805 /* 2806 * If we successfully reverted lets clean 2807 * any saved locking ranges. 2808 */ 2809 if (!ret) 2810 clean_opal_dev(dev); 2811 2812 return ret; 2813 } 2814 2815 static int __opal_lock_unlock(struct opal_dev *dev, 2816 struct opal_lock_unlock *lk_unlk) 2817 { 2818 const struct opal_step unlock_steps[] = { 2819 { start_auth_opal_session, &lk_unlk->session }, 2820 { lock_unlock_locking_range, lk_unlk }, 2821 { end_opal_session, } 2822 }; 2823 const struct opal_step unlock_sum_steps[] = { 2824 { start_auth_opal_session, &lk_unlk->session }, 2825 { lock_unlock_locking_range_sum, lk_unlk }, 2826 { end_opal_session, } 2827 }; 2828 2829 if (lk_unlk->session.sum) 2830 return execute_steps(dev, unlock_sum_steps, 2831 ARRAY_SIZE(unlock_sum_steps)); 2832 else 2833 return execute_steps(dev, unlock_steps, 2834 ARRAY_SIZE(unlock_steps)); 2835 } 2836 2837 static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key) 2838 { 2839 u8 mbr_done_tf = OPAL_TRUE; 2840 const struct opal_step mbrdone_step[] = { 2841 { start_admin1LSP_opal_session, key }, 2842 { set_mbr_done, &mbr_done_tf }, 2843 { end_opal_session, } 2844 }; 2845 2846 return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step)); 2847 } 2848 2849 static void opal_lock_check_for_saved_key(struct opal_dev *dev, 2850 struct opal_lock_unlock *lk_unlk) 2851 { 2852 struct opal_suspend_data *iter; 2853 2854 if (lk_unlk->l_state != OPAL_LK || 2855 lk_unlk->session.opal_key.key_len > 0) 2856 return; 2857 2858 /* 2859 * Usually when closing a crypto device (eg: dm-crypt with LUKS) the 2860 * volume key is not required, as it requires root privileges anyway, 2861 * and root can deny access to a disk in many ways regardless. 2862 * Requiring the volume key to lock the device is a peculiarity of the 2863 * OPAL specification. Given we might already have saved the key if 2864 * the user requested it via the 'IOC_OPAL_SAVE' ioctl, we can use 2865 * that key to lock the device if no key was provided here, the 2866 * locking range matches and the appropriate flag was passed with 2867 * 'IOC_OPAL_SAVE'. 2868 * This allows integrating OPAL with tools and libraries that are used 2869 * to the common behaviour and do not ask for the volume key when 2870 * closing a device. 2871 */ 2872 setup_opal_dev(dev); 2873 list_for_each_entry(iter, &dev->unlk_lst, node) { 2874 if ((iter->unlk.flags & OPAL_SAVE_FOR_LOCK) && 2875 iter->lr == lk_unlk->session.opal_key.lr && 2876 iter->unlk.session.opal_key.key_len > 0) { 2877 lk_unlk->session.opal_key.key_len = 2878 iter->unlk.session.opal_key.key_len; 2879 memcpy(lk_unlk->session.opal_key.key, 2880 iter->unlk.session.opal_key.key, 2881 iter->unlk.session.opal_key.key_len); 2882 break; 2883 } 2884 } 2885 } 2886 2887 static int opal_lock_unlock(struct opal_dev *dev, 2888 struct opal_lock_unlock *lk_unlk) 2889 { 2890 int ret; 2891 2892 if (lk_unlk->session.who > OPAL_USER9) 2893 return -EINVAL; 2894 2895 mutex_lock(&dev->dev_lock); 2896 opal_lock_check_for_saved_key(dev, lk_unlk); 2897 ret = opal_get_key(dev, &lk_unlk->session.opal_key); 2898 if (!ret) 2899 ret = __opal_lock_unlock(dev, lk_unlk); 2900 mutex_unlock(&dev->dev_lock); 2901 2902 return ret; 2903 } 2904 2905 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal) 2906 { 2907 const struct opal_step owner_steps[] = { 2908 { start_anybodyASP_opal_session, }, 2909 { get_msid_cpin_pin, }, 2910 { end_opal_session, }, 2911 { start_SIDASP_opal_session, opal }, 2912 { set_sid_cpin_pin, opal }, 2913 { end_opal_session, } 2914 }; 2915 int ret; 2916 2917 if (!dev) 2918 return -ENODEV; 2919 2920 ret = opal_get_key(dev, opal); 2921 if (ret) 2922 return ret; 2923 mutex_lock(&dev->dev_lock); 2924 setup_opal_dev(dev); 2925 ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps)); 2926 mutex_unlock(&dev->dev_lock); 2927 2928 return ret; 2929 } 2930 2931 static int opal_activate_lsp(struct opal_dev *dev, 2932 struct opal_lr_act *opal_lr_act) 2933 { 2934 const struct opal_step active_steps[] = { 2935 { start_SIDASP_opal_session, &opal_lr_act->key }, 2936 { get_lsp_lifecycle, }, 2937 { activate_lsp, opal_lr_act }, 2938 { end_opal_session, } 2939 }; 2940 int ret; 2941 2942 if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS) 2943 return -EINVAL; 2944 2945 ret = opal_get_key(dev, &opal_lr_act->key); 2946 if (ret) 2947 return ret; 2948 mutex_lock(&dev->dev_lock); 2949 setup_opal_dev(dev); 2950 ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps)); 2951 mutex_unlock(&dev->dev_lock); 2952 2953 return ret; 2954 } 2955 2956 static int opal_setup_locking_range(struct opal_dev *dev, 2957 struct opal_user_lr_setup *opal_lrs) 2958 { 2959 const struct opal_step lr_steps[] = { 2960 { start_auth_opal_session, &opal_lrs->session }, 2961 { setup_locking_range, opal_lrs }, 2962 { end_opal_session, } 2963 }; 2964 int ret; 2965 2966 ret = opal_get_key(dev, &opal_lrs->session.opal_key); 2967 if (ret) 2968 return ret; 2969 mutex_lock(&dev->dev_lock); 2970 setup_opal_dev(dev); 2971 ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps)); 2972 mutex_unlock(&dev->dev_lock); 2973 2974 return ret; 2975 } 2976 2977 static int opal_locking_range_status(struct opal_dev *dev, 2978 struct opal_lr_status *opal_lrst, 2979 void __user *data) 2980 { 2981 const struct opal_step lr_steps[] = { 2982 { start_auth_opal_session, &opal_lrst->session }, 2983 { locking_range_status, opal_lrst }, 2984 { end_opal_session, } 2985 }; 2986 int ret; 2987 2988 mutex_lock(&dev->dev_lock); 2989 setup_opal_dev(dev); 2990 ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps)); 2991 mutex_unlock(&dev->dev_lock); 2992 2993 /* skip session info when copying back to uspace */ 2994 if (!ret && copy_to_user(data + offsetof(struct opal_lr_status, range_start), 2995 (void *)opal_lrst + offsetof(struct opal_lr_status, range_start), 2996 sizeof(*opal_lrst) - offsetof(struct opal_lr_status, range_start))) { 2997 pr_debug("Error copying status to userspace\n"); 2998 return -EFAULT; 2999 } 3000 3001 return ret; 3002 } 3003 3004 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw) 3005 { 3006 const struct opal_step pw_steps[] = { 3007 { start_auth_opal_session, &opal_pw->session }, 3008 { set_new_pw, &opal_pw->new_user_pw }, 3009 { end_opal_session, } 3010 }; 3011 int ret; 3012 3013 if (opal_pw->session.who > OPAL_USER9 || 3014 opal_pw->new_user_pw.who > OPAL_USER9) 3015 return -EINVAL; 3016 3017 mutex_lock(&dev->dev_lock); 3018 setup_opal_dev(dev); 3019 ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps)); 3020 mutex_unlock(&dev->dev_lock); 3021 3022 if (ret) 3023 return ret; 3024 3025 /* update keyring with new password */ 3026 ret = update_sed_opal_key(OPAL_AUTH_KEY, 3027 opal_pw->new_user_pw.opal_key.key, 3028 opal_pw->new_user_pw.opal_key.key_len); 3029 3030 return ret; 3031 } 3032 3033 static int opal_activate_user(struct opal_dev *dev, 3034 struct opal_session_info *opal_session) 3035 { 3036 const struct opal_step act_steps[] = { 3037 { start_admin1LSP_opal_session, &opal_session->opal_key }, 3038 { internal_activate_user, opal_session }, 3039 { end_opal_session, } 3040 }; 3041 int ret; 3042 3043 /* We can't activate Admin1 it's active as manufactured */ 3044 if (opal_session->who < OPAL_USER1 || 3045 opal_session->who > OPAL_USER9) { 3046 pr_debug("Who was not a valid user: %d\n", opal_session->who); 3047 return -EINVAL; 3048 } 3049 3050 ret = opal_get_key(dev, &opal_session->opal_key); 3051 if (ret) 3052 return ret; 3053 mutex_lock(&dev->dev_lock); 3054 setup_opal_dev(dev); 3055 ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps)); 3056 mutex_unlock(&dev->dev_lock); 3057 3058 return ret; 3059 } 3060 3061 bool opal_unlock_from_suspend(struct opal_dev *dev) 3062 { 3063 struct opal_suspend_data *suspend; 3064 bool was_failure = false; 3065 int ret = 0; 3066 3067 if (!dev) 3068 return false; 3069 3070 if (!(dev->flags & OPAL_FL_SUPPORTED)) 3071 return false; 3072 3073 mutex_lock(&dev->dev_lock); 3074 setup_opal_dev(dev); 3075 3076 list_for_each_entry(suspend, &dev->unlk_lst, node) { 3077 dev->tsn = 0; 3078 dev->hsn = 0; 3079 3080 ret = __opal_lock_unlock(dev, &suspend->unlk); 3081 if (ret) { 3082 pr_debug("Failed to unlock LR %hhu with sum %d\n", 3083 suspend->unlk.session.opal_key.lr, 3084 suspend->unlk.session.sum); 3085 was_failure = true; 3086 } 3087 3088 if (dev->flags & OPAL_FL_MBR_ENABLED) { 3089 ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key); 3090 if (ret) 3091 pr_debug("Failed to set MBR Done in S3 resume\n"); 3092 } 3093 } 3094 mutex_unlock(&dev->dev_lock); 3095 3096 return was_failure; 3097 } 3098 EXPORT_SYMBOL(opal_unlock_from_suspend); 3099 3100 static int opal_read_table(struct opal_dev *dev, 3101 struct opal_read_write_table *rw_tbl) 3102 { 3103 const struct opal_step read_table_steps[] = { 3104 { start_admin1LSP_opal_session, &rw_tbl->key }, 3105 { read_table_data, rw_tbl }, 3106 { end_opal_session, } 3107 }; 3108 int ret = 0; 3109 3110 if (!rw_tbl->size) 3111 return ret; 3112 3113 return execute_steps(dev, read_table_steps, 3114 ARRAY_SIZE(read_table_steps)); 3115 } 3116 3117 static int opal_write_table(struct opal_dev *dev, 3118 struct opal_read_write_table *rw_tbl) 3119 { 3120 const struct opal_step write_table_steps[] = { 3121 { start_admin1LSP_opal_session, &rw_tbl->key }, 3122 { write_table_data, rw_tbl }, 3123 { end_opal_session, } 3124 }; 3125 int ret = 0; 3126 3127 if (!rw_tbl->size) 3128 return ret; 3129 3130 return execute_steps(dev, write_table_steps, 3131 ARRAY_SIZE(write_table_steps)); 3132 } 3133 3134 static int opal_generic_read_write_table(struct opal_dev *dev, 3135 struct opal_read_write_table *rw_tbl) 3136 { 3137 int ret, bit_set; 3138 3139 ret = opal_get_key(dev, &rw_tbl->key); 3140 if (ret) 3141 return ret; 3142 mutex_lock(&dev->dev_lock); 3143 setup_opal_dev(dev); 3144 3145 bit_set = fls64(rw_tbl->flags) - 1; 3146 switch (bit_set) { 3147 case OPAL_READ_TABLE: 3148 ret = opal_read_table(dev, rw_tbl); 3149 break; 3150 case OPAL_WRITE_TABLE: 3151 ret = opal_write_table(dev, rw_tbl); 3152 break; 3153 default: 3154 pr_debug("Invalid bit set in the flag (%016llx).\n", 3155 rw_tbl->flags); 3156 ret = -EINVAL; 3157 break; 3158 } 3159 3160 mutex_unlock(&dev->dev_lock); 3161 3162 return ret; 3163 } 3164 3165 static int opal_get_status(struct opal_dev *dev, void __user *data) 3166 { 3167 struct opal_status sts = {0}; 3168 3169 /* 3170 * check_opal_support() error is not fatal, 3171 * !dev->supported is a valid condition 3172 */ 3173 if (!check_opal_support(dev)) 3174 sts.flags = dev->flags; 3175 if (copy_to_user(data, &sts, sizeof(sts))) { 3176 pr_debug("Error copying status to userspace\n"); 3177 return -EFAULT; 3178 } 3179 return 0; 3180 } 3181 3182 static int opal_get_geometry(struct opal_dev *dev, void __user *data) 3183 { 3184 struct opal_geometry geo = {0}; 3185 3186 if (check_opal_support(dev)) 3187 return -EINVAL; 3188 3189 geo.align = dev->align_required; 3190 geo.logical_block_size = dev->logical_block_size; 3191 geo.alignment_granularity = dev->align; 3192 geo.lowest_aligned_lba = dev->lowest_lba; 3193 3194 if (copy_to_user(data, &geo, sizeof(geo))) { 3195 pr_debug("Error copying geometry data to userspace\n"); 3196 return -EFAULT; 3197 } 3198 3199 return 0; 3200 } 3201 3202 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg) 3203 { 3204 void *p; 3205 int ret = -ENOTTY; 3206 3207 if (!capable(CAP_SYS_ADMIN)) 3208 return -EACCES; 3209 if (!dev) 3210 return -EOPNOTSUPP; 3211 if (!(dev->flags & OPAL_FL_SUPPORTED)) 3212 return -EOPNOTSUPP; 3213 3214 if (cmd & IOC_IN) { 3215 p = memdup_user(arg, _IOC_SIZE(cmd)); 3216 if (IS_ERR(p)) 3217 return PTR_ERR(p); 3218 } 3219 3220 switch (cmd) { 3221 case IOC_OPAL_SAVE: 3222 ret = opal_save(dev, p); 3223 break; 3224 case IOC_OPAL_LOCK_UNLOCK: 3225 ret = opal_lock_unlock(dev, p); 3226 break; 3227 case IOC_OPAL_TAKE_OWNERSHIP: 3228 ret = opal_take_ownership(dev, p); 3229 break; 3230 case IOC_OPAL_ACTIVATE_LSP: 3231 ret = opal_activate_lsp(dev, p); 3232 break; 3233 case IOC_OPAL_SET_PW: 3234 ret = opal_set_new_pw(dev, p); 3235 break; 3236 case IOC_OPAL_ACTIVATE_USR: 3237 ret = opal_activate_user(dev, p); 3238 break; 3239 case IOC_OPAL_REVERT_TPR: 3240 ret = opal_reverttper(dev, p, false); 3241 break; 3242 case IOC_OPAL_LR_SETUP: 3243 ret = opal_setup_locking_range(dev, p); 3244 break; 3245 case IOC_OPAL_ADD_USR_TO_LR: 3246 ret = opal_add_user_to_lr(dev, p); 3247 break; 3248 case IOC_OPAL_ENABLE_DISABLE_MBR: 3249 ret = opal_enable_disable_shadow_mbr(dev, p); 3250 break; 3251 case IOC_OPAL_MBR_DONE: 3252 ret = opal_set_mbr_done(dev, p); 3253 break; 3254 case IOC_OPAL_WRITE_SHADOW_MBR: 3255 ret = opal_write_shadow_mbr(dev, p); 3256 break; 3257 case IOC_OPAL_ERASE_LR: 3258 ret = opal_erase_locking_range(dev, p); 3259 break; 3260 case IOC_OPAL_SECURE_ERASE_LR: 3261 ret = opal_secure_erase_locking_range(dev, p); 3262 break; 3263 case IOC_OPAL_PSID_REVERT_TPR: 3264 ret = opal_reverttper(dev, p, true); 3265 break; 3266 case IOC_OPAL_GENERIC_TABLE_RW: 3267 ret = opal_generic_read_write_table(dev, p); 3268 break; 3269 case IOC_OPAL_GET_STATUS: 3270 ret = opal_get_status(dev, arg); 3271 break; 3272 case IOC_OPAL_GET_LR_STATUS: 3273 ret = opal_locking_range_status(dev, p, arg); 3274 break; 3275 case IOC_OPAL_GET_GEOMETRY: 3276 ret = opal_get_geometry(dev, arg); 3277 break; 3278 case IOC_OPAL_REVERT_LSP: 3279 ret = opal_revertlsp(dev, p); 3280 break; 3281 case IOC_OPAL_DISCOVERY: 3282 ret = opal_get_discv(dev, p); 3283 break; 3284 3285 default: 3286 break; 3287 } 3288 3289 if (cmd & IOC_IN) 3290 kfree(p); 3291 return ret; 3292 } 3293 EXPORT_SYMBOL_GPL(sed_ioctl); 3294 3295 static int __init sed_opal_init(void) 3296 { 3297 struct key *kr; 3298 3299 kr = keyring_alloc(".sed_opal", 3300 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(), 3301 (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | 3302 KEY_USR_READ | KEY_USR_SEARCH | KEY_USR_WRITE, 3303 KEY_ALLOC_NOT_IN_QUOTA, 3304 NULL, NULL); 3305 if (IS_ERR(kr)) 3306 return PTR_ERR(kr); 3307 3308 sed_opal_keyring = kr; 3309 3310 return 0; 3311 } 3312 late_initcall(sed_opal_init); 3313